[Samba] Macs deleting files off RHEL8 server
I T
it at embassygraphics.com
Wed May 21 14:00:56 UTC 2025
These are a combination of "temp" and "real" files. The user is
deleting/moving PDFs, InDesign and image files. I'm presuming hidden files
are also getting deleted when the real files are.
The filesystem has been solid (XFS) up until the switch to SMB.
From: itdept_head <itdept_head at grown-up.com>
To:
Cc: "samba at lists.samba.org" <samba at lists.samba.org>
Bcc:
Date: Wed, 21 May 2025 01:27:31 +0000
Subject: Re: [Samba] Macs deleting files off RHEL8 server
You can check how a mac is set by looking at the disk formatting
For remote drives “SMB” there is a flag that is set
Are these actual files or are they temp files?
One thing you will see….
Is if you use a remote drive as a “work” drive, osx & certainly windows can
generate hundreds of temp files
Which you cannot normally see.
By work,
That means if you are in word & you open a file on a shared remote drive,
all the temp files are generated on the remote
Burying its performance, because you see stupidity of < 500 bytes of
action on the data packets, sometimes less that 80 bytes
Which is a pain since tcp/ip packet size is between 20-120 bytes of control
data, you end up sending more header data than actual data.
So are these “real” files.
Next up…
If your file system is THAT unstable , you need to address it…
The system should not “hang up” , unless you were trying to delete files
locked by other processes.
Be aware that a “hang” is not always an indication of a “bad” thing., and
you should give it a few minutes.
*Mike Soliven*
*IT Manager*
Winnipeg, Manitoba, Canada R2X 2Y1
204.697.3338 Ext.1235
www.embassygraphics.com
CONFIDENTIALITY NOTICE: This electronic transmission and any attachment are
the confidential property of the sender, and the materials are privileged
communications intended solely for the receipt, use, benefit, and
information of the intended recipient indicated above. If you are not the
intended recipient, you are hereby notified that any review, disclosure,
copying, distribution, or the taking of any action in reliance on the
contents of this electronic transmission is strictly prohibited, and may
result in legal liability on your part. If you have received this email in
error, please forward back to sender and destroy the electronic
transmission.
On Wed, May 21, 2025 at 7:00 AM <samba-request at lists.samba.org> wrote:
> Send samba mailing list submissions to
> samba at lists.samba.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.samba.org/mailman/listinfo/samba
> or, via email, send a message with subject or body 'help' to
> samba-request at lists.samba.org
>
> You can reach the person managing the list at
> samba-owner at lists.samba.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of samba digest..."
> Today's Topics:
>
> 1. Re: Macs deleting files off RHEL8 server (I T)
> 2. Documentation/Feature Clarification Request: Server Side Copy
> and VFS_FRUIT (John T Davis)
> 3. Re: Macs deleting files off RHEL8 server (I T)
> 4. Re: Users unable to reset passwords (Mark Foley)
> 5. Id maaping (Samba @ Pegasusnz)
> 6. Re: Macs deleting files off RHEL8 server (itdept_head)
> 7. Re: Id maaping (Rowland Penny)
> 8. Re: Users unable to reset passwords (Mark Foley)
> 9. Re: Users unable to reset passwords (Rowland Penny)
> 10. Re: Users unable to reset passwords (Luis Peromarta)
> 11. Re: Documentation/Feature Clarification Request: Server Side
> Copy and VFS_FRUIT (Ralph Boehme)
>
>
>
> ---------- Forwarded message ----------
> From: I T <it at embassygraphics.com>
> To: itdept_head <itdept_head at grown-up.com>
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Bcc:
> Date: Tue, 20 May 2025 08:49:49 -0500
> Subject: Re: [Samba] Macs deleting files off RHEL8 server
> Thanks for this info! I appreciate it. AFAIK, I've never changed any
> settings on the Macs re: case sensitivity, so they should be insensitive.
> Is there a way I can check this?
>
> Kind regards,
>
>
> *Mike Soliven*
> *IT Manager*
> Winnipeg, Manitoba, Canada R2X 2Y1
> 204.697.3338 Ext.1235
> www.embassygraphics.com
>
>
> CONFIDENTIALITY NOTICE: This electronic transmission and any attachment are
> the confidential property of the sender, and the materials are privileged
> communications intended solely for the receipt, use, benefit, and
> information of the intended recipient indicated above. If you are not the
> intended recipient, you are hereby notified that any review, disclosure,
> copying, distribution, or the taking of any action in reliance on the
> contents of this electronic transmission is strictly prohibited, and may
> result in legal liability on your part. If you have received this email in
> error, please forward back to sender and destroy the electronic
> transmission.
>
>
> On Sun, May 18, 2025 at 11:41 PM itdept_head <itdept_head at grown-up.com>
> wrote:
>
> >
> > You have to be really careful with shares and macs.
> > Since each mac can be set to either be case sensitive or not.
> > It is possible for macs to throw all sorts of errors, if they are
> > operating on mixed case systems.
> >
> > If the mac assumes it is case sensitive and it is not , it can either
> > delete files or cause file name clashes that throw errors.
> >
> >
> >
> https://www.truenas.com/community/threads/ongoing-battle-with-case-sensitive-dataset-smb-mount-from-osx.95515/
> >
> >
> >
> >
> > On 15/5/2025, 3:28 AM, "samba on behalf of I T via samba" <
> > samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> on
> > behalf of samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> >
> >
> > Thanks for the confirmation, Roland. I'll have those looked at.
> >
> >
> > I've gotten some info that because the server is case sensitive, it could
> > be interfering with Apple's SMB protocol. Any thoughts on that? It is
> > something I'll look into.
