[Samba] Freebsd + Samba + Ldap + Acls -> No locking file

vwdragon vwdragon at poczta.fm
Mon Aug 13 03:07:16 GMT 2007


Hello..

File server freebsd 6.2-STABLE + samba-3.0.25a + ldap + acls

Problem:

I've a situation where file locking does not seem to be functioning as 
expected, in that
more than one user can open and write to a file without any
notifications being displayed about the file already being opened by
another user.

I have two Windows XP clients accessing the same shared file, user1 has
the file open. User2 then opens the
same file, receiving no warnings about the file being open by another
user. File is modified by user1 and saved and remains open. File then
modified by user2 and saved. File closed and opened by user1 who
sees only modifications made by user2.

user1 (WinXP) open test2.ods

smbstatus:
Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock 
SharePath   Name   Time
--------------------------------------------------------------------------------------------------
14758        10004      DENY_WRITE 0x2019f     RDWR   EXCLUSIVE+BATCH 
/work/samba/bazafirm   test2.ods   Wed Aug  1 17:50:15
14758        10004      DENY_NONE  0x100001    RDONLY     NONE
/work/samba/bazafirm   .   Wed Aug  1 17:49:47

user2 (WinXP) open file:
smbstatus:
Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock 
SharePath   Name   Time
--------------------------------------------------------------------------------------------------
14787        10002      DENY_WRITE 0x2019f     RDWR   EXCLUSIVE+BATCH 
/work/samba/bazafirm   test2.ods   Wed Aug  1 17:55:38
14787        10002      DENY_NONE  0x100001    RDONLY     NONE 
/work/samba/bazafirm   .   Wed Aug  1 17:55:12


But when I use option "force user = root" tha file lock works OK!!!


