[Samba] Samba share over a /net automount shows only 1 entry per directory when connecting to a RHEL NFS export
Brandon Haberfeld
BrandonH at investec.co.za
Fri Dec 5 01:08:06 MST 2014
I have very large samba installations running off Solaris 10u11 - very stable - and AD integrated with the OS.
A new problem has arisen I hope someone can shed light one when accessing autmounted /net host directories. Running Samba 3.6.24 on Solaris 10u11 x86
Server A hosts logs files and can nfs mount other servers to consume their logs via the automount /net path. Users want to read the live logs through the automounts as well now from a common portal and samba is the perfect solution.
We will eventually only give users access to symlinks into the specific directories and not the entire server but we've SMB shared the whole of /net to show the issue generically. Server A will ultimately point into the /net/<server>/<log dir path> on the remote servers.
Ignore the symlinks for now because the issue occurs when smb sharing the base /net directory and yes, we are well familiar with samba's wide links functionality. The problem manifests at a lower level.
So:
>From within Server A's shell, cd /net/<server B>/.. Shows all directories exported by server B without any issues on all OS's being mounted dynamically via automount.
Running samba over the same /net directory shows everything perfectly when server B (the nfs servers being connected to) are Solaris or SLES but on RHEL (all versions), samba only shows arbitrary single files per directory.
Note the previous line that everything is perfect from the command line of Serevr A where samba is running.
How is it possible for the OS to show everything normally but not samba - is samba calling different IO libraries to get a directory's content than the OS itself?
We initially though that the RHEL boxes doing the nfs sharing were the issue but no combination of exportfs option makes a difference. Anyway, the nfs files show perfectly when listing the directories from the samba server A
Here's the SMB.conf which is AD integrated - permissions are not the issue because a "force user = root" makes no difference and the export permissions on Server B are completely open. Server A can read/write the NFS /net directories perfectly.
Ignore the security concerns here of Server A having complete root r/w to Server B's entire filesystem. This is a POC environment to prove the issue.
Detailed logs of a level 10 access of the /net share to a server which is sharing everything show that samba does a search of the correct path with the * wildcard. It oly get's a single entry back - but only for RHEL servers. Others are fine.
We've tried this in multiple RHEL servers with the same effect. Connecting to a Suse or Solaris server shows the entire root of the server (or all the exported shasres and their dies in full.
The server exporting it's root (/) is doing so with *(rw) and adding crossmnt, no_hide and no_sub_tree_checking in the /etc/exports makes no difference and indeed a dir list of the /net/<server B> shows everything normally with r/w as would be expected from the OS
Only when samba accesses that share does it stop processing directory entries after the first one - which is mostly the file last modified but not always.
Can anyone replicate this issue?
Here's the smb.conf:
[global]
security = ads
workgroup = IB
realm = INVESTEC.CORP
smb encrypt = yes
announce version = 6.1
server string = "Loghost Server"
netbios name = invmappllog3
netbios aliases = invjhbpllog
interfaces = 10.0.42.102/24
allow trusted domains = yes
log file = /var/log/samba/%I.log
log level = 10
syslog = 1
max log size = 1000000
machine password timeout = 0
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5.keytab
preserve case = yes
unix extensions = no
getwd cache = yes
case sensitive = no
read raw = yes
write raw = yes
bind interfaces only = yes
level2 oplocks = yes
domain master = no
local master = yes
preferred master = no
enhanced browsing = yes
guest account = nobody
map to guest = bad uid
host msdfs = no
[Test]
comment = "Logvol Net (%D %U %G)"
fstype = NTFS
path = /net
browseable = yes
writeable = no
create mask = 664
force user = root
directory mask = 775
guest ok = no
aio write size = 16384
aio read size = 8192
follow symlinks = yes
wide links = yes
vfs object = full_audit
full_audit:prefix = %h,%u,%I,%S,%G
full_audit:failure = connect mkdir rmdir pwrite rename chdir
full_audit:success = connect disconnect mkdir rmdir rename
full_audit:facility = local5
full_audit:priority = notice
invmappllog3:root:/net/iubsjhbvlbaas> ls
bin dev IUBS loghost misc opt sbin sys var
boot etc lib lost+found mnt proc selinux tmp
cgroup home lib64 media net root srv usr
When accessing the Test share via Samba, it only shows one directory or file in each folder: In this case the MISC directory which is an NFS share in it's own rights.
Anyone had this problem or knows if it is an acknowledged issue with samba reading /net on Solaris when connecting to RHEL - which I admit sounds ridiculous. Can't find anything relevant on bugzilla.
The fact is it works perfectly connecting to other OS's so we are inclined to thin k the issue is RHEL nfs sharing - but that cannot be because the OS shows everything normally - only samba has this issue.
Regards,
Brandon
This e-mail and any attachments thereto may contain confidential and proprietary information.
This e-mail is intended for the addressee only and should only be used by the addressee for the related purpose. If you are not the intended recipient of this e-mail, you are requested to delete it immediately. Any disclosure, copying, distribution of or any action taken or omitted in reliance on this information is prohibited and may be unlawful.
The views expressed in this e-mail are, unless otherwise stated, those of the sender and not those of the Investec Group of Companies or its management.
E-mails cannot be guaranteed to be secure or free of errors or viruses. No liability or responsibility is accepted for any interception, corruption, destruction, loss, late arrival or incompleteness of or tampering or interfering with any of the information contained in this e-mail or for its incorrect delivery or non-delivery or for its effect on any electronic device of the recipient.
For more information on the Investec Group of Companies see www.investec.com.
More information about the samba
mailing list