> >
> >
> > Kind regards,
> >
> >
> >
> >
> > *Mike Soliven*
> > *IT Manager*
> > Winnipeg, Manitoba, Canada R2X 2Y1
> > 204.697.3338 Ext.1235
> > www.embassygraphics.com
> >
> >
> >
> >
> > CONFIDENTIALITY NOTICE: This electronic transmission and any attachment
> are
> > the confidential property of the sender, and the materials are privileged
> > communications intended solely for the receipt, use, benefit, and
> > information of the intended recipient indicated above. If you are not the
> > intended recipient, you are hereby notified that any review, disclosure,
> > copying, distribution, or the taking of any action in reliance on the
> > contents of this electronic transmission is strictly prohibited, and may
> > result in legal liability on your part. If you have received this email
> in
> > error, please forward back to sender and destroy the electronic
> > transmission.
> >
> >
> >
> >
> >
> >
> > >
> > > >
> > >
> > > There is nothing there that should be causing your problem, except for,
> > > every time you set 'vfs objects' in the shares, you are turning of
> > > the 'vfs objects' you have set in 'global', which are 'apple' ones.
> > >
> > > Rowland
> > >
> > >
> > >
> > > _______________________________________________
> > > samba mailing list
> > > samba at lists.samba.org <mailto:samba at lists.samba.org>
> > > https://lists.samba.org/mailman/listinfo/samba <
> > https://lists.samba.org/mailman/listinfo/samba>
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba <
> > https://lists.samba.org/mailman/options/samba>
> >
> >
> >
> >
>
>
>
>
> ---------- Forwarded message ----------
> From: John T Davis <johntdavis at johntdavis.info>
> To: samba at lists.samba.org
> Cc:
> Bcc:
> Date: Tue, 20 May 2025 11:17:15 -0500
> Subject: [Samba] Documentation/Feature Clarification Request: Server Side
> Copy and VFS_FRUIT
> Hello,
>
> I’m running TrueNAS 24.10.2.2, which uses Samba 4.20.5-truenas. I have a
> mixture of Mac, Linux, and Windows SMB clients in my network that talk to
> the TrueNAS server over SMB.
>
> Apologies in advance for the slightly long-winded setup to my question; I
> wanted to explain how I got here.
>
> I’d like to be able to use Server-Side Copy (SSC) (
> https://wiki.samba.org/index.php/Server-Side_Copy) with my Mac clients to
> mange files on the TrueNAS server. As noted on that wiki page, “Note - not
> enabled for OS X (Macs) unless server Samba includes vfs_fruit module and
> fruit:copyfile = yes in smb.conf.”
>
> iX Systems (the company that develops and ships TrueNAS) does not add this
> flag to their default SMB configuration file. While I was trying to figure
> out why, I came across this warning from the current VFS_FRUIT man page in
> TrueNAS.
>
> "fruit:copyfile = yes | no
> A global option whether to enable OS X specific copychunk ioctl that
> requests a copy of a whole file along with all attached metadata.
> WARNING: the copyfile request is blocking the client while the server
> does the copy."
>
> One of the iX devs explained on their forum that this is relevant to SSC
> because when a SSC operation is in progress, TrueNAS’s Samba server is
> acting as both the client and the server, which makes sense.
>
> After talking with the iX devs and users on their forum, along with some
> members of the MacSysAdmin subreddit, I’ve realized that no one seems to
> know exactly what “blocking the client” means in this context—though I’m
> guessing it has something to do with Mac OS’s SMBX implementation not doing
> SSC the way the Samba server expects.
>
> In testing after adding the "fruit:copyfile = yes” line to the SMB config
> on TrueNAS, SSC appears to work just fine without any obvious issues on a
> Mac—but that doesn’t mean there’s not a problem, just that we don’t
> understand how to trigger it.
>
> I’ve spent about 4-6 hours on various forums and reading documentation,
> and am still pretty confused about what’s going on here.
>
> Request:
>
> I'm trying to track down the potential performance and other implications
> in the real world for having SSC enabled for Mac clients, but I haven't
> been able to find anything concrete yet. So, I have a couple of questions
> and suggestions for updates to the Samba documentation.
> The warning exists in the man page, but not the official Samba docs (e.g.,
> the Wiki).
> Is it possible that the warning no longer applies, but the man page was
> never updated?
> If so, could the man page be updated to remove this? This warning existing
> is one reason that the feature is not enabled by default in TrueNAS’s Samba
> build.
> If the underlying issue that led to the warning still exists, would it be
> possible to update the wiki documentation to include the warning and also
> to explain a bit more about what “blocking the client” means in this
> context?
> For SSC operations, one client is the Samba server itself. Does the entire
> Samba server experience an I/O lock when an SSC operation is initiated on a
> Mac? Or is it the actual Mac client that can’t do additional SMB operations
> until the SSC is completed? Or both?
> More generally, what does this “blocking” look like to a human user and/or
> automated scheduled tasks? What problems can it cause? There’s a big
> difference between locking up the entire Samba server itself, and the Mac
> client that initiated the SSC request just having to sit there and wait to
> do more SMB things until the copy is done.
>
> Thanks for your help.
>
> -- -- --
> John T Davis
> johntdavis at johntdavis.info
>
>
>
> ---------- Forwarded message ----------
> From: I T <it at embassygraphics.com>
> To: itdept_head <itdept_head at grown-up.com>
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Bcc:
> Date: Tue, 20 May 2025 12:04:15 -0500
> Subject: Re: [Samba] Macs deleting files off RHEL8 server
> Okay, so the server was changed to case insensitive yesterday morning.
>
> Today, I just watched an instance where files disappeared in real time.
