[Samba] widelinks_warning - but unix extensions *are* off

L.P.H. van Belle belle at bazuin.nl
Wed Nov 4 15:59:38 UTC 2015 

Again...  

Global ONLY smb.conf options: 
    unix extensions = No
    allow insecure wide links = Yes

Per share ONLY smb.conf options: 
## and share options niet global used.
       wide links = yes
       follow symlinks = yes

unix extensions are enabled	=>> wide links are disabled automaticly. 	
Set : allow insecure wide links = Yes 
I dont see it in you smb.conf.. 

wide links = yes is in you GLOBAL smb.conf and not in the share.. 

Review your setup again, you have configuation errors! 
man smb.conf 
Its all there.. 


Greetz, 

Louis





> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Thomas Werschlein
> Verzonden: woensdag 4 november 2015 15:58
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] widelinks_warning - but unix extensions *are* off
> 
> 
> > On 03.11.2015, at 11:50, Thomas Werschlein
> <thomas.werschlein at geo.uzh.ch> wrote:
> >
> >>
> >> On 02.11.2015, at 20:25, Rowland Penny <rowlandpenny241155 at gmail.com>
> wrote:
> >>
> >> On 02/11/15 17:08, Thomas Werschlein wrote:
> >>>> On 02.11.2015, at 16:25, Rowland Penny <rowlandpenny241155 at gmail.com>
> wrote:
> >>>>
> >>>> Well he didn't write what I asked for, can you please post your
> entire smb.conf, please do not use testparm, please post as is (although
> you can sanitise any sensitive info)
> >>> Sorry, missed that part. Here we go.
> >>> Regards, Thomas
> >>>
> >>> [global]
> >>>  available = yes
> >>>  smb2 leases = yes
> >>>  dbwrap_tdb_mutexes:* = yes
> >>>
> >>>  fruit:resource = xattr
> >>>  kerberos method = system keytab
> >>>
> >>>  smb ports = 445
> >>>
> >>>  log level = 0
> >>>  log file =/usr/local/samba-4.2.5/var/logs_per_client/log.%m
> >>>
> >>>  max open files = 262144
> >>>
> >>>  realm = D.SOME.ORG.TLD
> >>>  workgroup = D
> >>>  security = ADS
> >>>  disable netbios = yes
> >>>  local master = no
> >>>  domain master = no
> >>>
> >>>  host msdfs = no
> >>>
> >>>  idmap config * : backend = tdb
> >>>  idmap config * : range = 1000000-1999999
> >>>  idmap config D : backend  = nss
> >>>  idmap config D : range = 1000-999999
> >>>  idmap negative cache time = 0
> >>>
> >>>  netbios name = FSRV
> >>>  server signing = auto
> >>>  create mask = 0644
> >>>  server string =
> >>>  hide dot files = yes
> >>>  hide files = /Maildir/$RECYCLE.BIN/desktop.ini
> >>>  load printers = no
> >>>  printing = bsd
> >>>  printcap name = /dev/null
> >>>  deadtime = 15
> >>>
> >>>  interfaces = 192.168.222.77/32
> >>>  bind interfaces only = yes
> >>>
> >>>  unix extensions = no
> >>>
> >>>  map untrusted to domain = yes
> >>>
> >>>  username map script = /usr/local/samba-
> 4.2.5/etc/samba/mapcomputers.sh
> >>>
> >>>  shadow:snapdir = .zfs/snapshot
> >>>  shadow:sort = desc
> >>>  shadow:localtime = yes
> >>>  shadow:format = %Y%m%d%H%M
> >>>  wide links = yes
> >>>
> >>>  vfs objects = full_audit
> >>>  full_audit:prefix = %u|%I|%m|%S
> >>>  full_audit:success = mkdir rename rmdir pwrite
> >>>  full_audit:failure = none
> >>>  full_audit:facility = LOCAL7
> >>>  full_audit:priority = NOTICE
> >>>
> >>>  aio read size = 1
> >>>  aio write size =1
> >>>
> >>> [homes]
> >>>  path = /pool1/home/%S
> >>>  read only = no
> >>>  browseable = no
> >>>  create mask = 0640
> >>>  directory mask = 0750
> >>>  ea support = yes
