[Samba] samba4 & (domain) dfs

Michael De Groote ict at sint-pietersschool.be
Sun May 26 13:12:43 MDT 2013


Bah, i forgot to mention the version:
Version 4.1.0pre1-GIT-392b01f


2013/5/26 Michael De Groote <ict at sint-pietersschool.be>

> Hi all
>
> I'm trying to set up dfs for (among other things) profiles (i don't know
> if this is a good example, but that is out of the scope of my current
> question)
> I've been following these instructions:
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html
>
> http://us.generation-nt.com/answer/samba-domain-dfs-samba-4-help-209347402.html
> as well as the hints given in the thread *'Samba4 DFS Support'* on this
> list
>
> My current setup is as follows
>
> Win7 client joined to domain stp4.stp.internal
>
> *2 DCs:*
> * *samba4-2*
> ** samba4-3*
> both with DNS backend BIND_DLZ (only one instance of bind running atm, on
> host *samba4-2*)
>
> On both DCs i have the following folder structures
>
> root at samba4-2:/usr/local/samba# ls -lRa srv/
> srv/:
> total 12
> drwxr-sr-x  3 root staff 4096 May 25 23:26 .
> drwxr-sr-x 11 root staff 4096 May 25 23:26 ..
> drwxr-sr-x  2 root staff 4096 May 26 09:52 dfs
>
> srv/dfs:
> total 8
> drwxr-sr-x 2 root staff 4096 May 26 09:52 .
> drwxr-sr-x 3 root staff 4096 May 25 23:26 ..
> lrwxrwxrwx 1 root staff   41 May 26 09:52 dfs_profiles ->
> msdfs:samba4-2\profiles,samba4-3\profiles
>
> This is the relevant part of my config:
> [global]
>         host msdfs = yes
>         log level = 2 msdfs:10
> [dfs]
>         path = /usr/local/samba/srv/dfs
>         msdfs root = Yes
>
>
> ------------------------------------------------------------------------------------------------------------------
> Note: running testparm -vv gives me a weird entry in [global]:
>         msdfs root = No
> Why does this appear there?
>
> ------------------------------------------------------------------------------------------------------------------
>
> *What works?
> *
> When going to either of the DCs directly and into the dfs share, i can
> access the folder dfs_profiles
> I then see the following in my log.smbd (e.g. on samba4-2)
>
> [2013/05/26 20:52:46.564445,  2]
> ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
>   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
> and 'force unknown acl user = true' for service IPC$
> [2013/05/26 20:52:46.581753, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:115(parse_dfs_path)
>   parse_dfs_path: temp = |samba4-2\dfs| after trimming \'s
> [2013/05/26 20:52:46.581882, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:140(parse_dfs_path)
>   parse_dfs_path: hostname: samba4-2
> [2013/05/26 20:52:46.581987, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:182(parse_dfs_path)
>   parse_dfs_path: servicename: dfs
> [2013/05/26 20:52:46.583205,  2]
> ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
>   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
> and 'force unknown acl user = true' for service dfs
> [2013/05/26 20:52:46.598748,  2]
> ../source3/smbd/service.c:848(make_connection_snum)
>   10.0.200.11 (ipv4:10.0.200.11:62136) connect to service dfs initially
> as user STP4\Administrator (uid=0, gid=20513) (pid 27834)
> [2013/05/26 20:52:46.599798, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:115(parse_dfs_path)
>   parse_dfs_path: temp = |samba4-2\dfs| after trimming \'s
> [2013/05/26 20:52:46.599910, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:140(parse_dfs_path)
>   parse_dfs_path: hostname: samba4-2
> [2013/05/26 20:52:46.600040, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:182(parse_dfs_path)
>   parse_dfs_path: servicename: dfs
> [2013/05/26 20:52:46.600145,  5, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:786(dfs_redirect)
>   dfs_redirect: self-referral.
> [2013/05/26 20:52:46.607068, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:115(parse_dfs_path)
>   parse_dfs_path: temp = |samba4-2\dfs| after trimming \'s
> [2013/05/26 20:52:46.607146, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:140(parse_dfs_path)