> User print33 was moving/deleting files from a job on the server.
>
> It got hung up, the server was showing no folders, so we force quit the
> Finder. The server share unmounted, then we remounted it.
>
> Before the hang up there were 239 folders on the server. Now there’s only
> 224.
>
> I know this because I had just gone through and made sure all folders were
> accounted for this morning.
>
> Absolutely stumped as to why this is happening. I’ve sent the sosreport to
> Red Hat to see if they can decipher anything.
>
> Kind regards,
>
>
> *Mike Soliven*
> *IT Manager*
> Winnipeg, Manitoba, Canada R2X 2Y1
> 204.697.3338 Ext.1235
> www.embassygraphics.com
>
>
> CONFIDENTIALITY NOTICE: This electronic transmission and any attachment are
> the confidential property of the sender, and the materials are privileged
> communications intended solely for the receipt, use, benefit, and
> information of the intended recipient indicated above. If you are not the
> intended recipient, you are hereby notified that any review, disclosure,
> copying, distribution, or the taking of any action in reliance on the
> contents of this electronic transmission is strictly prohibited, and may
> result in legal liability on your part. If you have received this email in
> error, please forward back to sender and destroy the electronic
> transmission.
>
>
> On Tue, May 20, 2025 at 8:49 AM I T <it at embassygraphics.com> wrote:
>
> > Thanks for this info! I appreciate it. AFAIK, I've never changed any
> > settings on the Macs re: case sensitivity, so they should be insensitive.
> > Is there a way I can check this?
> >
> > Kind regards,
> >
> >
> > *Mike Soliven*
> > *IT Manager*
> > Winnipeg, Manitoba, Canada R2X 2Y1
> > 204.697.3338 Ext.1235
> > www.embassygraphics.com
> >
> >
> > CONFIDENTIALITY NOTICE: This electronic transmission and any attachment
> > are the confidential property of the sender, and the materials are
> > privileged communications intended solely for the receipt, use, benefit,
> > and information of the intended recipient indicated above. If you are not
> > the intended recipient, you are hereby notified that any review,
> > disclosure, copying, distribution, or the taking of any action in
> reliance
> > on the contents of this electronic transmission is strictly prohibited,
> and
> > may result in legal liability on your part. If you have received this
> email
> > in error, please forward back to sender and destroy the electronic
> > transmission.
> >
> >
> > On Sun, May 18, 2025 at 11:41 PM itdept_head <itdept_head at grown-up.com>
> > wrote:
> >
> >>
> >> You have to be really careful with shares and macs.
> >> Since each mac can be set to either be case sensitive or not.
> >> It is possible for macs to throw all sorts of errors, if they are
> >> operating on mixed case systems.
> >>
> >> If the mac assumes it is case sensitive and it is not , it can either
> >> delete files or cause file name clashes that throw errors.
> >>
> >>
> >>
> https://www.truenas.com/community/threads/ongoing-battle-with-case-sensitive-dataset-smb-mount-from-osx.95515/
> >>
> >>
> >>
> >>
> >> On 15/5/2025, 3:28 AM, "samba on behalf of I T via samba" <
> >> samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> on
> >> behalf of samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> >>
> >>
> >> Thanks for the confirmation, Roland. I'll have those looked at.
> >>
> >>
> >> I've gotten some info that because the server is case sensitive, it
> could
> >> be interfering with Apple's SMB protocol. Any thoughts on that? It is
> >> something I'll look into.
> >>
> >>
> >> Kind regards,
> >>
> >>
> >>
> >>
> >> *Mike Soliven*
> >> *IT Manager*
> >> Winnipeg, Manitoba, Canada R2X 2Y1
> >> 204.697.3338 Ext.1235
> >> www.embassygraphics.com
> >>
> >>
> >>
> >>
> >> CONFIDENTIALITY NOTICE: This electronic transmission and any attachment
> >> are
> >> the confidential property of the sender, and the materials are
> privileged
> >> communications intended solely for the receipt, use, benefit, and
> >> information of the intended recipient indicated above. If you are not
> the
> >> intended recipient, you are hereby notified that any review, disclosure,
> >> copying, distribution, or the taking of any action in reliance on the
> >> contents of this electronic transmission is strictly prohibited, and may
> >> result in legal liability on your part. If you have received this email
> in
> >> error, please forward back to sender and destroy the electronic
> >> transmission.
> >>
> >>
> >>
> >>
> >>
> >>
> >> >
> >> > >
> >> >
> >> > There is nothing there that should be causing your problem, except
> for,
> >> > every time you set 'vfs objects' in the shares, you are turning of
> >> > the 'vfs objects' you have set in 'global', which are 'apple' ones.
> >> >
> >> > Rowland
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > samba mailing list
> >> > samba at lists.samba.org <mailto:samba at lists.samba.org>
> >> > https://lists.samba.org/mailman/listinfo/samba <
> >> https://lists.samba.org/mailman/listinfo/samba>
> >> >
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba <
> >> https://lists.samba.org/mailman/options/samba>
> >>
> >>
> >>
> >>
>
>
>
>
> ---------- Forwarded message ----------
> From: Mark Foley <mfoley at novatec-inc.com>
> To: samba at lists.samba.org
> Cc:
> Bcc:
> Date: Tue, 20 May 2025 15:42:57 -0400
> Subject: Re: [Samba] Users unable to reset passwords
> On Sun May 18 11:44:11 2025 Mark Foley via samba <samba at lists.samba.org>
> >
> > On Sun May 18 03:22:40 2025 Penny via samba <samba at lists.samba.org>
> wrote:
> > >
> > > On Sat, 17 May 2025 00:46:20 -0400
> > > Mark Foley via samba <samba at lists.samba.org> wrote:
> > >
> > > > I'm trying to solve a couple of problems with Samba 4.18.19 and
> > > > Windows 11. I've described these in detail in previous messages in
> > > > this thread, so I'll be brief here:
>
> [snip]
>
> > > > I'm going to test 3 ways:
> > > >
> > > > A. I will upgrade Samba to the latest 4.22.1, downloaded from
> > > > samba.org, but keeping all the domain users, group, policies, etc.