> >>>  store dos attributes = yes
> >>>
> >>>  vfs objects = shadow_copy2 fruit streams_xattr zfsacl full_audit
> >>>  nt acl support = yes
> >>>  inherit acls = no
> >>>
> >>> [group]
> >>>  read only = no
> >>>  path = /pool1/group
> >>>  hide unreadable = yes
> >>>  comment = Group spaces of %U
> >>>  create mask = 0660
> >>>  directory mask = 0770
> >>>  force create mode = 0660
> >>>  force directory mode = 0770
> >>>  ea support = yes
> >>>  store dos attributes = yes
> >>>  map archive = No
> >>>  map hidden = No
> >>>  map system = No
> >>>  map readonly = No
> >>>  vfs objects = fruit streams_xattr zfsacl
> >>>  acl map full control = False
> >>>  nt acl support = no
> >>>  inherit acls = no
> >>>
> >>> [web]
> >>>  read only = no
> >>>  path = /pool1/web
> >>>  hide unreadable = yes
> >>>  comment = Web spaces
> >>>  create mask = 0664
> >>>  directory mask = 0775
> >>>  force create mode = 0664
> >>>  force directory mode = 0775
> >>>  ea support = yes
> >>>  store dos attributes = yes
> >>>  map archive = No
> >>>  map hidden = No
> >>>  map system = No
> >>>  map readonly = No
> >>>  vfs objects = zfsacl full_audit
> >>>  acl map full control = False
> >>>  nt acl support = no
> >>>  inherit acls = no
> >>>
> >>> [data]
> >>>  path = /pool1/data
> >>>  hide unreadable = yes
> >>>  read only = no
> >>>  ea support = yes
> >>>  store dos attributes = yes
> >>>  map archive = No
> >>>  map hidden = No
> >>>  map system = No
> >>>  map readonly = No
> >>>  vfs objects = zfsacl full_audit
> >>>  acl map full control = False
> >>>  nt acl support = no
> >>>  inherit acls = no
> >>>
> >>>
> >>
> >> 'unix extensions' is supposed to be set as a global option and if
> turned on, is supposed to automatically turn off 'wide links'. However
> 'wide links' has been set to on, but globally rather than on a share by
> share basis, this should turn off the warning message you are getting, but
> isn't. Perhaps the reason is the way you have set 'wide links', try using
> it on a share by share basis and see if it stops the messages. If that
> doesn't work, you could try adding 'allow insecure wide links' to the
> global section of your smb.conf
> >>
> >> Rowland
> >
> > Thanks for pointing out that 'wide links' is a per share option. We
> (mis-)used it as global option ever since samba 3.5.x, when the default
> for 'wide links' changed. Made it a share option now. I'll report back if
> it stopped the messages.
> >
> > Best, Thomas
> 
> Still throwing the warning message. Now that 'wide link=yes' is not
> defined as default for every share, it's clear that samba gets it's config
> messed up somehow:
> 
> [2015/11/04 13:51:51.777783,  0]
> ../source3/param/loadparm.c:4306(widelinks_warning)
>   Share 'web' has wide links and unix extensions enabled. These parameters
> are incompatible. Wide links will be disabled for this share.
> 
> The share 'web' does not have vfs_shadow_copy2 enabled, therefore no need
> for 'wide links'. Still, the warning message pops up (and no, 'allow
> insecure wide links' does not prevent it neither). BTW: I just double
> checked, defining 'wide link' in the global section is fine according to
> the man page. No misuse there.
> 
> To me, it still looks like a nasty runtime problem, not a configuration
> issue.
> 
> Regards, Thomas
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list