[Samba] widelinks_warning - but unix extensions *are* off
Thomas Werschlein
thomas.werschlein at geo.uzh.ch
Wed Nov 4 16:31:10 UTC 2015
This is getting nowhere ...
man smb.conf yourself: "All S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services." If you have any special knowledge about why this should not be applicable for "wide links", please elaborate.
Thomas
> On 04.11.2015, at 16:59, L.P.H. van Belle <belle at bazuin.nl> wrote:
>
> Again...
>
> Global ONLY smb.conf options:
> unix extensions = No
> allow insecure wide links = Yes
>
> Per share ONLY smb.conf options:
> ## and share options niet global used.
> wide links = yes
> follow symlinks = yes
>
> unix extensions are enabled =>> wide links are disabled automaticly.
> Set : allow insecure wide links = Yes
> I dont see it in you smb.conf..
>
> wide links = yes is in you GLOBAL smb.conf and not in the share..
>
> Review your setup again, you have configuation errors!
> man smb.conf
> Its all there..
>
>
> Greetz,
>
> Louis
>
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Thomas Werschlein
>> Verzonden: woensdag 4 november 2015 15:58
>> Aan: Rowland Penny
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] widelinks_warning - but unix extensions *are* off
>>
>>
>>> On 03.11.2015, at 11:50, Thomas Werschlein
>> <thomas.werschlein at geo.uzh.ch> wrote:
>>>
>>>>
>>>> On 02.11.2015, at 20:25, Rowland Penny <rowlandpenny241155 at gmail.com>
>> wrote:
>>>>
>>>> On 02/11/15 17:08, Thomas Werschlein wrote:
>>>>>> On 02.11.2015, at 16:25, Rowland Penny <rowlandpenny241155 at gmail.com>
>> wrote:
>>>>>>
>>>>>> Well he didn't write what I asked for, can you please post your
>> entire smb.conf, please do not use testparm, please post as is (although
>> you can sanitise any sensitive info)
>>>>> Sorry, missed that part. Here we go.
>>>>> Regards, Thomas
>>>>>
>>>>> [global]
>>>>> available = yes
>>>>> smb2 leases = yes
>>>>> dbwrap_tdb_mutexes:* = yes
>>>>>
>>>>> fruit:resource = xattr
>>>>> kerberos method = system keytab
>>>>>
>>>>> smb ports = 445
>>>>>
>>>>> log level = 0
>>>>> log file =/usr/local/samba-4.2.5/var/logs_per_client/log.%m
>>>>>
>>>>> max open files = 262144
>>>>>
>>>>> realm = D.SOME.ORG.TLD
>>>>> workgroup = D
>>>>> security = ADS
>>>>> disable netbios = yes
>>>>> local master = no
>>>>> domain master = no
>>>>>
>>>>> host msdfs = no
>>>>>
>>>>> idmap config * : backend = tdb
>>>>> idmap config * : range = 1000000-1999999
>>>>> idmap config D : backend = nss
>>>>> idmap config D : range = 1000-999999
>>>>> idmap negative cache time = 0
>>>>>
>>>>> netbios name = FSRV
>>>>> server signing = auto
>>>>> create mask = 0644
>>>>> server string =
>>>>> hide dot files = yes
>>>>> hide files = /Maildir/$RECYCLE.BIN/desktop.ini
>>>>> load printers = no
>>>>> printing = bsd
>>>>> printcap name = /dev/null
>>>>> deadtime = 15
>>>>>
>>>>> interfaces = 192.168.222.77/32
>>>>> bind interfaces only = yes
>>>>>
>>>>> unix extensions = no
>>>>>
>>>>> map untrusted to domain = yes
>>>>>
>>>>> username map script = /usr/local/samba-
>> 4.2.5/etc/samba/mapcomputers.sh
>>>>>
>>>>> shadow:snapdir = .zfs/snapshot
>>>>> shadow:sort = desc
>>>>> shadow:localtime = yes
>>>>> shadow:format = %Y%m%d%H%M
>>>>> wide links = yes
>>>>>
>>>>> vfs objects = full_audit
>>>>> full_audit:prefix = %u|%I|%m|%S
>>>>> full_audit:success = mkdir rename rmdir pwrite
>>>>> full_audit:failure = none
>>>>> full_audit:facility = LOCAL7
>>>>> full_audit:priority = NOTICE
>>>>>
>>>>> aio read size = 1
>>>>> aio write size =1