> > > >
> > > > B. If that doesn't work I will wipe the system and install and
> > > > provision 4.22.1 from scratch.
> > > >
> > > > C. If that doesn't work I will stage an actual Windows DC and see if
> > > > the problem exists on that platform.
> > > >
> > > > If B does not work but C does, I'll file a bug report for Samba. Then
> > > > I'll have to decide whether I want to live with the
> > > > password/redirected-folders issues on Samba or go with Windows.
>
> [snip]
>
> > > > Results thus far:
> > > >
> > > > Plan A
>
> [failed, see previous thread messages ]
>
> > >
> > > I think this would have been a lot nearer:
> > >
> > > ./configure \
> > > --enable-fhs \
> > > --prefix=/usr \
> > > --libdir=/usr/lib64 \
> > > --includedir=/usr/include \
> > > --bindir=/usr/bin \
> > > --sbindir=/usr/sbin \
> > > --mandir=/usr/man \
> > > --sysconfdir=/etc \
> > > --with-configdir=/etc/samba \
> > > --with-piddir=/var/run \
> > > --with-privatedir=/var/lib/samba/private \
> > > --with-privatelibdir=/usr/lib64 \
> > > --with-modulesdir=/usr/lib64 \
> > > --with-lockdir=/var/cache/samba \
> > > --with-logfilebase=/var/log/samba \
> > > --localstatedir=/var \
> > > --enable-cups \
> > > --with-acl-support \
> > > --with-automount \
> > > --with-quotas \
> > > --with-syslog \
> > > --with-utmp \
> > > --with-winbind \
> > > --with-ldap \
> > > --with-ads \
> > > --without-fam \
> > > --with-pam \
> > > --with-pammodulesdir=/lib64/security \
> > > --build=x86_64-slackware-linux || exit 1
> >
> > Wow! Thanks for that! I'll use that on my next attempt.
> >
>
> [snip]
>
> For "Plan B", I created a completely clean install of Slackware and
> removed the
> supplied Samaba and kinit (MIT) packages. I configured Samba 4.22.1
> exaclty per
> your (Roland's) suggestion, above, except that I also did
> --without-systemd and
> --disable-cups. (then make, make install)
>
> I followed the Wiki
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> I provisioned as:
>
> samba-tool domain provision \
> --use-rfc2307 \
> --realm=HPRS.LOCAL \
> --domain=HPRS \
> --server-role=dc \
> --dns-backend=SAMBA_INTERNAL \
> --option="interfaces=lo eth0" --option="bind interfaces only=yes"
>
> which failed the first time with "ModuleNotFoundError: No module named
> 'cryptography'", but I installed that and tried again and it provisioned
> without
> error.
>
> When I got to the testing bits, I had the following errors:
>
> # host -t SRV _ldap._tcp.hprs.local.
> Host _ldap._tcp.hprs.local. not found: 3(NXDOMAIN)
>
> # host -t SRV _kerberos._udp.hprs.local.
> Host _kerberos._udp.hprs.local. not found: 3(NXDOMAIN)
>
> # host -t A mail.hprs.local.
> Host mail.hprs.local. not found: 3(NXDOMAIN)
>
> # host -t PTR 192.168.0.2
> Host 2.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
>
> # kinit administrator
> -su: kinit: command not found
>
> This is disappointing. I did create a reverse zone, and listing that shows:
>
> # samba-tool dns zonelist mail -U Administrator
> Password for [HPRS\Administrator]:
> 3 zone(s) found
>
> pszZoneName : 0.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.hprs.local
>
> pszZoneName : hprs.local
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.hprs.local
>
> pszZoneName : _msdcs.hprs.local
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.hprs.local
>
> So why does "host -t PTR 192.168.0.2" fail?
>
> likewise, there is an A record for 192.168.0.2:
>
> # samba-tool dns query mail.hprs.local hprs.local @ ALL -U administrator
> Name=, Records=3, Children=0
> SOA: serial=110, refresh=900, retry=600, expire=86400, minttl=3600,
> ns=mail.hprs.local., email=hostmaster.hprs.local. (flags=600000f0,
> serial=110,
> ttl=3600)
> NS: mail.hprs.local. (flags=600000f0, serial=1, ttl=900)
> A: 192.168.0.2 (flags=600000f0, serial=1, ttl=900)
> Name=_msdcs, Records=0, Children=0
> Name=_sites, Records=0, Children=1
> Name=_tcp, Records=0, Children=4
> Name=_udp, Records=0, Children=2
> Name=DomainDnsZones, Records=0, Children=2
> Name=ForestDnsZones, Records=0, Children=2
> Name=mail, Records=1, Children=0
> A: 192.168.0.2 (flags=f0, serial=1, ttl=900)
>
> So why does "host -t A mail.hprs.local." fail? It seems that 'host mail'
> should
> return results regardless.
>
> > > I personally would just join a test Debian Samba DC and point a client
> > > that has been having problems at it.
>
> I've built Samba from a download from samba.org before w/o problem, but
> not
> looking good this time.
>
> If the above DNS issues aren't something simple to resolve, I might go
> ahead
> and try the Debian approach, but that might not be immediate.
