Kernel Traffic
Latest | Archives | People | Topics
Wine
Latest | Archives | People | Topics
GNUe
Latest | Archives | People | Topics
Czech
Home | News | RSS Feeds | Mailing Lists | Authors Info | Mirrors | Stalled Traffic
 

Samba Traffic #37 For 29 Dec 2000

Editor: Zack Brown

By John Quirk  and  Zack Brown

Samba Homepage | Samba List Archives | "Using Samba" | Samba Tips | A Samba Doc Page | Samba Meta-FAQ | Samba For IRIX FAQ

Table Of Contents

Introduction

Want to help write KC Samba? See the KC Authorship page, the KC Samba homepage, and the Thread Summary FAQ. Send any questions to the KCDevel mailing list.

Mailing List Stats For This Week

We looked at 185 posts in 856K.

There were 76 different contributors. 38 posted more than once. 0 posted last week too.

The top posters of the week were:

1. W2K joining SMB Server the saga continues

15 Dec 2000 - 20 Dec 2000 (13 posts) Archive Link: "W2K joining SMB Server"

Summary By John Quirk

People: Joe OltEric PilgerChen ShiyuanRichard SharpeJean Francois MicouleauHazen Valliant-SaundersJohn Quirk

(ed. [John Quirk] This is a sub thread of a very long running thread of Samba and joining a windows 2K domain. )

Joe Olt set the discussion off with this post:

I have not been using Samba 2.2 that long. But, I was able to get W2K workstations to joing the Samba domain only after this.

After I followed the How-To, it would not work. I changed the passwd program to point to the smbpasswd program and username level to 8. Then it worked.

It doesn't make much sense, but it worked. Has anyone else tried this? I'm using the 2.2-alpha, but have not CVSed.

Eric Pilger added:

Well I tried it. It didn't work. Like Hazen, and so many others, I have followed the FAQS, applied the patches, changed my domain name to 5 letters, used simple smb.conf, tried CVS, TNG and the latest source. The only thing I haven't done is rub the damn thing on a horny toads wart, turned around three times and thrown it over my shoulder.

The same bizarre behavior now happens every time.

- add machine to smbpasswd file (smbpasswd -a -m clientmachinename)

- ask machine to join domain

- enter username as root with appropriate password

- get message "The account used is a computer account. User your global user account or local user account to access the server."

(Note: at this point, a check of the smbpasswd file reveals that samba has changed the clientmachine entry to have a password of all XXXX...)

- ask machine to join domain

- enter username as root with appropriate password

- get message "The remote procedure call failed."

- ask machine to join domain

- enter username as root with appropriate password

- get message "The account used is a computer account. User your global user account or local user account to access the server."

- ask machine to join domain

- enter username as root with appropriate password

- get message "The remote procedure call failed."

Chen Shiyuan replied that this had been working for them and with posted his smb.conf file which included his domain name of ABC. Chen also noted:

would be that you must/ought to be making use of encrypted passwords and your root account and password should be listed in /etc/smbpasswd . cat /etc/smbpasswd | grep root should tell you if that is the case. You can also use smbclient \\\\<your servername>\\homes -Uroot and then type in the password to connect to your root's home directory. If cannot, something is wrong with either your smbpasswd file or your smb.conf .

Richard Sharpe made the following observations:

Yes, odd length domain names work, even length domain names do not.

Jean Francois Micouleau added an update:

I commited some code this morning (UTC) to the CVS 2.2 branch that should fix most problems with W2K.

To join the domain, you need:

a) add the machine account to /etc/passwd

b) log on the w2k locally using the administrator account

c) join the domain using your unix root account.

Hazen Valliant-Saunders who's earlier post kicked of this thread posted:

I'm both very happy and very sick. :()()()() anywhy i am cracking open a bottile of good gin (glen fiddich) when i get home today. Why Because it works. Got the newest CVS this morning!! compiled installed and bang it functions

The several people posted problems with mixed case usernames Hazen eventually found his problems came from as misconfigured passwd syn, he did not say what the problem was.

(ed. [John Quirk] Win2K support is slowly improving in 2.2 as this thread shows thanks to the good work from Jean Francois Micouleau. )

2. lib/genrand.c why it does this

16 Dec 2000 - 17 Dec 2000 (2 posts) Archive Link: "lib/genrand.c weirdness"

Summary By John Quirk

People: Andrew BartlettPeter Samuelson

Andrew Bartlett had a question about the genrand.c code:

Both Samba and Samba-TNG seem to use the same code for genrand.c and both appear to do some quite crazy things with their random numbers.

My reading of the code - do_reseed() - is that, upon requiring a new random seed, samba will (if available) read 40 bytes from /dev/urandom (good so far), and then go though all sorts of crazy steps to introduce predictable values into the mix, then goes and md4s the result a few times. As the output is only 16 bytes + 32 bits why not just read sizeof(unsigned int) as the return value (sys_srandom takes one unsigned int, and this is the only place this part of do_reseed's output ever goes) and then just read the 16 bytes for the return buffer? This would also mean that samba would not waste precious kernel entropy, reading only as many bytes as required.

Does samba for some reason not trust the kernel to provide sufficiently random numbers? (If so, should this be a configure test, letting those with kernel guaranteed randomness use it?)

This is the function in question, note it gets a little confused at the bottom about bits and bytes, my reading is that we return 32 bits and 16 bytes. (BTW, how does this work on 64 bit platforms, as srandom takes an unsigned int, not necessarily 32 bits long?)

As a minimal change, the bracket from the !got_random test should at least be moved down below the gettimeofday munging.

To which Peter Samuelson replied:

The function is not crazy at all if you assume /dev/urandom is not available, a pretty safe assumption on 95% of the platforms Samba supports. The only strange part is that it doesn't drop out early if /dev/urandom *is* available.

