[Samba] Freebsd + Samba + Ldap + Acls -> No locking file
Dragon
vwdragon at poczta.fm
Mon Aug 13 02:48:03 GMT 2007
Hello..
File server freebsd 6.2-STABLE + samba-3.0.25a + ldap + acls
Problem:
I've a situation where file locking does not seem to be functioning as expected, in that
more than one user can open and write to a file without any
notifications being displayed about the file already being opened by
another user.
I have two Windows XP clients accessing the same shared file, user1 has
the file open. User2 then opens the
same file, receiving no warnings about the file being open by another
user. File is modified by user1 and saved and remains open. File then
modified by user2 and saved. File closed and opened by user1 who
sees only modifications made by user2.
user1 (WinXP) open test2.ods
smbstatus:
Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
14758 10004 DENY_WRITE 0x2019f RDWR EXCLUSIVE+BATCH /work/samba/bazafirm test2.ods Wed Aug 1 17:50:15
14758 10004 DENY_NONE 0x100001 RDONLY NONE
/work/samba/bazafirm . Wed Aug 1 17:49:47
user2 (WinXP) open file:
smbstatus:
Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
14787 10002 DENY_WRITE 0x2019f RDWR EXCLUSIVE+BATCH /work/samba/bazafirm test2.ods Wed Aug 1 17:55:38
14787 10002 DENY_NONE 0x100001 RDONLY NONE /work/samba/bazafirm . Wed Aug 1 17:55:12
But when I use option "force user = root" tha file lock works OK!!!
smb.conf
[global]
dos charset = cp852
unix charset = iso8859-2
display charset = iso8859-2
workgroup = COSTAM.LOCAL
netbios name = DRAGON
server string = COSTAM LDAP PDC [on FreeBSD :: Samba server %v]
interfaces = 192.168.50.254/24
bind interfaces only = Yes
security = USER
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
map to guest = Never
null passwords = Yes
obey pam restrictions = No
password server = *
smb passwd file = /usr/local/etc/samba/smbpasswd
private dir = /usr/local/etc/samba
passdb backend = ldapsam:ldap://127.0.0.1/
algorithmic rid base = 1000
guest account = nobody
enable privileges = Yes
pam password change = No
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
check password script =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
use kerberos keytab = No
log level = 2
syslog = 0
syslog only = No
log file = /var/log/samba/log.%m
max log size = 100000
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = No
debug pid = No
debug uid = No
enable core files = Yes
smb ports = 445 139
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
acl compatibility = auto
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = wins bcast dns host
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = Yes
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
enable asu support = No
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 30
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 500
open files database hash size = 10007
socket options = SO_KEEPALIVE SO_BROADCAST TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 IPTOS_LOWDELAY
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = No
printcap cache time = 750
disable spoolss = No
show add printer wizard = Yes
mangling method = hash2
mangle prefix = 1
max stat cache size = 1024
stat cache = Yes
machine password timeout = 604800
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
logon script = logon.bat
logon drive = H:
logon home = \\%N\%U
domain logons = Yes
os level = 255
lm announce = Auto
lm interval = 60
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = Yes
wins support = Yes
kernel oplocks = Yes
lock spin time = 200
oplock break wait time = 0
ldap admin dn = cn=root,dc=dasko,dc=pl
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap replication sleep = 1000
ldap suffix = dc=dasko,dc=pl
ldap ssl = no
ldap timeout = 15
ldap page size = 1024
ldap user suffix = ou=Users
lock directory = /var/db/samba
pid directory = /var/run
utmp = No
socket address = 0.0.0.0
afs token lifetime = 604800
time offset = 0
NIS homedir = No
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/db/samba/usershares
host msdfs = Yes
passdb expand explicit = No
idmap cache time = 900
idmap negative cache time = 120
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enum users = No
winbind enum groups = No
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = Yes
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
admin users = Administrator
read only = Yes
acl check permissions = Yes
acl group control = No
acl map full control = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No
guest only = No
guest ok = No
only user = No
hosts allow = 127.0.0.1, 192.168.50.
hosts deny = 0.0.0.0/0
allocation roundup size = 1048576
aio read size = 0
aio write size = 0
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
block size = 1024
change notify = Yes
kernel change notify = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
use client driver = No
default devmode = Yes
force printername = No
printjob username = %U
default case = lower
case sensitive = Auto
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
map archive = Yes
map hidden = No
map system = No
map readonly = yes
mangled names = Yes
store dos attributes = No
dmapi support = No
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Auto
share modes = Yes
dfree cache time = 0
preexec close = No
root preexec close = No
available = Yes
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
msdfs root = No
----------------------------------------------------------------------
Miarka sie przebrala! Sejm do Mongolii!
>>>http://link.interia.pl/f1b3c
More information about the samba
mailing list