Samba Traffic #3 For 14 Dec 1999
Table Of Contents
As discussed in Issue #1, article 12,
samba-bugs mailing list is being decommissioned in favor of
samba and the others. This has had a very noticeable effect in
the last week, as both
seemed to have a lot more bug reports and tech-support questions
than before. The weighty technical discussions are still there if you look,
but are getting a little harder to find.
In other news, we are starting to hear talk of moving the new and
exciting Samba 2.1.0 branch toward a stable release. There might be
even money, at this point, on whether the Samba team will end up
merging the neat new features into what is now the stable (2.0.x)
branch, or just stabilize the 2.1.0 branch; either option could prove
Needless to say, nobody has started talking yet about actual release
dates for Samba 2.2 (as the next major release will be known). Perhaps
now is a perfect time to start up that office pool to bet on what day
the new release hits the FTP sites. Alternatively, you can place bets
on whether it will beat Windows 2000 out the door.
Mailing List Stats For This Week
We looked at 343 posts in 704K.
There were 177 different contributors.
53 posted more than once.
posted last week too.
The top posters of the week were:
- 17 posts in 28K by Gerald Carter <cartegw@Eng.Auburn.EDU>
- 15 posts in 39K by Steve Litt <firstname.lastname@example.org>
- 14 posts in 17K by Giulio Orsero <email@example.com>
- 12 posts in 20K by Luke Kenneth Casson Leighton <firstname.lastname@example.org>
- 11 posts in 20K by Jeremy Allison <email@example.com>
- Full Stats
New Plans for NMBD
4 Dec 1999
Archive Link: "NetBIOS Kernel Project - another nmbd rewrite!"
Luke Leighton was interested in reorganizing the
subsystem into multiple modules. He posted one of his Master Plans for
samba-technical, soliciting volunteers to help him
flesh it out. Nobody responded. The one-post thread full of grand
ideas is easier to quote than to summarize:
i just created a "proxy" system which currently has two uses: a port
137 redirector and a port 139 redirector. this means that, AT LAST,
we can write a proper "NetBIOS Kernel".
the proposal includes the creation of:
nbtd - responsible for redirecting UDP 137 and UDP 138
traffic from unix sockets to actual 138 and 138 ports.
nbtkerneld - responsible for defending names registered
to it by programs that use a name_register() and name_release() API
nmbd - the current browser daemon
winsd - a wins server daemon
- nbtkerneld will communicate with nbtd.
- winsd will communicate with nbtd.
- nmbd will communicate with nbtkerneld for registrations and
nbtd for queries.
- nmblookup will communicate with nbtd.
, nmblookup will be able to read node status
responses while nmbd is running, because nbtd will redirect the
botched response up a unix pipe to nmblookup.
, we will be able to write UDP mailslot client
code that works, because we can have nbtd redirect the UDP response
back to the client.
ok. so. any takers? :-) :-)
me? oh, i'm going to write an msrpc agent, run a unix socket
back-end off of the smbd msrpc \PIPE\ code, and then split smbd into
several daemons, like samrd and lsarpcd and svcctld, which i've been
meaning to do since 1997!
Problems With SMBPASSWD in the Development Code
5 Dec 1999 - 10 Dec 1999
Archive Link: "smbpasswd not finding smbpasswd file"
Jerry Carter, Sander Striker,
It appears that something in the Samba
HEAD branch code
has broken the
smbpasswd utility. Joel Martin complained
of the error message:
Domain password server not available.
Lots of people checked in, confirming that they were having the same
problem. Grant Wallace suggested working around it by telling CVS to
check out month-old code.
As no solution seemed forthcoming, Sander Striker posed the general
question: is anyone running recent CVS builds and not affected
by this bug? Not long after, Jerry Carter responded:
Can't setup password database vectors.
I'm working on it. Alessandro Bruni, meanwhile, was
working around it by using
smbpasswd from Samba 2.0.6.
The next day, under a new thread,
Jerry thought he had improved matters:
who are interested, please grab a new copy of the code and see if smbpasswd
behaves better this time? He added that his Solaris server was still
having trouble. Everyone else started checking in again with new error
messages, most of which included "
Jerry eventually figured out:
Yes, well apparently
you need to run smbd, nmdb and the new lsarpcd daemons. Easier said
than done, according to Sander Striker:
but in the current cvs version the lsarpc deamon doesn't get build as far as
I know (correct me if I'm wrong). How do we get this to run? And
lsarpcd running, apparently things still don't work
properly, according to Jerry:
Still trying to work
out what else is going on here.