smb.conf

[global]
    dos charset = cp852
    unix charset = iso8859-2
    display charset = iso8859-2
    workgroup = COSTAM.LOCAL
    netbios name = DRAGON
    server string = COSTAM LDAP PDC [on FreeBSD :: Samba server %v]
    interfaces = 192.168.50.254/24
    bind interfaces only = Yes
    security = USER
    encrypt passwords = Yes
    update encrypted = No
    client schannel = Auto
    server schannel = Auto
    allow trusted domains = Yes
    map to guest = Never
    null passwords = Yes
    obey pam restrictions = No
    password server = *
    smb passwd file = /usr/local/etc/samba/smbpasswd
    private dir = /usr/local/etc/samba
    passdb backend = ldapsam:ldap://127.0.0.1/
    algorithmic rid base = 1000
    guest account = nobody
    enable privileges = Yes
    pam password change = No
    passwd chat = *new*password* %n\n *new*password* %n\n *changed*
    passwd chat debug = No
    passwd chat timeout = 2
    check password script =
    password level = 0
    username level = 0
    unix password sync = No
    restrict anonymous = 0
    lanman auth = Yes
    ntlm auth = Yes
    client NTLMv2 auth = No
    client lanman auth = Yes
    client plaintext auth = Yes
    use kerberos keytab = No
    log level = 2
    syslog = 0
    syslog only = No
    log file = /var/log/samba/log.%m
    max log size = 100000
    debug timestamp = Yes
    debug prefix timestamp = No
    debug hires timestamp = No
    debug pid = No
    debug uid = No
    enable core files = Yes
    smb ports = 445 139
    large readwrite = Yes
    max protocol = NT1
    min protocol = CORE
    read bmpx = No
    read raw = Yes
    write raw = Yes
    disable netbios = No
    reset on zero vc = No
    acl compatibility = auto
    defer sharing violations = Yes
    nt pipe support = Yes
    nt status support = Yes
    announce version = 4.9
    announce as = NT
    max mux = 50
    max xmit = 16644
    name resolve order = wins bcast dns host
    max ttl = 259200
    max wins ttl = 518400
    min wins ttl = 21600
    time server = Yes
    unix extensions = Yes
    use spnego = Yes
    client signing = auto
    server signing = No
    client use spnego = Yes
    enable asu support = No
    deadtime = 0
    getwd cache = Yes
    keepalive = 300
    lpq cache time = 30
    max smbd processes = 0
    paranoid server security = Yes
    max disk size = 0
    max open files = 500
    open files database hash size = 10007
    socket options = SO_KEEPALIVE SO_BROADCAST TCP_NODELAY 
SO_SNDBUF=16384 SO_RCVBUF=16384 IPTOS_LOWDELAY
    use mmap = Yes
    hostname lookups = No
    name cache timeout = 660
    load printers = No
    printcap cache time = 750
    disable spoolss = No
    show add printer wizard = Yes
    mangling method = hash2
    mangle prefix = 1
    max stat cache size = 1024
    stat cache = Yes
    machine password timeout = 604800
    add user script = /usr/local/sbin/smbldap-useradd -m "%u"
    delete user script = /usr/local/sbin/smbldap-userdel "%u"
    add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
    delete group script = /usr/local/sbin/smbldap-groupdel "%g"
    add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
    delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
"%u" "%g"
    set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
    add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
    logon script = logon.bat
    logon drive = H:
    logon home = \\%N\%U
    domain logons = Yes
    os level = 255
    lm announce = Auto
    lm interval = 60
    preferred master = Yes
    local master = Yes
    domain master = Yes
    browse list = Yes
    enhanced browsing = Yes
    dns proxy = No
    wins proxy = Yes
    wins support = Yes
    kernel oplocks = Yes
    lock spin time = 200
    oplock break wait time = 0
    ldap admin dn = cn=root,dc=dasko,dc=pl
    ldap delete dn = Yes
    ldap group suffix = ou=Groups
    ldap idmap suffix = ou=Idmap
    ldap machine suffix = ou=Computers
    ldap passwd sync = Yes
    ldap replication sleep = 1000
    ldap suffix = dc=dasko,dc=pl
    ldap ssl = no
    ldap timeout = 15
    ldap page size = 1024
    ldap user suffix = ou=Users
    lock directory = /var/db/samba
    pid directory = /var/run
    utmp = No
    socket address = 0.0.0.0
    afs token lifetime = 604800
    time offset = 0
    NIS homedir = No
    usershare allow guests = No
    usershare max shares = 0
    usershare owner only = Yes
    usershare path = /var/db/samba/usershares
    host msdfs = Yes
    passdb expand explicit = No
    idmap cache time = 900
    idmap negative cache time = 120
    template homedir = /home/%D/%U
    template shell = /bin/false
    winbind separator = \
    winbind cache time = 300
    winbind enum users = No
    winbind enum groups = No
    winbind use default domain = No
    winbind trusted domains only = No
    winbind nested groups = Yes
    winbind nss info = template
    winbind refresh tickets = No
    winbind offline logon = No
    winbind normalize names = No
    admin users = Administrator
    read only = Yes
    acl check permissions = Yes
    acl group control = No
    acl map full control = Yes
    create mask = 0744
    force create mode = 00
    security mask = 0777
    force security mode = 00
    directory mask = 0755
    force directory mode = 00
    directory security mask = 0777
    force directory security mode = 00
    force unknown acl user = No
    inherit permissions = No
    inherit acls = No
    inherit owner = No
    guest only = No
    guest ok = No
    only user = No
    hosts allow = 127.0.0.1, 192.168.50.
    hosts deny = 0.0.0.0/0
    allocation roundup size = 1048576
    aio read size = 0
    aio write size = 0
    ea support = No
    nt acl support = Yes
    profile acls = No
    map acl inherit = No
    afs share = No
    block size = 1024
    change notify = Yes
    kernel change notify = Yes
    max connections = 0
    min print space = 0
    strict allocate = No
    strict sync = No
    sync always = No
    use sendfile = No
    write cache size = 0
    max reported print jobs = 0
    max print jobs = 1000
    printable = No
    printing = bsd
    print command = lpr -r -P'%p' %s
    lpq command = lpq -P'%p'
    lprm command = lprm -P'%p' %j
    use client driver = No
    default devmode = Yes
    force printername = No
    printjob username = %U
    default case = lower
    case sensitive = Auto
    preserve case = Yes
    short preserve case = Yes
    mangling char = ~
    hide dot files = Yes
    hide special files = No
    hide unreadable = No
    hide unwriteable files = No
    delete veto files = No
    hide files = /desktop.ini/ntuser.ini/NTUSER.*/
    map archive = Yes
    map hidden = No
    map system = No
    map readonly = yes
    mangled names = Yes
    store dos attributes = No
    dmapi support = No
    browseable = Yes
    blocking locks = Yes
    csc policy = manual
    fake oplocks = No
    locking = Yes
    oplocks = Yes
    level2 oplocks = Yes
    oplock contention limit = 2
    posix locking = Yes
    strict locking = Auto
    share modes = Yes
    dfree cache time = 0
    preexec close = No
    root preexec close = No
    available = Yes
    fstype = NTFS
    set directory = No
    wide links = Yes
    follow symlinks = Yes
    delete readonly = No
    dos filemode = No
    dos filetimes = Yes
    dos filetime resolution = No
    fake directory create times = No
    msdfs root = No



More information about the samba mailing list