>>>>>
>>>>> [homes]
>>>>> path = /pool1/home/%S
>>>>> read only = no
>>>>> browseable = no
>>>>> create mask = 0640
>>>>> directory mask = 0750
>>>>> ea support = yes
>>>>> store dos attributes = yes
>>>>>
>>>>> vfs objects = shadow_copy2 fruit streams_xattr zfsacl full_audit
>>>>> nt acl support = yes
>>>>> inherit acls = no
>>>>>
>>>>> [group]
>>>>> read only = no
>>>>> path = /pool1/group
>>>>> hide unreadable = yes
>>>>> comment = Group spaces of %U
>>>>> create mask = 0660
>>>>> directory mask = 0770
>>>>> force create mode = 0660
>>>>> force directory mode = 0770
>>>>> ea support = yes
>>>>> store dos attributes = yes
>>>>> map archive = No
>>>>> map hidden = No
>>>>> map system = No
>>>>> map readonly = No
>>>>> vfs objects = fruit streams_xattr zfsacl
>>>>> acl map full control = False
>>>>> nt acl support = no
>>>>> inherit acls = no
>>>>>
>>>>> [web]
>>>>> read only = no
>>>>> path = /pool1/web
>>>>> hide unreadable = yes
>>>>> comment = Web spaces
>>>>> create mask = 0664
>>>>> directory mask = 0775
>>>>> force create mode = 0664
>>>>> force directory mode = 0775
>>>>> ea support = yes
>>>>> store dos attributes = yes
>>>>> map archive = No
>>>>> map hidden = No
>>>>> map system = No
>>>>> map readonly = No
>>>>> vfs objects = zfsacl full_audit
>>>>> acl map full control = False
>>>>> nt acl support = no
>>>>> inherit acls = no
>>>>>
>>>>> [data]
>>>>> path = /pool1/data
>>>>> hide unreadable = yes
>>>>> read only = no
>>>>> ea support = yes
>>>>> store dos attributes = yes
>>>>> map archive = No
>>>>> map hidden = No
>>>>> map system = No
>>>>> map readonly = No
>>>>> vfs objects = zfsacl full_audit
>>>>> acl map full control = False
>>>>> nt acl support = no
>>>>> inherit acls = no
>>>>>
>>>>>
>>>>
>>>> 'unix extensions' is supposed to be set as a global option and if
>> turned on, is supposed to automatically turn off 'wide links'. However
>> 'wide links' has been set to on, but globally rather than on a share by
>> share basis, this should turn off the warning message you are getting, but
>> isn't. Perhaps the reason is the way you have set 'wide links', try using
>> it on a share by share basis and see if it stops the messages. If that
>> doesn't work, you could try adding 'allow insecure wide links' to the
>> global section of your smb.conf
>>>>
>>>> Rowland
>>>
>>> Thanks for pointing out that 'wide links' is a per share option. We
>> (mis-)used it as global option ever since samba 3.5.x, when the default
>> for 'wide links' changed. Made it a share option now. I'll report back if
>> it stopped the messages.
>>>
>>> Best, Thomas
>>
>> Still throwing the warning message. Now that 'wide link=yes' is not
>> defined as default for every share, it's clear that samba gets it's config
>> messed up somehow:
>>
>> [2015/11/04 13:51:51.777783, 0]
>> ../source3/param/loadparm.c:4306(widelinks_warning)
>> Share 'web' has wide links and unix extensions enabled. These parameters
>> are incompatible. Wide links will be disabled for this share.
>>
>> The share 'web' does not have vfs_shadow_copy2 enabled, therefore no need
>> for 'wide links'. Still, the warning message pops up (and no, 'allow
>> insecure wide links' does not prevent it neither). BTW: I just double
>> checked, defining 'wide link' in the global section is fine according to
>> the man page. No misuse there.
>>
>> To me, it still looks like a nasty runtime problem, not a configuration
>> issue.
>>
>> Regards, Thomas
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list