>
> --Mark
>
>
>
>
>
> ---------- Forwarded message ----------
> From: "Samba @ Pegasusnz" <samba at pegasusnz.com>
> To: samba at lists.samba.org
> Cc:
> Bcc:
> Date: Wed, 21 May 2025 09:32:31 +1200
> Subject: [Samba] Id maaping
> Hi
>
> After upgrading to 4.22
> The id mapping for AD doesn’t seem to work
>
> This is my smb.conf for id mapping
>
> workgroup = BALEWAN
> idmap config * : backend = tdb
> idmap config * : range = 3000-9999
> idmap config BALEWAN : backend = ad
> #idmap config BALEWAN:schema_mode = rfc2307
> idmap config BALEWAN : range = 10000-99999
> idmap config BALEWAN : unix_nss_info = yes
> idmap config BALEWAN : unix_primary_group = yes
>
> This has worked for years. If I comment out the BALEWAN lines and restart
> it works but the mapping is wrong
>
> I have 3 DCs one is offline, power saving. One is on a bitcoin miner
> running 4.15.13-Ubuntu and the main DC is 4.22.1-Debian-4.22.1+dfsg-1
>
> Thank you for any guidance
>
> Regards
>
> Callum
>
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: itdept_head <itdept_head at grown-up.com>
> To:
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Bcc:
> Date: Wed, 21 May 2025 01:27:31 +0000
> Subject: Re: [Samba] Macs deleting files off RHEL8 server
> You can check how a mac is set by looking at the disk formatting
> For remote drives “SMB” there is a flag that is set
> Are these actual files or are they temp files?
>
> One thing you will see….
> Is if you use a remote drive as a “work” drive, osx & certainly windows
> can generate hundreds of temp files
> Which you cannot normally see.
> By work,
> That means if you are in word & you open a file on a shared remote drive,
> all the temp files are generated on the remote
> Burying its performance, because you see stupidity of < 500 bytes of
> action on the data packets, sometimes less that 80 bytes
> Which is a pain since tcp/ip packet size is between 20-120 bytes of
> control data, you end up sending more header data than actual data.
>
> So are these “real” files.
> Next up…
> If your file system is THAT unstable , you need to address it…
> The system should not “hang up” , unless you were trying to delete files
> locked by other processes.
>
> Be aware that a “hang” is not always an indication of a “bad” thing., and
> you should give it a few minutes.
>
>
>
> From: I T <it at embassygraphics.com>
> Date: Wednesday, 21 May 2025 at 1:04 AM
> To: itdept_head <itdept_head at grown-up.com>
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Subject: Re: [Samba] Macs deleting files off RHEL8 server
>
> Okay, so the server was changed to case insensitive yesterday morning.
>
> Today, I just watched an instance where files disappeared in real time.
> User print33 was moving/deleting files from a job on the server.
>
> It got hung up, the server was showing no folders, so we force quit the
> Finder. The server share unmounted, then we remounted it.
>
> Before the hang up there were 239 folders on the server. Now there’s only
> 224.
>
> I know this because I had just gone through and made sure all folders were
> accounted for this morning.
>
> Absolutely stumped as to why this is happening. I’ve sent the sosreport to
> Red Hat to see if they can decipher anything.
>
> Kind regards,
>
>
> [Image removed by sender.]
>
> Mike Soliven
> IT Manager
> Winnipeg, Manitoba, Canada R2X 2Y1
> 204.697.3338 Ext.1235
> www.embassygraphics.com<http://www.embassygraphics.com/>
>
>
> CONFIDENTIALITY NOTICE: This electronic transmission and any attachment
> are the confidential property of the sender, and the materials are
> privileged communications intended solely for the receipt, use, benefit,
> and information of the intended recipient indicated above. If you are not
> the intended recipient, you are hereby notified that any review,
> disclosure, copying, distribution, or the taking of any action in reliance
> on the contents of this electronic transmission is strictly prohibited, and
> may result in legal liability on your part. If you have received this email
> in error, please forward back to sender and destroy the electronic
> transmission.
>
>
> On Tue, May 20, 2025 at 8:49 AM I T <it at embassygraphics.com<mailto:
> it at embassygraphics.com>> wrote:
> Thanks for this info! I appreciate it. AFAIK, I've never changed any
> settings on the Macs re: case sensitivity, so they should be insensitive.
> Is there a way I can check this?
>
> Kind regards,
>
>
> [Image removed by sender.]
>
> Mike Soliven
> IT Manager
> Winnipeg, Manitoba, Canada R2X 2Y1
> 204.697.3338 Ext.1235
> www.embassygraphics.com<http://www.embassygraphics.com/>
>
>
> CONFIDENTIALITY NOTICE: This electronic transmission and any attachment
> are the confidential property of the sender, and the materials are
> privileged communications intended solely for the receipt, use, benefit,
> and information of the intended recipient indicated above. If you are not
> the intended recipient, you are hereby notified that any review,
> disclosure, copying, distribution, or the taking of any action in reliance
> on the contents of this electronic transmission is strictly prohibited, and
> may result in legal liability on your part. If you have received this email
> in error, please forward back to sender and destroy the electronic
> transmission.
>
>
> On Sun, May 18, 2025 at 11:41 PM itdept_head <itdept_head at grown-up.com
> <mailto:itdept_head at grown-up.com>> wrote:
>
> You have to be really careful with shares and macs.
> Since each mac can be set to either be case sensitive or not.
> It is possible for macs to throw all sorts of errors, if they are
> operating on mixed case systems.
>
> If the mac assumes it is case sensitive and it is not , it can either
> delete files or cause file name clashes that throw errors.