The 2.1.0 branch of code, it would seem, is not called "prealpha"
Help! Win95 Broke and I Don't Care!
5 Dec 1999
Archive Link: "trace required of w9x to nt pdc (domain controller)"
Luke Leighton, posting on
samba-technical, needs help. It seems that Windows95 and
its service pack progeny are no longer able to connect to the latest
development Samba versions, due to changes in RPC responses,
GetDC. However, Luke personally despises
That Operating System, so someone else will have to track it down:
personally, i couldn't care less if 9x can't talk to samba, however i
understand that others may not feel the same way about 9x that i do.
that doesn't mean that i'm going to install 9x or even go near it.
so :) that means that some kind soul needs to make a network
trace, preferably with netmon, of a win9x host "discovering" an NT
pdc, and then sending me the UDP 138 traffic portions so that i can
compare and then code...
If anyone out there still uses Windows95 and wants to use it with
future versions of Samba, he says,
your opportunity to make sure that you can.
Storing Profiles in Home Directories
6 Dec 1999 - 8 Dec 1999
Archive Link: "profiles in home"
Klaus Kappel, Kevin Colby, Seth Vidal, , Jens Skripczynski, Ondrej Hanak, Andy Polyakov
Ondrej Hanak had read somewhere that storing profiles in home
directories was a bad idea, and wanted to know the details. Klaus
AFAIK, it was a matter of design und usability. some users
might delete or move the directory profiles by accident or ignorance.
I think this problem is not yet solved. ;-) Jens Skripczynski
said it was a client-side problem, i.e. there is not much Samba can do
about it. Later, Kevin Colby explained more fully:
Actually, as I understand it, it has to do with some subtleties in
the way NT "logs out" versus the way 9x "logs out". Something about
how NT doesn't reconnect the profile share until after the next login
session starts, so if it were a user's home, the loggin in user may
not have permission to the share, and hence, no profile.
There really is no "solution" on the samba end in that case. NT
is just funky like that.
Seth Vidal, though, said:
just make a
separate profile share on your samba server and wa-la the problem is
gone. Andy Polyakov posted a config file snippet implementing a
clever variation: a separate "profiles" share with auto-generated
symlinks back to the profiles in the home directories.
Splitting Up Samba Daemons, or "Luke Develops Too Fast"
8 Dec 1999 - 9 Dec 1999
Archive Link: "major architectural "split""
Luke Leighton, Alan Hourihane, Tim Potter, Jeremy Allison, Andrew Tridgell, , Chris Tooley
Luke Leighton unveiled yet another new Master Plan on
i liked unix sockets so much when i wrote
smb-agent that i decided to write an msrpc-agent too. the purpose of
this is to be able to split the currently massive smbd program into
several smaller daemons, such as lsarpc, netlogond, spoolssd, svcctld
etc. if people want to add their own daemons (both client and server
side) then this should be very, very easy to do. (It must be
noted that what Luke considers "very, very easy" may not be what most
people would think.)
This split would have a number of advantages, he said, including the
possibility of mixing and matching development code with stable code
(in different daemons). He continued,
not looking forward to having to modify 2.0.x and cvs main to do this,
but once it is done, it will DEFINITELY make development of samba MSRPC
services so much easier.
Alan Hourihane was quite excited about this idea.
I always shudder when I have to kill an smbd process as it
kills so many other things. Being able to kill a specific service in
cases of trouble will definately improve things over here.
Chris Tooley agreed, and wondered whether the config file would also be
Tim Potter was much less enthusiastic:
you make a branch or something to do all this major stuff in? I get
the impression that people (i.e everyone who uses this stuff for work
related purposes) really want a stable Samba with all the PDC stuff in
it instead of having to take a punt at whether the latest CVS HEAD
actually compiles. He had several ideas for getting a stable
give luke his own branch
(-: Jeremy Allison agreed on all points except the Luke Branch
We tried this before. It had to be
Luke acknowledged that his fast-paced development style was not well
suited to stable releases, but maintained that, in this case
the new architecture would, in the long run, improve matters:
that's just the way i work (commit 4 to 8 times a day) and i rely on
you nice people to give me feedback on things i forgot (thank you!
adding this SMB<->MSRPC interface into samba will make it easier
to create snapshots of different daemons,. i really, really do not
want to get into the situation where here we are one year later and
the development branch still hasn't been merged with the release
on a per-daemon basis, i want to be able to cut that time to a
maximum of three weeks. ABSOLUTE maximum. that's simply not going
to happen with the current architecture.
