[Samba] widelinks_warning - but unix extensions *are* off

Thomas Werschlein thomas.werschlein at geo.uzh.ch
Wed Nov 4 16:31:10 UTC 2015 

This is getting nowhere ...

man smb.conf yourself: "All S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services." If you have any special knowledge about why this should not be applicable for "wide links", please elaborate.

Thomas

> On 04.11.2015, at 16:59, L.P.H. van Belle <belle at bazuin.nl> wrote:
> 
> Again...  
> 
> Global ONLY smb.conf options: 
>    unix extensions = No
>    allow insecure wide links = Yes
> 
> Per share ONLY smb.conf options: 
> ## and share options niet global used.
>       wide links = yes
>       follow symlinks = yes
> 
> unix extensions are enabled	=>> wide links are disabled automaticly. 	
> Set : allow insecure wide links = Yes 
> I dont see it in you smb.conf.. 
> 
> wide links = yes is in you GLOBAL smb.conf and not in the share.. 
> 
> Review your setup again, you have configuation errors! 
> man smb.conf 
> Its all there.. 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Thomas Werschlein
>> Verzonden: woensdag 4 november 2015 15:58
>> Aan: Rowland Penny
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] widelinks_warning - but unix extensions *are* off
>> 
>> 
>>> On 03.11.2015, at 11:50, Thomas Werschlein
>> <thomas.werschlein at geo.uzh.ch> wrote:
>>> 
>>>> 
>>>> On 02.11.2015, at 20:25, Rowland Penny <rowlandpenny241155 at gmail.com>
>> wrote:
>>>> 
>>>> On 02/11/15 17:08, Thomas Werschlein wrote:
>>>>>> On 02.11.2015, at 16:25, Rowland Penny <rowlandpenny241155 at gmail.com>
>> wrote:
>>>>>> 
>>>>>> Well he didn't write what I asked for, can you please post your
>> entire smb.conf, please do not use testparm, please post as is (although
>> you can sanitise any sensitive info)
>>>>> Sorry, missed that part. Here we go.
>>>>> Regards, Thomas
>>>>> 
>>>>> [global]
>>>>> available = yes
>>>>> smb2 leases = yes
>>>>> dbwrap_tdb_mutexes:* = yes
>>>>> 
>>>>> fruit:resource = xattr
>>>>> kerberos method = system keytab
>>>>> 
>>>>> smb ports = 445
>>>>> 
>>>>> log level = 0
>>>>> log file =/usr/local/samba-4.2.5/var/logs_per_client/log.%m
>>>>> 
>>>>> max open files = 262144
>>>>> 
>>>>> realm = D.SOME.ORG.TLD
>>>>> workgroup = D
>>>>> security = ADS
>>>>> disable netbios = yes
>>>>> local master = no
>>>>> domain master = no
>>>>> 
>>>>> host msdfs = no
>>>>> 
>>>>> idmap config * : backend = tdb
>>>>> idmap config * : range = 1000000-1999999
>>>>> idmap config D : backend  = nss
>>>>> idmap config D : range = 1000-999999
>>>>> idmap negative cache time = 0
>>>>> 
>>>>> netbios name = FSRV
>>>>> server signing = auto
>>>>> create mask = 0644
>>>>> server string =
>>>>> hide dot files = yes
>>>>> hide files = /Maildir/$RECYCLE.BIN/desktop.ini
>>>>> load printers = no
>>>>> printing = bsd
>>>>> printcap name = /dev/null
>>>>> deadtime = 15
>>>>> 
>>>>> interfaces = 192.168.222.77/32
>>>>> bind interfaces only = yes
>>>>> 
>>>>> unix extensions = no
>>>>> 
>>>>> map untrusted to domain = yes
>>>>> 
>>>>> username map script = /usr/local/samba-
>> 4.2.5/etc/samba/mapcomputers.sh
>>>>> 
>>>>> shadow:snapdir = .zfs/snapshot
>>>>> shadow:sort = desc
>>>>> shadow:localtime = yes
>>>>> shadow:format = %Y%m%d%H%M
>>>>> wide links = yes
>>>>> 
>>>>> vfs objects = full_audit
>>>>> full_audit:prefix = %u|%I|%m|%S
>>>>> full_audit:success = mkdir rename rmdir pwrite
>>>>> full_audit:failure = none
>>>>> full_audit:facility = LOCAL7
>>>>> full_audit:priority = NOTICE
>>>>> 
>>>>> aio read size = 1