>
>
> https://www.truenas.com/community/threads/ongoing-battle-with-case-sensitive-dataset-smb-mount-from-osx.95515/
>
>
>
>
> On 15/5/2025, 3:28 AM, "samba on behalf of I T via samba" <
> samba-bounces at lists.samba.org<mailto:samba-bounces at lists.samba.org>
> <mailto:samba-bounces at lists.samba.org<mailto:samba-bounces at lists.samba.org>>
> on behalf of samba at lists.samba.org<mailto:samba at lists.samba.org> <mailto:
> samba at lists.samba.org<mailto:samba at lists.samba.org>>> wrote:
>
>
> Thanks for the confirmation, Roland. I'll have those looked at.
>
>
> I've gotten some info that because the server is case sensitive, it could
> be interfering with Apple's SMB protocol. Any thoughts on that? It is
> something I'll look into.
>
>
> Kind regards,
>
>
>
>
> *Mike Soliven*
> *IT Manager*
> Winnipeg, Manitoba, Canada R2X 2Y1
> 204.697.3338 Ext.1235
> www.embassygraphics.com<http://www.embassygraphics.com>
>
>
>
>
> CONFIDENTIALITY NOTICE: This electronic transmission and any attachment are
> the confidential property of the sender, and the materials are privileged
> communications intended solely for the receipt, use, benefit, and
> information of the intended recipient indicated above. If you are not the
> intended recipient, you are hereby notified that any review, disclosure,
> copying, distribution, or the taking of any action in reliance on the
> contents of this electronic transmission is strictly prohibited, and may
> result in legal liability on your part. If you have received this email in
> error, please forward back to sender and destroy the electronic
> transmission.
>
>
>
>
>
>
> >
> > >
> >
> > There is nothing there that should be causing your problem, except for,
> > every time you set 'vfs objects' in the shares, you are turning of
> > the 'vfs objects' you have set in 'global', which are 'apple' ones.
> >
> > Rowland
> >
> >
> >
> > _______________________________________________
> > samba mailing list
> > samba at lists.samba.org<mailto:samba at lists.samba.org> <mailto:
> samba at lists.samba.org<mailto:samba at lists.samba.org>>
> > https://lists.samba.org/mailman/listinfo/samba <
> https://lists.samba.org/mailman/listinfo/samba>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba <
> https://lists.samba.org/mailman/options/samba>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rpenny at samba.org>
> To: samba at lists.samba.org
> Cc:
> Bcc:
> Date: Wed, 21 May 2025 05:45:30 +0100
> Subject: Re: [Samba] Id maaping
> On Wed, 21 May 2025 09:32:31 +1200
> "Samba @ Pegasusnz via samba" <samba at lists.samba.org> wrote:
>
> > Hi
> >
> > After upgrading to 4.22
> > The id mapping for AD doesn’t seem to work
> >
> > This is my smb.conf for id mapping
>
> What about the rest of the smb.conf ?
> Posting just a part of the smb.conf is never a good idea.
>
> >
> > workgroup = BALEWAN
> > idmap config * : backend = tdb
> > idmap config * : range = 3000-9999
> > idmap config BALEWAN : backend = ad
> > #idmap config BALEWAN:schema_mode = rfc2307
> > idmap config BALEWAN : range = 10000-99999
> > idmap config BALEWAN : unix_nss_info = yes
> > idmap config BALEWAN : unix_primary_group = yes
> >
> > This has worked for years. If I comment out the BALEWAN lines and
> > restart it works but the mapping is wrong
> >
> > I have 3 DCs one is offline, power saving.
>
> Never have a Samba AD DC offline, it needs to be online for
> replication, if you intend to turn a DC off for any length of time, you
> should demote it.
>
> > One is on a bitcoin miner running 4.15.13-Ubuntu
>
> That is a bit old and EOL from the Samba point of view.
>
> >and the main DC is 4.22.1-Debian-4.22.1+dfsg-1
>
> What 'main' DC ?
> All DCs are equal.
>
> What is the computer with the 'idmap config' lines ?
> If you had posted the entire smb.conf , I wouldn't have to ask this.
>
> Rowland
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Mark Foley <mfoley at novatec-inc.com>
> To: samba at lists.samba.org
> Cc:
> Bcc:
> Date: Wed, 21 May 2025 01:47:57 -0400
> Subject: Re: [Samba] Users unable to reset passwords
> On Sun May 18 11:44:11 2025 Mark Foley via samba <samba at lists.samba.org>
> >
> > On Sun May 18 03:22:40 2025 Penny via samba <samba at lists.samba.org>
> wrote:
> > >
> > > On Sat, 17 May 2025 00:46:20 -0400
> > > Mark Foley via samba <samba at lists.samba.org> wrote:
> > >
> > > > I'm trying to solve a couple of problems with Samba 4.18.19 and
> > > > Windows 11. I've described these in detail in previous messages in
> > > > this thread, so I'll be brief here:
>
> [snip]
>
> > > > I'm going to test 3 ways:
> > > >
> > > > A. I will upgrade Samba to the latest 4.22.1, downloaded from
> > > > samba.org, but keeping all the domain users, group, policies, etc.
> > > >
> > > > B. If that doesn't work I will wipe the system and install and
> > > > provision 4.22.1 from scratch.
> > > >
> > > > C. If that doesn't work I will stage an actual Windows DC and see if
> > > > the problem exists on that platform.
> > > >
> > > > If B does not work but C does, I'll file a bug report for Samba. Then
> > > > I'll have to decide whether I want to live with the
> > > > password/redirected-folders issues on Samba or go with Windows.
