[Samba] smbcontrol smbd reload-config or service smbd reload doesn't reload include files

Sabuj Pattanayek sabujp at gmail.com
Fri Mar 14 01:07:21 MDT 2014 

Well, it may even be a client cache issue. Even after removing admin users
= I can still disconnect and reconnect to the share and descend into
sub-directories which I shouldn't have access to . The only thing that
seems to flush the client's authentication for good is for the user to
logoff and log back in again. So it seems here that the server is probably
doing the reload instantly, but why is the client dictating the
authentication rights when the server should definitely be in control?


On Fri, Mar 14, 2014 at 2:01 AM, Sabuj Pattanayek <sabujp at gmail.com> wrote:

> Went back to using the include files since there was no difference between
> this and the one smb.conf file. There's some strange server caching of auth
> info that doesn't expire immediately after a reload. I seem to have to wait
> > 30, 60 seconds ?
>
>
> On Fri, Mar 14, 2014 at 1:46 AM, Sabuj Pattanayek <sabujp at gmail.com>wrote:
>
>> I merged all the shares in on the smb.conf file itself and tried the same
>> test with commenting admin users in and out, before and after a reload.
>> Samba still allows access without a restart.
>>
>>
>> On Fri, Mar 14, 2014 at 1:24 AM, Sabuj Pattanayek <sabujp at gmail.com>wrote:
>>
>>> Just tried sernet samba 4.1.6-7, reloading after adding the group
>>> doesn't seem to work at all now. Had to do a restart.
>>>
>>>
>>> On Fri, Mar 14, 2014 at 1:11 AM, Sabuj Pattanayek <sabujp at gmail.com>wrote:
>>>
>>>> s/main/global
>>>>
>>>>
>>>> On Fri, Mar 14, 2014 at 1:10 AM, Sabuj Pattanayek <sabujp at gmail.com>wrote:
>>>>
>>>>> This is how how my layout looks like :
>>>>>
>>>>> smb.conf :
>>>>>
>>>>> [main]
>>>>>
>>>>> include /path/to/template_shares.conf
>>>>> include /path/to/some_other_shares.conf
>>>>> include /path/to/testing_shares.conf
>>>>>
>>>>> the [testing] share in testing_shares.conf uses a template from
>>>>> template_shares.conf with
>>>>>
>>>>> [testing]
>>>>> copy = template_share
>>>>> path = /some/other/path
>>>>> admin users = @someADGroup
>>>>>
>>>>> ..so here after adding a group to admin users and reloading it works,
>>>>> but then when I comment out admin users and reload it doesn't take effect
>>>>> and that group still has access to the share. At this point I have to
>>>>> restart.
>>>>>
>>>>>
>>>>> On Fri, Mar 14, 2014 at 1:06 AM, Sabuj Pattanayek <sabujp at gmail.com>wrote:
>>>>>
>>>>>> I'm using 4.1.5, but the reload seems to be very inconsistent.
>>>>>> Initially it looks like the problem was that I had defunct security mask
>>>>>> parameters in include files above the one I was changing which was somehow
>>>>>> throwing an "admin users = " parameter in an include file farther down in
>>>>>> the main smb.conf file. In the log file it said it was reading the section
>>>>>> I was modifying in the include file, but if I updated the "admin users = "
>>>>>> parameter for that share it wouldn't take unless I restarted smbd . After I
>>>>>> got rid of the defunct security mask parameters the reload on the updated
>>>>>> admin users = parameter seems to sort of work. What I mean is that if I add
>>>>>> a group to the admin users parameter and then do a reload (or a few reloads
>>>>>> for good measure) I can then connect because of the add group in admin
>>>>>> users. However, if I comment the parameter out and reload several times I
>>>>>> can still connect to the share even after multiple disconnects and
>>>>>> reconnects. The only thing that seems to "remove" the authentication
>>>>>> information is a full restart of smb, then I can longer connect to the
>>>>>> share as was behavior I was looking for.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Mar 13, 2014 at 3:03 PM, Marc Muehlfeld <
>>>>>> samba at marc-muehlfeld.de> wrote:
>>>>>>
>>>>>>> Hello Sabuj
>>>>>>>
>>>>>>> Am 13.03.2014 20:46, schrieb Sabuj Pattanayek:
>>>>>>>
>>>>>>>  I noticed that smbcontrol smbd reload-config or service smbd reload
>>>>>>>> doesn't
>>>>>>>> reload include files. Is there anyway to get a reload to reload
>>>>>>>> files that
>>>>>>>> have been included from the main smb.conf ? Otherwise it only looks
>>>>>>>> like
>>>>>>>> restart works, but that causes connections to reset, even in a
>>>>>>>> ctdb/clustered environment . The only other option it looks like is
>>>>>>>> to just
>>>>>>>> put everything into the smb.conf file ?
>>>>>>>>
>>>>>>>
>>>>>>> I use include files for printer and shares in production (3.6.23 and
>>>>>>> 4.1.6) and always do a "smbcontrol all reload-config", what works.
>>>>>>>
>>>>>>> I quickly did a test here on my testsystem (4.1.5) and renamed a
>>>>>>> printer, that is in a separate file which is included in smb.conf. Works.
>>>>>>>
>>>>>>>
>>>>>>> Which version do you use?
>>>>>>>
>>>>>>>
>>>>>>> Increase the loglevel to at least 4, then do a
>>>>>>> # smbcontrol all reload-config
>>>>>>> and search your logs for "include". You should see the included
>>>>>>> files:
>>>>>>>
>>>>>>> # fgrep include /var/log/samba/*
>>>>>>> 10.99.0.70.log:  doing parameter include = /etc/samba/shares.conf
>>>>>>> 10.99.0.70.log:  doing parameter include = /etc/samba/printers.conf
>>>>>>> nmbd.log:  doing parameter include = /etc/samba/shares.conf
>>>>>>> smbd.log:  doing parameter include = /etc/samba/shares.conf
>>>>>>> smbd.log:  doing parameter include = /etc/samba/printers.conf
>>>>>>> winbindd.log:  doing parameter include = /etc/samba/shares.conf
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Marc
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

More information about the samba mailing list