[Samba] widelinks_warning - but unix extensions *are* off

[Thomas Werschlein]

> On 29 Oct 2015, at 23:22, Jeremy Allison <jra at samba.org> wrote:
> 
> On Thu, Oct 29, 2015 at 05:27:49PM +0100, Thomas Werschlein wrote:
>> Hi all
>> 
>> Since we changed our installation from Samba 3.x to 4.x (currently 4.2.5 on Solaris 11.1), we repeatedly encounter the following 'widelinks_warning', originating from Windows Server 2012 R2 RDS clients:
>> 
>> [2015/10/29 15:50:38.837702,  0] ../source3/param/loadparm.c:4306(widelinks_warning)
>>  Share 'data' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.
>> [2015/10/29 15:50:38.838518,  0] ../source3/param/loadparm.c:4306(widelinks_warning)
>>  Share 'group' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.
>> [2015/10/29 15:50:38.839070,  0] ../source3/param/loadparm.c:4306(widelinks_warning)
>>  Share 'web' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.
>> 
>> The strange thing is: "unix extensions" *are* actually off. "wide links" are on, since we use them for vfs_shadow_copy2 (but not on the affected shares):
>> 
>> # testparm -sv 2>/dev/null |egrep 'wide links|unix extensions'
>>        unix extensions = No
>>        allow insecure wide links = No
>>        wide links = Yes
>> 
>> The affected shares (data, group, web) are distinct from "working" ones, by the fact that "hide unreadable" is set to "Yes" on the affected shares only. This is how the affected shares are configured:
>> 
>> [data]
>>        path = /pool1/data
>>        read only = No
>>        acl map full control = No
>>        ea support = Yes
>>        nt acl support = No
>>        hide unreadable = Yes
>>        map archive = No
>>        map readonly = no
>>        store dos attributes = Yes
>>        vfs objects = zfsacl full_audit
>> 
>> Unfortunately, we can't trigger the behaviour. It's all pretty fuzzy, but maybe someone out there has an idea what's going on?
> 
> That message is coming from here:
> 
> void widelinks_warning(int snum)
> {
>        if (lp_allow_insecure_wide_links()) {
>                return;
>        }
> 
>        if (lp_unix_extensions() && lp_wide_links(snum)) {
>                DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
>                        "These parameters are incompatible. "
>                        "Wide links will be disabled for this share.\n",
>                         lp_servicename(talloc_tos(), snum) ));
>        }
> }
> 
> so it's pretty simple. Both must be being seen to emit the message.
> Can you get this reproducible ?

I am aware of the code above. What I don't grasp is: what is turning on "unix extensions", under what circumstances? I can access all the affected shares from the same clients without triggering the warning (no surprise, since "unix extensions" is globally turned off). So no, I am not able to reproduce it.

I increased the log level, but since this is a pretty busy production system and the warning appears every second day only, it was not feasible (at least I did not find a way yet). But thanks for your pointer!