>
> [snip]
>
> > > > Results thus far:
> > > >
> > > > Plan A
>
> [failed, see previous thread messages ]
>
> > >
> > > I think this would have been a lot nearer:
> > >
> > > ./configure \
> > > --enable-fhs \
> > > --prefix=/usr \
> > > --libdir=/usr/lib64 \
> > > --includedir=/usr/include \
> > > --bindir=/usr/bin \
> > > --sbindir=/usr/sbin \
> > > --mandir=/usr/man \
> > > --sysconfdir=/etc \
> > > --with-configdir=/etc/samba \
> > > --with-piddir=/var/run \
> > > --with-privatedir=/var/lib/samba/private \
> > > --with-privatelibdir=/usr/lib64 \
> > > --with-modulesdir=/usr/lib64 \
> > > --with-lockdir=/var/cache/samba \
> > > --with-logfilebase=/var/log/samba \
> > > --localstatedir=/var \
> > > --enable-cups \
> > > --with-acl-support \
> > > --with-automount \
> > > --with-quotas \
> > > --with-syslog \
> > > --with-utmp \
> > > --with-winbind \
> > > --with-ldap \
> > > --with-ads \
> > > --without-fam \
> > > --with-pam \
> > > --with-pammodulesdir=/lib64/security \
> > > --build=x86_64-slackware-linux || exit 1
> >
> > Wow! Thanks for that! I'll use that on my next attempt.
> >
>
> [snip]
>
> For "Plan B", I created a completely clean install of Slackware and
> removed the
> supplied Samaba and kinit (MIT) packages. I configured Samba 4.22.1
> exaclty per
> your (Roland's) suggestion, above, except that I also did
> --without-systemd and
> --disable-cups. (then make, make install)
>
> I followed the Wiki
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> I provisioned as:
>
> samba-tool domain provision \
> --use-rfc2307 \
> --realm=HPRS.LOCAL \
> --domain=HPRS \
> --server-role=dc \
> --dns-backend=SAMBA_INTERNAL \
> --option="interfaces=lo eth0" --option="bind interfaces only=yes"
>
> which failed the first time with "ModuleNotFoundError: No module named
> 'cryptography'", but I installed that and tried again and it provisioned
> without
> error.
>
> When I got to the testing bits, I had the following errors:
>
> # host -t SRV _ldap._tcp.hprs.local.
> Host _ldap._tcp.hprs.local. not found: 3(NXDOMAIN)
>
> # host -t SRV _kerberos._udp.hprs.local.
> Host _kerberos._udp.hprs.local. not found: 3(NXDOMAIN)
>
> # host -t A mail.hprs.local.
> Host mail.hprs.local. not found: 3(NXDOMAIN)
>
> # host -t PTR 192.168.0.2
> Host 2.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
>
> # kinit administrator
> -su: kinit: command not found
>
> This is disappointing. I did create a reverse zone, and listing that shows:
>
> # samba-tool dns zonelist mail -U Administrator
> 3 zone(s) found
>
> pszZoneName : 0.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.hprs.local
>
> pszZoneName : hprs.local
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.hprs.local
>
> pszZoneName : _msdcs.hprs.local
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.hprs.local
>
> So why does "host -t PTR 192.168.0.2" fail?
>
> likewise, there is an A record for 192.168.0.2:
>
> # samba-tool dns query mail.hprs.local hprs.local @ ALL -U administrator
> Name=, Records=3, Children=0
> SOA: serial=110, refresh=900, retry=600, expire=86400, minttl=3600,
> ns=mail.hprs.local., email=hostmaster.hprs.local. (flags=600000f0,
> serial=110,
> ttl=3600)
> NS: mail.hprs.local. (flags=600000f0, serial=1, ttl=900)
> A: 192.168.0.2 (flags=600000f0, serial=1, ttl=900)
> Name=_msdcs, Records=0, Children=0
> Name=_sites, Records=0, Children=1
> Name=_tcp, Records=0, Children=4
> Name=_udp, Records=0, Children=2
> Name=DomainDnsZones, Records=0, Children=2
> Name=ForestDnsZones, Records=0, Children=2
> Name=mail, Records=1, Children=0
> A: 192.168.0.2 (flags=f0, serial=1, ttl=900)
>
> So why does "host -t A mail.hprs.local." fail? It seems that 'host mail'
> should
> return results regardless.
>
> > > I personally would just join a test Debian Samba DC and point a client
> > > that has been having problems at it.
>
> I've built Samba from a download from samba.org before w/o problem, but
> not
> looking good this time.
>
> If the above DNS issues aren't something simple to resolve, I might go
> ahead
> and try the Debian approach, but that might not be immediate.
>
>
> More ...
>
> Note that kinit was not found. Does Samba rely on the distro's kinit? I
> removed
> that package because I thought it might be MIT related. Would a
> non-functioning
> Kerberos affect DNS? The wiki
> https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End
> mentions kerberos.
>
> --Mark
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rpenny at samba.org>
> To: samba at lists.samba.org
> Cc:
> Bcc:
> Date: Wed, 21 May 2025 07:03:34 +0100
> Subject: Re: [Samba] Users unable to reset passwords
> On Wed, 21 May 2025 01:47:57 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > More ...
> >
> > Note that kinit was not found. Does Samba rely on the distro's kinit?
> > I removed that package because I thought it might be MIT related.
> > Would a non-functioning Kerberos affect DNS? The wiki
> > https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End mentions
> > kerberos.
> >
> > --Mark
> >
>
> I posted that 'configure' fragment to show that the one you used was
> probably not enough, I posted a link to where it came from and
> suggested that you contact slackware for advice on building Samba for
> slackware, you seem to have ignored that advice.
