[Samba] samba crashes windows explorer (while trying to view file permissions)

Kees van Vloten keesvanvloten at gmail.com
Mon Nov 21 08:41:47 UTC 2022 

It is not so easy to do the parameter settings right. That is why the 
smb.conf parameter reviews by Rowland are so valueable.

I have been struggling a few times because 'man smb.conf' contains a lot 
of settings, one can really get lost. The man-page is very clear on what 
to put in global and what to put per share. But there is some room for 
improvement to indicate what is meant for fileservers, what for 
NT4-domain-controllers, what for AD-DCs, for winbind, and so on. I guess 
it would prevent a lot of misconfigured machines and questions here.

I do understand that the main reason something like this has not been 
done is the time investment, and time that is also lacking on my side. 
But then again, it is still worth mentioned.

- Kees

On 21-11-2022 08:46, Michael Tokarev via samba wrote:
> 21.11.2022 10:25, Rowland Penny via samba wrote:
> ..
>> There are numerous problems with using a Samba AD DC as a fileserver, 
>> one of which is that it uses a totally different idmapping system 
>> than any other Samba machine. This means that you cannot use any of 
>> the parameters that you would use on a Unix domain member. I have 
>> seen users attempt to use the 'idmap config' lines, but they usually 
>> have no effect, I cannot remember the use of 'winbind nss info' 
>> before, but again, the winbind  lines mostly have no effect.
>
> This has been repeated a few times, - do not use - but there's no 
> conclusive reason
> given (to me it looks more like "there are bugs in samba which prevent 
> doing this" -
> it's a good reason already but it's not given).
>
>> I suggest you read this:
>>
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server_.28Optional.29 
>>
>
> I've read this many times in recent days and before as well.
>
> Here, I've a domain which is supposed to go into production,
> replacing an old NT4-style domain.  There's just one server
> in that office. I created a virtual machine for new samba,
> set up the DC on it, and I need to verify if it works.  The
> most natural thing to do - to me anyway, since I'm not concerned
> yet about all the disadvantages listed on that WIKI page, -
> for now it is just a test - when there are just two machines on
> the domain, the Samba DC and a Win10 client - is to try to access
> a file share from win on the DC.  Because if I install a new
> VM with a file server on it, I can screw samba on it when
> joining it to this new domain already, so if win doesn't
> work with this other file server, it might be due to its own
> configuration issue. It is the most natural thing to do to
> verify if win works with the DC first, and install new servers
> only after it's done.  In other words, it's quite natural to
> do one thing after another, not all together at once.
>
> Besides, for a new file server, I'll need to install yet
> another VM just for testing, which is a clear and obvious
> disadvantage.
>
> I'm not arguing here.  I'm outlining the "why".  And it does
> not look like I'm alone there, -- it SEEMS like a very natural
> thing to use the DC as a fileserver despite all the "disadvantages"
> listed.  Because even just one reason: a need to install a VM -
> might be enough to make this idea (running a DC in a VM) to be
> rejected entirely.  (It is not a prob for me, but even for me
> it required quite some prior research and especially completely
> changing network configuration on a remote server without remote
> console access - this *is* not easy).
>
> For this reason, maybe it's a good idea to review the issues which
> do pop up when one is trying to use Samba DC as a file server, and
> document the list, maybe fix some of the things in there (like the
> explorer crashing - it is well-known bug,
> https://bugzilla.samba.org/show_bug.cgi?id=14213 ).  With this 
> understanding
> it will be much easier for anyone to see which actual problems are
> expected and whenever he is able to deal with them, and if it really
> is worth to install a VM.
>
> /mjt
>

More information about the samba mailing list