>   parse_dfs_path: hostname: samba4-2
> [2013/05/26 20:52:46.607239, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:182(parse_dfs_path)
>   parse_dfs_path: servicename: dfs
> [2013/05/26 20:52:46.607308,  5, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:786(dfs_redirect)
>   dfs_redirect: self-referral.
> [2013/05/26 20:52:46.608460,  5, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:562(is_msdfs_link_internal)
>   is_msdfs_link_internal: ./dfs_profiles -> msdfs:
> [2013/05/26 20:52:46.614053, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:115(parse_dfs_path)
>   parse_dfs_path: temp = |samba4-2\dfs\dfs_profiles| after trimming \'s
> [2013/05/26 20:52:46.614128, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:140(parse_dfs_path)
>   parse_dfs_path: hostname: samba4-2
> [2013/05/26 20:52:46.614197, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:182(parse_dfs_path)
>   parse_dfs_path: servicename: dfs
> [2013/05/26 20:52:46.614266, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:216(parse_dfs_path)
>   parse_dfs_path: rest of the path: dfs_profiles
> [2013/05/26 20:52:46.614365,  2]
> ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
>   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
> and 'force unknown acl user = true' for service dfs
> [2013/05/26 20:52:46.624432, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:624(dfs_path_lookup)
>   dfs_path_lookup: Conn path = /usr/local/samba/srv/dfs reqpath =
> dfs_profiles
> [2013/05/26 20:52:46.624558,  5, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:562(is_msdfs_link_internal)
>   is_msdfs_link_internal: dfs_profiles ->
> msdfs:samba4-2\profiles,samba4-3\profiles
> [2013/05/26 20:52:46.624630,  6, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:659(dfs_path_lookup)
>   dfs_path_lookup: \samba4-2\dfs\dfs_profiles resolves to a valid dfs link
> msdfs:samba4-2\profiles,samba4-3\profiles.
> [2013/05/26 20:52:46.624706, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:457(parse_msdfs_symlink)
>   parse_msdfs_symlink: count=2
> [2013/05/26 20:52:46.624779, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:493(parse_msdfs_symlink)
>   parse_msdfs_symlink: Created alt path: \samba4-2\profiles
> [2013/05/26 20:52:46.624850, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:493(parse_msdfs_symlink)
>   parse_msdfs_symlink: Created alt path: \samba4-3\profiles
> [2013/05/26 20:52:46.655626, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:115(parse_dfs_path)
>   parse_dfs_path: temp = |samba4-2\dfs| after trimming \'s
> [2013/05/26 20:52:46.655746, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:140(parse_dfs_path)
>   parse_dfs_path: hostname: samba4-2
> [2013/05/26 20:52:46.655853, 10, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:182(parse_dfs_path)
>   parse_dfs_path: servicename: dfs
> [2013/05/26 20:52:46.655957,  5, pid=27834, effective(0, 20513), real(0,
> 0), class=msdfs] ../source3/smbd/msdfs.c:786(dfs_redirect)
>   dfs_redirect: self-referral.
>
>
> *What does NOT work?
> *
> Trying to access the dfs share via the domain name:
> \\stp4.stp.internal\dfs gives me *nothing* whatsoever in the logs.
> Instead i get these error messages on my win7 client:
> "Access denied you may not have permission..." etc (error code 80070035)
>
> *Questions:*
> 1. Am I misinterpreting the documentation? I was also under the impression
> that i would be able to access the subfolders inside the dfs-root
> directly... (which doesn't seme to be)
> 2. Does it just not work yet in samba4 and do i need to be patient?
> 3. Is there some other logger i need to turn on the see what is going
> wrong, and if so, what logger would that be? (i could also turn on all on
> level 10, but i fear i would be swamped...)
>
>
> --
> Michael De Groote
> ICT-coordinator Sint-Pietersschool Korbeek-Lo
> ICT-support Sancta Maria Basisschool Leuven
>



-- 
Michael De Groote
ICT-coordinator Sint-Pietersschool Korbeek-Lo
ICT-support Sancta Maria Basisschool Leuven


More information about the samba mailing list