>
> You need 'kinit', so I suggest you re-install it, it doesn't matter if
> the client tools are MIT ones, what does matter is what kerberos the
> server (DC) is running.
>
> I will repeat this, I suggest you move away from slackware to Debian,
> if only to save time, you could have had a known fully working Debian
> DC days ago.
>
> Rowland
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Luis Peromarta <lperoma at icloud.com>
> To: samba at lists.samba.org
> Cc:
> Bcc:
> Date: Wed, 21 May 2025 08:14:03 +0200
> Subject: Re: [Samba] Users unable to reset passwords
> In 20 minutes.
>
> http://samba.bigbird.es/doku.php?id=samba:start
> On 21 May 2025 at 08:13 +0200, samba at lists.samba.org <
> samba at lists.samba.org>, wrote:
>
>
> >
> >
> > I will repeat this, I suggest you move away from slackware to Debian,
> > if only to save time, you could have had a known fully working Debian
> > DC days ago.
>
>
>
>
> ---------- Forwarded message ----------
> From: Ralph Boehme <slow at samba.org>
> To: John T Davis <johntdavis at johntdavis.info>, samba at lists.samba.org
> Cc:
> Bcc:
> Date: Wed, 21 May 2025 09:46:34 +0200
> Subject: Re: [Samba] Documentation/Feature Clarification Request: Server
> Side Copy and VFS_FRUIT
> There are two styles of SSC:
> - the "normal" protocol style called copy-chunk, where the copy is
> requested in IO ranges by the client and performed server-side
> - the Apple way enabled by fruit:copyfile where the client requests the
> *whole* file to be copied in one request to be performed by the server
>
> The problem with the latter is that for large file the copy takes some
> time and meanwhile the client is blocked waiting for IO to complete. If
> the copy takes longer then the SMB request timeout time (iirc default
> 30s) the requests times out and the client will disconnect the connection.
>
> My recommendation is to stay away from fruit:copyfile for these reasons.
>
> Hth!
> -slow
>
> --
> SerNet Samba Team Lead https://sernet.de/
> Samba Team Member https://samba.org/
> Samba Support and Dev https://samba.plus/services/
>
> On 5/20/25 6:17 PM, John T Davis via samba wrote:
> > Hello,
> >
> > I’m running TrueNAS 24.10.2.2, which uses Samba 4.20.5-truenas. I have a
> mixture of Mac, Linux, and Windows SMB clients in my network that talk to
> the TrueNAS server over SMB.
> >
> > Apologies in advance for the slightly long-winded setup to my question;
> I wanted to explain how I got here.
> >
> > I’d like to be able to use Server-Side Copy (SSC) (
> https://wiki.samba.org/index.php/Server-Side_Copy) with my Mac clients to
> mange files on the TrueNAS server. As noted on that wiki page, “Note - not
> enabled for OS X (Macs) unless server Samba includes vfs_fruit module and
> fruit:copyfile = yes in smb.conf.”
> >
> > iX Systems (the company that develops and ships TrueNAS) does not add
> this flag to their default SMB configuration file. While I was trying to
> figure out why, I came across this warning from the current VFS_FRUIT man
> page in TrueNAS.
> >
> > "fruit:copyfile = yes | no
> > A global option whether to enable OS X specific copychunk ioctl
> that requests a copy of a whole file along with all attached metadata.
> > WARNING: the copyfile request is blocking the client while the
> server does the copy."
> >
> > One of the iX devs explained on their forum that this is relevant to SSC
> because when a SSC operation is in progress, TrueNAS’s Samba server is
> acting as both the client and the server, which makes sense.
> >
> > After talking with the iX devs and users on their forum, along with some
> members of the MacSysAdmin subreddit, I’ve realized that no one seems to
> know exactly what “blocking the client” means in this context—though I’m
> guessing it has something to do with Mac OS’s SMBX implementation not doing
> SSC the way the Samba server expects.
> >
> > In testing after adding the "fruit:copyfile = yes” line to the SMB
> config on TrueNAS, SSC appears to work just fine without any obvious issues
> on a Mac—but that doesn’t mean there’s not a problem, just that we don’t
> understand how to trigger it.
> >
> > I’ve spent about 4-6 hours on various forums and reading documentation,
> and am still pretty confused about what’s going on here.
> >
> > Request:
> >
> > I'm trying to track down the potential performance and other
> implications in the real world for having SSC enabled for Mac clients, but
> I haven't been able to find anything concrete yet. So, I have a couple of
> questions and suggestions for updates to the Samba documentation.
> > The warning exists in the man page, but not the official Samba docs
> (e.g., the Wiki).
> > Is it possible that the warning no longer applies, but the man page was
> never updated?
> > If so, could the man page be updated to remove this? This warning
> existing is one reason that the feature is not enabled by default in
> TrueNAS’s Samba build.
> > If the underlying issue that led to the warning still exists, would it
> be possible to update the wiki documentation to include the warning and
> also to explain a bit more about what “blocking the client” means in this
> context?
> > For SSC operations, one client is the Samba server itself. Does the
> entire Samba server experience an I/O lock when an SSC operation is
> initiated on a Mac? Or is it the actual Mac client that can’t do additional
> SMB operations until the SSC is completed? Or both?
> > More generally, what does this “blocking” look like to a human user
> and/or automated scheduled tasks? What problems can it cause? There’s a big
> difference between locking up the entire Samba server itself, and the Mac
> client that initiated the SSC request just having to sit there and wait to
> do more SMB things until the copy is done.
> >
> > Thanks for your help.
> >
> > -- -- --
> > John T Davis
> > johntdavis at johntdavis.info
>
> _______________________________________________
> samba mailing list
> samba at lists.samba.org
> https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list