Tridge reminded him,
eventually, we have to do a STABLE release. He went on to
point out some difficulties with Luke's style of development:
You don't like doing the work to make code stable. Fine. But please
don't be too critical about those of us who do try to make the damn
stuff stable. It might not be as sexy but it does take a lot of
I am also pretty convinced that no matter when we decide to try to
merge your development code in, by the time we are done you will once
again be complaining that we shouldn't be using that old crud and
should instead be using your all-new way of doing things whatever
that might be.
I just don't trust you in the
branch that we are aiming to make stable, you don't care enough about
stability. Jeremy Allison agreed:
Luke - this new code has to be severly examined by
someone other than you before we can possibly accept it. This means
security review, error return corrections (which you admit you don't
always do :-) and many other things. No way can we just take this code
sight unseen. You are changing too much. You have done this before.
Be careful. This new code might be wonderful. It might not. Until
other Team members have reviewed the changes it is too dangerous to
accept into stable. Way too dangerous :-).
Bug in Auxilliary Utility Code
8 Dec 1999
Archive Link: "util.c:get_trusted_serverlist()"
Jerry Carter, Luke Leighton,
Jerry Carter found what seemed to be a bug in the
if (lp_server_role() == ROLE_DOMAIN_PDC), then shouldn't our
name always be in the list of trusted servers? Right now in
smbpasswd.c, this is returning NULL up to clientgen.c:get_any_dc_name()
and is breaking things. Luke Leighton wasn't sure why the
problem was occuring:
the code checks
lp_workgroup() == domain to return lp_passwordserver() list.
therefore, what is your workgroup? Jerry answered,
I've had so much fun trying to figure out what
you've been doing lately. ;) Hmm....where to start? Then he
posted several bits of Samba code, annotated with notes of what he
thought was going on. Finally, he wrote,
you want to follow this through with a debugger, simply start at the
pwdb_initialise (False) call in smbpasswd.c:main(). Could you make
sense of this for me please?
Luke was convinced.
ok, it's a mess. i
fix it. Thanks to e-mail timestamps, we know that it took him
exactly eight minutes and eight seconds.
fixed. can u test?
Strange File Locking Bug
8 Dec 1999 - 10 Dec 1999
Archive Link: "'fcntl lock of file' failing, Sol-2.6, Samba-2.0.6"
Andrew Rakowski, , David Collier-Brown
Andrew Rakowski seeing Samba die with a message about
fcntl failing. He posted a comprehensive bug report,
including details of his OS, compiler versions, and selected portions
smb.conf, log file output, a syscall trace and the
output from his
configure run. (Note to all you beta
testers out there: software developers love bug reports with
this much detail.)
He tracked down the problem himself, and posted his findings the
next day. As it turned out, Andrew had built Samba on an AFS
partition, which supports different locking capabilities than UFS,
which he installed on. Thus, although the
script includes tests to determine what types of file locking are
available, these tests were defeated. His conclusion:
Moving the configure and build process to a ufs
filesystem solves the problem. Ideally, test/fcntl_lock.c should try
creating it's test file in the lock directory (LOCKDIR - if it exists),
in which case this would test whether locking will work during
runtime. (Another note to beta testers: if you trace and fix
your own bugs, developers will really love you!) David
Collier-Brown agreed that taking pains to do the locking test on the
right filesystem would probably be better, but that wouldn't stop this
sort of problem from occuring in other circumstances.
Fun With Windows95 Drive Letters
9 Dec 1999 - 10 Dec 1999
Archive Link: "Mapping Drive Z"
Mike Harris, Chris Tooley, Celso Webber, Lee Taylor,
Chris Tooley was having trouble with Windows95: he wanted to map a
share to drive Z during logon. Windows wouldn't do it, claiming that
Z: was in use, which didn't seem to be true. Mike Harris suggested the
I'd let Win9x have it's
way with the default Z: drive and map home to U: in the logon.bat
script. According to Chris, this was not feasible because of
about 8 billion other shortcuts, all of which
will be broken if we map the new share of those things to a different
drive letter. This wouldn't be a problem if we had users that
understood the concept of changing the driver letter in the
Celso Webber had some information:
this is a
WinBlows 9x issue. As far as I can tell, Winblows 9x maps internally drive
Z: for profiles, and when the user interface is available for use, you don't
see that drive mapped anymore. Lee Taylor, in between answering his
helpdesk calls, also replied:
What I have done
though is put a "NET USE L: \\<Samba Server>\Netlogon /YES" so that
"L:" is always the netlogon drive. Also I have set "logon drive = l:" so
that my WinNT clients use the same drive.
