[Samba] widelinks_warning - but unix extensions *are* off
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Nov 2 19:25:04 UTC 2015
On 02/11/15 17:08, Thomas Werschlein wrote:
>> On 02.11.2015, at 16:25, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>>
>> Well he didn't write what I asked for, can you please post your entire smb.conf, please do not use testparm, please post as is (although you can sanitise any sensitive info)
> Sorry, missed that part. Here we go.
> Regards, Thomas
>
> [global]
> available = yes
> smb2 leases = yes
> dbwrap_tdb_mutexes:* = yes
>
> fruit:resource = xattr
> kerberos method = system keytab
>
> smb ports = 445
>
> log level = 0
> log file =/usr/local/samba-4.2.5/var/logs_per_client/log.%m
>
> max open files = 262144
>
> realm = D.SOME.ORG.TLD
> workgroup = D
> security = ADS
> disable netbios = yes
> local master = no
> domain master = no
>
> host msdfs = no
>
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
> idmap config D : backend = nss
> idmap config D : range = 1000-999999
> idmap negative cache time = 0
>
> netbios name = FSRV
> server signing = auto
> create mask = 0644
> server string =
> hide dot files = yes
> hide files = /Maildir/$RECYCLE.BIN/desktop.ini
> load printers = no
> printing = bsd
> printcap name = /dev/null
> deadtime = 15
>
> interfaces = 192.168.222.77/32
> bind interfaces only = yes
>
> unix extensions = no
>
> map untrusted to domain = yes
>
> username map script = /usr/local/samba-4.2.5/etc/samba/mapcomputers.sh
>
> shadow:snapdir = .zfs/snapshot
> shadow:sort = desc
> shadow:localtime = yes
> shadow:format = %Y%m%d%H%M
> wide links = yes
>
> vfs objects = full_audit
> full_audit:prefix = %u|%I|%m|%S
> full_audit:success = mkdir rename rmdir pwrite
> full_audit:failure = none
> full_audit:facility = LOCAL7
> full_audit:priority = NOTICE
>
> aio read size = 1
> aio write size =1
>
> [homes]
> path = /pool1/home/%S
> read only = no
> browseable = no
> create mask = 0640
> directory mask = 0750
> ea support = yes
> store dos attributes = yes
>
> vfs objects = shadow_copy2 fruit streams_xattr zfsacl full_audit
> nt acl support = yes
> inherit acls = no
>
> [group]
> read only = no
> path = /pool1/group
> hide unreadable = yes
> comment = Group spaces of %U
> create mask = 0660
> directory mask = 0770
> force create mode = 0660
> force directory mode = 0770
> ea support = yes
> store dos attributes = yes
> map archive = No
> map hidden = No
> map system = No
> map readonly = No
> vfs objects = fruit streams_xattr zfsacl
> acl map full control = False
> nt acl support = no
> inherit acls = no
>
> [web]
> read only = no
> path = /pool1/web
> hide unreadable = yes
> comment = Web spaces
> create mask = 0664
> directory mask = 0775
> force create mode = 0664
> force directory mode = 0775
> ea support = yes
> store dos attributes = yes
> map archive = No
> map hidden = No
> map system = No
> map readonly = No
> vfs objects = zfsacl full_audit
> acl map full control = False
> nt acl support = no
> inherit acls = no
>
> [data]
> path = /pool1/data
> hide unreadable = yes
> read only = no
> ea support = yes
> store dos attributes = yes
> map archive = No
> map hidden = No
> map system = No
> map readonly = No
> vfs objects = zfsacl full_audit
> acl map full control = False
> nt acl support = no
> inherit acls = no
>
>
'unix extensions' is supposed to be set as a global option and if turned
on, is supposed to automatically turn off 'wide links'. However 'wide
links' has been set to on, but globally rather than on a share by share
basis, this should turn off the warning message you are getting, but
isn't. Perhaps the reason is the way you have set 'wide links', try
using it on a share by share basis and see if it stops the messages. If
that doesn't work, you could try adding 'allow insecure wide links' to
the global section of your smb.conf
Rowland
More information about the samba
mailing list