>>>>> aio write size =1
>>>>> 
>>>>> [homes]
>>>>> path = /pool1/home/%S
>>>>> read only = no
>>>>> browseable = no
>>>>> create mask = 0640
>>>>> directory mask = 0750
>>>>> ea support = yes
>>>>> store dos attributes = yes
>>>>> 
>>>>> vfs objects = shadow_copy2 fruit streams_xattr zfsacl full_audit
>>>>> nt acl support = yes
>>>>> inherit acls = no
>>>>> 
>>>>> [group]
>>>>> read only = no
>>>>> path = /pool1/group
>>>>> hide unreadable = yes
>>>>> comment = Group spaces of %U
>>>>> create mask = 0660
>>>>> directory mask = 0770
>>>>> force create mode = 0660
>>>>> force directory mode = 0770
>>>>> ea support = yes
>>>>> store dos attributes = yes
>>>>> map archive = No
>>>>> map hidden = No
>>>>> map system = No
>>>>> map readonly = No
>>>>> vfs objects = fruit streams_xattr zfsacl
>>>>> acl map full control = False
>>>>> nt acl support = no
>>>>> inherit acls = no
>>>>> 
>>>>> [web]
>>>>> read only = no
>>>>> path = /pool1/web
>>>>> hide unreadable = yes
>>>>> comment = Web spaces
>>>>> create mask = 0664
>>>>> directory mask = 0775
>>>>> force create mode = 0664
>>>>> force directory mode = 0775
>>>>> ea support = yes
>>>>> store dos attributes = yes
>>>>> map archive = No
>>>>> map hidden = No
>>>>> map system = No
>>>>> map readonly = No
>>>>> vfs objects = zfsacl full_audit
>>>>> acl map full control = False
>>>>> nt acl support = no
>>>>> inherit acls = no
>>>>> 
>>>>> [data]
>>>>> path = /pool1/data
>>>>> hide unreadable = yes
>>>>> read only = no
>>>>> ea support = yes
>>>>> store dos attributes = yes
>>>>> map archive = No
>>>>> map hidden = No
>>>>> map system = No
>>>>> map readonly = No
>>>>> vfs objects = zfsacl full_audit
>>>>> acl map full control = False
>>>>> nt acl support = no
>>>>> inherit acls = no
>>>>> 
>>>>> 
>>>> 
>>>> 'unix extensions' is supposed to be set as a global option and if
>> turned on, is supposed to automatically turn off 'wide links'. However
>> 'wide links' has been set to on, but globally rather than on a share by
>> share basis, this should turn off the warning message you are getting, but
>> isn't. Perhaps the reason is the way you have set 'wide links', try using
>> it on a share by share basis and see if it stops the messages. If that
>> doesn't work, you could try adding 'allow insecure wide links' to the
>> global section of your smb.conf
>>>> 
>>>> Rowland
>>> 
>>> Thanks for pointing out that 'wide links' is a per share option. We
>> (mis-)used it as global option ever since samba 3.5.x, when the default
>> for 'wide links' changed. Made it a share option now. I'll report back if
>> it stopped the messages.
>>> 
>>> Best, Thomas
>> 
>> Still throwing the warning message. Now that 'wide link=yes' is not
>> defined as default for every share, it's clear that samba gets it's config
>> messed up somehow:
>> 
>> [2015/11/04 13:51:51.777783,  0]
>> ../source3/param/loadparm.c:4306(widelinks_warning)
>>  Share 'web' has wide links and unix extensions enabled. These parameters
>> are incompatible. Wide links will be disabled for this share.
>> 
>> The share 'web' does not have vfs_shadow_copy2 enabled, therefore no need
>> for 'wide links'. Still, the warning message pops up (and no, 'allow
>> insecure wide links' does not prevent it neither). BTW: I just double
>> checked, defining 'wide link' in the global section is fine according to
>> the man page. No misuse there.
>> 
>> To me, it still looks like a nasty runtime problem, not a configuration
>> issue.
>> 
>> Regards, Thomas
>> 
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list