Others suggested using a batch file on the local system that did
NET USE Z: /DELETE to free up drive Z.
Strangely enough, considering this was Windows95, nobody seemed to have
an elegant solution to the problem.
Miscellaneous Quick Questions & Answers
3 Dec 1999 - 8 Dec 1999
Archive Link: "(miscellany)"
Win98 Resource Kit, Jason Diegmuller, Peter Holzer, Eric Maquiling, , Don McCall, Jeremy Allison, Daniel Polombo, David Collier-Brown, Dave Collier-Brown
As mentioned in the introduction to this newsletter, there has been
a noticeable increase in quick-question-quick-answer threads lately,
especially on the
samba list. Here are a few
policies under win98
Problem: Andrew Bell couldn't get group policies to work under
Solution: Matej Ondrusek
quoted the Windows98 Resource Kit:
you want to use group policies, you must install that capability on
each computer running Windows 98 by either using a custom setup script
when you install Windows 98 or using the Add/Remove Programs option in
to permissions, UNIX usernames, and UNIX groups ..
Is there a way to tell SAMBA to assign
files being written to the group of the subdirectory the file is being
Solution: Michael Szengel noted that setting the SetGID bit on a
directory would do what Jason wanted, and Peter Holzer added,
On Linux you can also get this behaviour on all
directories by mounting the file system with the "bsdgroups"
option. No need to set setgid bits on a gazillion of
the Connect as: field in NT fails to authenticate
Problem: Duane Ryan was having trouble getting NT to connect to
the same fileserver for two shares under two separate sets of
credentials (usernames/passwords) under NT.
Solution: This comes up periodically and usually someone
suggests the ugly hack of using an IP address for the server one of
the times, rather than its NetBIOS name, so that NT will not realize
it's the same box. This time, though, Eric Maquiling had a different
Are you doing something like
this, because this works for me:
'net use * \\machine\share * /user:othermachinename\userid'?
If you have accounts on 2 non trusted domains, you could also do:
'net use * \\machine\share * /user:domain_name\userid'
Problem: Someone named Joe wondered:
possible to access a samba server without using tcp/ip?
Solution: Don McCall took this one:
I don't know of any way to do this - Samba and the CIFS protocol it
sits on top of is implemented on the NBT protocol (NetBios over
TCP/iP); there is no 'netbeui' (the local lan protocol that Microsoft
uses if you don't want to use tcpip) implementation for Samba that I
2.4 and 2.0.6: socket ?
Problem: Christian Barth was having
smbd crash on
startup, on Solaris 2.4.
Solution: Jeremy Allison knew why:
Amazingly, it seems Solaris 2.4 - 2.5.1 shipped with a
completely broken recv() call. Solaris 2.6 and above are ok. You
need to change the recv calls in lib/util_sock.c to use read() for
these versions of Solaris...... He mentioned that this was
fixed (well, worked around) for the next Samba release.
- mount nt share from Solaris 2.6?
Problem: Joel Riedesel wanted
smbfs for Solaris.
He wanted to share files from NT. He had already tried, and found to
be unstable, various NFS servers on NT.
Solution: Daniel Polombo confirmed that
Linux-specific, but added:
You can use
Sharity (a professionnal product, that you may find expensive) or
Sharity-light (formerly known as Rumba), the latter being actually a
port of an older version of smbfs.
1.9 Y2K ?
Problem: Jean-Philippe Battu asked about the Y2K status of Samba
1.9.18p10 on HP/UX 10 and 11.
Solution: Jeremy Allison reassured him:
If the underlying OS is Y2K complient, then this version of
Samba will be too.
Problem: Craig Hansen was having occasional problems where one
Windows user was overwriting a file on a Samba share and the file,
which was formerly writable by other users, no longer was.
Solution: Steve Litt and Dave Collier-Brown both referred him to
create mask parameters in
smb.conf. Dave added,
This is similar to a recurring problem with Win apps:
Many Windows applications rename their data files to datafile.bak and
create new ones, thus changing their ownership and permissions so
that members of the same Unix group can't edit them. Setting
force create mask = 0660 will keep
the new file editable by members of the group.
Sharon And Joy