[Samba] Difficulty w/Offline Files and Samba 3.0.25

David F. Severski davidski-sb at deadheaven.com
Fri Jun 1 15:50:48 GMT 2007

Good morning,

I have a working Offline Files setup w/Samba 3.0.24 (FreeBSD 6.2 host OS)
and a Win XP SP2 client.  Upon updating to Samba 3.0.25, the XP client's
offline cache would show (as viewed via the Offline Files Folder) that
synced files are write-only ('User W' in the Access column).  When
offline, theses files appeared to be available via Explorer and double
clicking would launch the appropriate program, but would then generate a
file not found error.  Reverting to Samba 3.0.24 and resyncing has
corrected the problem ('User R/W' in the Access column and proper access
restored when offline).

My smb.conf is attached.  Apart from the 'map acl inherit' parameter,
which I added when upgrading to 3.0.25 at the suggestion of WHATSNEW.txt,
this configuration file has not been changed in several months.  Any
suggestions as to what the cause of this problem could be?  Are any of
the recent changes in 3.0.25a likely applicable to this problem?

Thanks for the help!

-------------- next part --------------
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors. 
#======================= Global Settings =====================================

# Disallow the use of opportunistic locks to try to avoid delayed write errors
oplocks = yes
#oplocks = no
#level2 oplocks = no
#locking = no

#passdb backend = ldapsam:ldap://geoff.deadheaven.com
passdb backend = ldapsam:ldapi://%2Fvar%2Frun%Fopenldap%2Fldapi 

#enable net rpc rights privileges
enable privileges = yes

#this sets only the smbpasswd backend file, not the tdbsam file
smb passwd file = /usr/local/private/smbpasswd

ldap ssl = no
#ldap ssl = start_tls
ldap admin dn = cn=Manager,dc=deadheaven,dc=com
ldap user suffix = ou=Accounts
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=deadheaven,dc=com
ldap passwd sync = yes

#idmap backend = ldap:ldap://geoff.deadheaven.com/
idmap backend = ldap:ldapi://%2Fvar%2Frun%2Fopenldap%Fldapi 
ldap idmap suffix = ou=idmap
idmap uid = 40000-50000
idmap gid = 40000-50000

#u ncomment this chunkwhen ready to turn on smbldap scripts
#ldap delete dn = Yes
#add user script = /usr/local/sbin/smbldap-useradd -m "%u"
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
#add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
#add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
#add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "% g"
#delete user from group script = /usr/local/sbin/smbldap-groupmod -x "% u" "%g"
#set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u "

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = DEADHEAVEN

# server string is the equivalent of the NT Description field
server string = Geoff - The Deadheaven Domain Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.
hosts allow = 192.168.0. 192.168.1. 172.16.0.

# By default, load all local printers for browsing
load printers = yes

# Use CUPS printing system
printcap name = cups
printing = cups

# Set logging level to one above the default of 0
log level = 1

# Create a log for each machine that connects, max of 500 Kb
log file = /var/log/samba/log.%m
max log size = 500

# Authenticate user credentials locally
security = user

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes

# Disable lanman and NTLMv1 authentication (NTLMv2 required)
lanman auth = no
ntlm auth = yes

# Offer server side signing of transactions
server signing = mandatory

#client signing, NTLMv2, and SPNEGO settings
client signing = mandatory
client ntlmv2 auth = yes
client use spnego = yes
client schannel = yes

# Listen only on the internal and loopback interfaces
interfaces = fxp0 ath0 lo1

#Listen only on TCP/445
disable netbios = yes

# Browser Control Options:
local master = yes

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes 

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# Jack the OS level up to 34 just in case there are any other PDCs on the
# network (VMWare, for instance)
os level = 34

# Enable this if you want Samba to be a domain logon server for 
# Windows95 workstations. 
domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat
logon script = startup.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U
logon path = \\%N\profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = yes
# When acting as a WINS server, send unknown names to DNS for resolution
dns proxy = yes 

#Anti-virus scanning
#vfs object = vscan-clamav
#vscan-clamav: config-file = /usr/local/etc/samba-vscan/vscan-clamav.conf

#============================ Share Definitions ==============================
    comment = Home Directories
    browseable = no
    hide files = /desktop.ini/ntuser.ini/NTUSER.*/
    #the next two should prohibit other users from mapping other user's home 
    #directories.  Though a more secure solution is to fix the underlying 
    #unix permissions, this provides an added layer of defense.  Currently 
    #disabled until we get time to test this out.
    #valid users = DEADHEAVEN+%S
    #only user = DEADHEAVEN+%S
    #vfs objects = recycle
    writeable = yes
    map acl inherit = yes

# Un-comment the following and create the netlogon directory for Domain Logons
    comment = Network Logon Service
    path = /usr/local/samba/lib/netlogon
    guest ok = yes
    writeable = no
    locking = no
    ;share modes = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
    path = /data/profiles
    browseable = no
    writeable = yes
    guest ok = no
    create mask = 0700
    directory mask = 0700
    nt acl support = no
    share modes = no
    csc policy = disable
    hide files = /desktop.ini/ntuser.ini/NTUSER.*/
    #oplocks = no
    profile acls = yes
    map acl inherit = yes

# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	use client driver = no
	# Set public = yes to allow user 'guest account' to print
	public = yes
	guest ok = yes
	writeable = no
	printable = yes

	comment = Printer Drivers
	path = /usr/local/samba/printers
	guest ok = no
	browseable = yes
	read only = yes
	write list = root "DEADHEAVEN\davidski"

# This one is useful for people to share files
	comment = Temporary file space
	path = /usr/local/samba/tmp
	writeable = yes
	guest ok = yes
	create mask = 776
	directory mask = 777
	browsable = yes
	map acl inherit = yes

# A publicly accessible directory, but read only, except for the mp3 group
	comment = Music Share
	path = /data/music
	guest ok = yes
	force group = +mp3
	writeable = yes
	browseable = yes
	write list = @mp3
	vfs object = 
	create mask = 660
	directory mask = 770
	map acl inherit = yes

	comment = World Wide Web Directories
	path = /data/www
	map acl inherit = yes
	read only = no

More information about the samba mailing list