[Samba] preexec and msdfs proxy

Greg Enlow grenlow at hk.mailbox.de
Mon May 18 07:31:55 MDT 2015 

Hi,

The Server to which the msdfs is pointing is a netapp. Though we theoretically can access the shell on it then begin to mess around there, we would really like to avoid that. Warranty and such make it a bit of a legal issue. That is the reason we went with a separate instance in the first place and now wonder why the preexec doesn't fire. 

There is nothing in tmp of the msdfs box.

Like I asked before, is this by design? If not what can we do to get around playing with underwear of our netapp?

Thanks!


Sent from my iPhone

> On 18 May 2015, at 10:19, Rowland Penny <rowlandpenny at googlemail.com> wrote:
> 
>> On 18/05/15 07:36, Daniel Müller wrote:
>> Msdfs proxy is pointing to another instance of samba servers, it passes
>> through.
>> I think running preexec there  on the other instance will do the trick.
>> 
>> Greetings
>> Daniel
>> 
>> 
>> EDV Daniel Müller
>> 
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> 
>> 
>> 
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
>> Auftrag von Greg Enlow
>> Gesendet: Samstag, 16. Mai 2015 10:16
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] preexec and msdfs proxy
>> 
>> Hi,
>> 
>> I was wondering if someone had any thoughts as to why "preexec" doesn't fire
>> when "msdfs proxy" is used?
>> 
>> Thank you,
>> Greg Enlow
>> 
>> 
>> --
>> 
>> Greg Enlow
>> grenlow at hk.mailbox.de
>> 
>> 
>> 
>> On 13 May 2015, at 11:18, Greg Enlow wrote:
>> 
>> ok ok ...
>> Names have been changed to protect the inoccent.
>> 
>> This installation is being used to mitigate a server migration by providing
>> read-only access to the new shares under the old server name.  We have
>> duplicated all the current shares on the new server (NETAPP) as {share
>> name}_ro and created equivalent shares on the SAMBA installation as DFS
>> proxies that point the client to that read-only share.  As a neat bell &
>> whistle we had hoped to be able to let the user know that they were using an
>> obsolete URL (server name) by sending them a message/mail/whack on the head.
>> At the moment neither the "root preexec" or the plain "preexec" are doing
>> anything, much to our chagrin.
>> 
>> 
>> [global]
>> log level = 3
>> 
>> netbios name = COOLIO
>> workgroup = DE
>> security = ADS
>> realm = DE.COOLPLACE.COM
>> dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and
>> keytab encrypt passwords = yes allow trusted domains = yes local master = no
>> domain master = no server services = +smb -s3fs dcerpc endpoint servers =
>> +winreg +srvsvc
>> 
>> idmap config *:backend    = tdb
>> idmap config *:range      = 1100-999999
>> 
>> idmap config DE:backend   = rid
>> idmap config DE:range     = 1000000 -19999999
>> 
>> idmap config APAC:backend = rid
>> idmap config APAC:range   = 20000000-29999999
>> 
>> idmap config EMEA:backend = rid
>> idmap config EMEA:range   = 30000000-39999999
>> 
>> 
>> winbind use default domain = yes
>> winbind enum users = no
>> winbind enum groups = no
>> winbind nested groups = yes
>> winbind expand groups = 5
>> winbind refresh tickets = yes
>> winbind max domain connections = 10
>> 
>> create krb5 conf = no
>> 
>> template shell = /bin/bash
>> template homedir = /home/%D/%U
>> 
>> client NTLMv2 auth = yes
>> 
>> printcap name = /dev/null
>> disable spoolss = yes
>> show add printer wizard = no
>> load printers = no
>> 
>> host msdfs = yes
>> 
>> [Drachenboot$]
>> root preexec = /etc/samba/preexec_root.sh //REALBIGFS/Drachenboot$
>> %H/Drachenboot %D %U Drachenboot preexec = echo \"%u connected to %S from %m
>> (%I)\" >> /tmp/users.txt msdfs root = yes msdfs proxy =
>> \REALBIGFS\Drachenboot_ro$ read only = yes browseable = no follow symlinks =
>> no hide unreadable = yes
>> 
>> --
>> 
>> Greg Enlow
>> grenlow at hk.mailbox.de
>> 
>> 
>> 
>> On 12 May 2015, at 23:02, Rowland Penny wrote:
>> 
>> On 12/05/15 20:27, Greg Enlow wrote:
>>> To the powers the might be,
>>> 
>>> it seems that the "(root) preexec" function does not work when used with
>> "msdfs proxy".  Is that just "my" problem, an error or by design?
>>> If it is by design, I would be curious to know why.
>>> If it is an error, can it be addressed fairly quickly?
>>> If it is none of the above, then what information will be needed to help
>> diagnose "my" issue?
>>> I don't have the line I use with me for the preexec, but I did attempt
>>> the example in he samba man pages
>>> i.e.:
>>> (root) preexec = echo "hello world!" >> /tmp/mycutelog.txt no worky
>>> worky.
>>> 
>>> Thanks in advance!
>>> 
>>> --
>>> 
>>> Greg Enlow
>>> grenlow at hk.mailbox.de
>>> 
>>> 
>>> ______________________________________________________________________
>>> This email has been scanned by the Symantec Email Security.cloud service.
>>> Zu buchen bei Hegel & Koch - http://www.hk-online.de
>>> ______________________________________________________________________
>> More info, more info
>> 
>> Post your smb.conf
>> 
>> Rowland
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
>> ______________________________________________________________________
>> This email has been scanned by the Symantec Email Security.cloud service.
>> Zu buchen bei Hegel & Koch - http://www.hk-online.de
>> ______________________________________________________________________
>> 
>> 
>> 
>> ______________________________________________________________________
>> This email has been scanned by the Symantec Email Security.cloud service.
>> Zu buchen bei Hegel & Koch - http://www.hk-online.de
>> ______________________________________________________________________
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
> 
> I thought along the same line, but did not post because I have never used msdfs and didn't want to appear stupid :-D
> 
> What the OP could do is to look in /tmp on the possible servers, the preexec command may have written to one of them.
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> Zu buchen bei Hegel & Koch - http://www.hk-online.de
> ______________________________________________________________________
> 

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
Zu buchen bei Hegel & Koch - http://www.hk-online.de
______________________________________________________________________

More information about the samba mailing list