[Samba] preexec and msdfs proxy

Rowland Penny rowlandpenny at googlemail.com
Mon May 18 02:19:28 MDT 2015 

On 18/05/15 07:36, Daniel Müller wrote:
> Msdfs proxy is pointing to another instance of samba servers, it passes
> through.
> I think running preexec there  on the other instance will do the trick.
>
> Greetings
> Daniel
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Greg Enlow
> Gesendet: Samstag, 16. Mai 2015 10:16
> An: samba at lists.samba.org
> Betreff: Re: [Samba] preexec and msdfs proxy
>
> Hi,
>
> I was wondering if someone had any thoughts as to why "preexec" doesn't fire
> when "msdfs proxy" is used?
>
> Thank you,
> Greg Enlow
>
>
> --
>
> Greg Enlow
> grenlow at hk.mailbox.de
>
>
>
> On 13 May 2015, at 11:18, Greg Enlow wrote:
>
> ok ok ...
> Names have been changed to protect the inoccent.
>
> This installation is being used to mitigate a server migration by providing
> read-only access to the new shares under the old server name.  We have
> duplicated all the current shares on the new server (NETAPP) as {share
> name}_ro and created equivalent shares on the SAMBA installation as DFS
> proxies that point the client to that read-only share.  As a neat bell &
> whistle we had hoped to be able to let the user know that they were using an
> obsolete URL (server name) by sending them a message/mail/whack on the head.
> At the moment neither the "root preexec" or the plain "preexec" are doing
> anything, much to our chagrin.
>
>
> [global]
> log level = 3
>
> netbios name = COOLIO
> workgroup = DE
> security = ADS
> realm = DE.COOLPLACE.COM
> dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and
> keytab encrypt passwords = yes allow trusted domains = yes local master = no
> domain master = no server services = +smb -s3fs dcerpc endpoint servers =
> +winreg +srvsvc
>
> idmap config *:backend    = tdb
> idmap config *:range      = 1100-999999
>
> idmap config DE:backend   = rid
> idmap config DE:range     = 1000000 -19999999
>
> idmap config APAC:backend = rid
> idmap config APAC:range   = 20000000-29999999
>
> idmap config EMEA:backend = rid
> idmap config EMEA:range   = 30000000-39999999
>
>
> winbind use default domain = yes
> winbind enum users = no
> winbind enum groups = no
> winbind nested groups = yes
> winbind expand groups = 5
> winbind refresh tickets = yes
> winbind max domain connections = 10
>
> create krb5 conf = no
>
> template shell = /bin/bash
> template homedir = /home/%D/%U
>
> client NTLMv2 auth = yes
>
> printcap name = /dev/null
> disable spoolss = yes
> show add printer wizard = no
> load printers = no
>
> host msdfs = yes
>
> [Drachenboot$]
> root preexec = /etc/samba/preexec_root.sh //REALBIGFS/Drachenboot$
> %H/Drachenboot %D %U Drachenboot preexec = echo \"%u connected to %S from %m
> (%I)\" >> /tmp/users.txt msdfs root = yes msdfs proxy =
> \REALBIGFS\Drachenboot_ro$ read only = yes browseable = no follow symlinks =
> no hide unreadable = yes
>
> --
>
> Greg Enlow
> grenlow at hk.mailbox.de
>
>
>
> On 12 May 2015, at 23:02, Rowland Penny wrote:
>
> On 12/05/15 20:27, Greg Enlow wrote:
>> To the powers the might be,
>>
>> it seems that the "(root) preexec" function does not work when used with
> "msdfs proxy".  Is that just "my" problem, an error or by design?
>> If it is by design, I would be curious to know why.
>> If it is an error, can it be addressed fairly quickly?
>> If it is none of the above, then what information will be needed to help
> diagnose "my" issue?
>> I don't have the line I use with me for the preexec, but I did attempt
>> the example in he samba man pages
>> i.e.:
>> (root) preexec = echo "hello world!" >> /tmp/mycutelog.txt no worky
>> worky.
>>
>> Thanks in advance!
>>
>> --
>>
>> Greg Enlow
>> grenlow at hk.mailbox.de
>>
>>
>> ______________________________________________________________________
>> This email has been scanned by the Symantec Email Security.cloud service.
>> Zu buchen bei Hegel & Koch - http://www.hk-online.de
>> ______________________________________________________________________
> More info, more info
>
> Post your smb.conf
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> Zu buchen bei Hegel & Koch - http://www.hk-online.de
> ______________________________________________________________________
>
>
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> Zu buchen bei Hegel & Koch - http://www.hk-online.de
> ______________________________________________________________________
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

I thought along the same line, but did not post because I have never 
used msdfs and didn't want to appear stupid :-D

What the OP could do is to look in /tmp on the possible servers, the 
preexec command may have written to one of them.

Rowland

More information about the samba mailing list