I don't know why it doesn't, but I have heard it said that paranoia about degree of randomness is often desirable. As Ted Ts'o puts it, you are guarding against "catastrophic failure" of one or more sources -- if it turns out some time in the future that /dev/urandom is crackable after all, Samba at least does not depend solely on that.

And speaking of /dev/urandom, it may or may not be what you think. Someone on some Unix system somewhere may provide /dev/urandom as a pipe with a daemon like egd behind it. In that case, are you so sure it is sufficient?

And in a sense, you "may as well" add in those file hashes and timestamps. The way crypto hashes like md4 work, no matter how much non-random seed you throw into the mix, you will end up with *at least* as much entropy at the other end as you started with, so it cannot hurt (disregarding efficiency).

In reply to the implied sizeof unsigned int Peter replied

What platforms does Samba support where unsigned int is other than 32 bits? I do not know of any but am willing to be surprised.

3. Alternatives To Stream Format

18 Dec 2000 - 21 Dec 2000 (2 posts) Archive Link: "File format"

Summary By Zack Brown

People: Eckart Meyer

Raffaele Riccardi remarked that, by default, Samba opened files for writing via the RMS 'stream' format. He wanted the option of changing this behavior, or making it service dependent. But Eckart Meyer replied that it would be impossible. Eckart explained, "STREAM is what DOS/Windows sends. So we are lucky enough that VMS supports such a file format (and here VMS is (again :-) better than UNIX). Alternativly we had to write new "on-the-fly" converters, but this is not an easy task since we could not reliable tell which file is a text file and which is binary." There was no reply.

4. Viewing NT Folders From Solaris

19 Dec 2000 - 21 Dec 2000 (8 posts) Archive Link: "mounting nt from unix"

Summary By Zack Brown

People: Armand WelshKevin MunstermanAnders C. ThorsenNelson GarciaBuchan Milne

Goly Shakarov wanted to view NT folders from a Solaris box, and Armand Welsh replied, "From what I gather your options are, either work to get a port of smbmount/smbfs developed for solaris, or use nfs service on NT." Kevin Munsterman also suggested:

have you tried

smbclient -L ntbox -u username -p password

this should list all shared folders on the nt machine.

Goly tried this but got errors, and Anders C. Thorsen explained:

it tries to connect with the full name (above), but failes because the server doesn't recognize it. Use -L <NetBios Name> -I <dest. IP> -U <username>

Nelson Garcia also had some suggestions for Goly:

Do you want to mount a SMB share? or do you want to be able to "browse" what shares the NT machine is offering?

Although I run Linux/Samba as a PDC on my LAN, I have never had to mount a SMB share on the Linux box. If you just want to mount, can't you just use "smbmount"? http://us1.samba.org/samba/ftp/docs/htmldocs/smbmount.8.html

There is also a gui tool called "gnomba" that came with my Mandrake distro, however, I havent' gotten much success using it.

For an off topic answer, could'nt you setup NFS on the NT machine? My trial version of X-WinPro came with a free NFS server that I've kept ever since (I use X-Win32 now to run my Linuxbox from my NT machine).

Buchan Milne pointed out the according the the URL Nelson had posted, smbmount would only work under Linux. Since Goly needed a Solaris solution, this wouldn't be much use unless someone had ported the tool recently. As for gnomba, Buchan replied scathingly, "Gnomba is the most pathetic smb browser I have seen. I would rather take my chances with smbclient (where I don't need to knwo the range of ip addresses I want to browse)!" Armand Welsh disagreed, and said that actually, gnomba had been really good for at least the past 6 months. He recommended that Buchan try it again, if he hadn't used it in that time.

5. Samba scalability a question

20 Dec 2000 - 26 Dec 2000 (15 posts) Archive Link: "Samba scalability?"

Summary By John Quirk

People: Shawn WrightPatrick GunerudSimo SorceMatthew GeddesKevin ColbyJohn QuirkGerald Carter

(ed. [John Quirk] Questions in this vein often come up the list. )

Shawn Wright wrote a post asking many questions about the scalability of samba for the task he had in mind:

I'm in the process of upgrading several of our NT4 servers, and must decide what services I can safely migrate to Linux/Samba, and which need to remain on NT.

Currently our two NT4 server carrying the heaviest file sharing load deal with about 150 concurrent user connections, and will see 600- 1200 file locks during normal use. Most of this is user home shares, with some shared network apps thrown in; clients are 90% NT4 WKS, with some student win9x PCs and laptops.

I've run various low use samba servers over the past 5 years or so, but have never attempted to fully replace an NT4 box as they have been rock solid (surprisingly) for us. What samba issues should I be prepared to address to deal with this kind of load? Does samba benefit from an SMP system? How are the software RAID drivers in Linux? (the current NT4 box I'm planning to migrate to Samba over Linux is a PPro200 with 224Mb, and 3 Adaptec 3940UW SCSI cards, with 4 9Gb Cheetah drives running software RAID - stock NT4 drivers)

Patrick Gunerud replied

As far as I know it should handle the load just fine, maybe even better the Windows.

The software raid of linux is working great! I'm running a redhat 7.0 system with 4 maxtor 40GB ATA/66 drives using software raid 5 on them. The performance is out standing. I had to tweek the install to be able to set up the ide drives the way I wanted since the 2.2.x kernel will only support 4 ide channels. But after installing redhat on it and upgrading to the 2.4.0 kernel it is running great. with 5 ide hard drives each on there own channel.

Simo Sorce added:

Rembebr that at this stage samba does not support trust relationships, also stay tuned for samba 2.2 as it will give many improvements in PDC code (More RPC supported) and in native NT printing.

Simo Sorce also added his surport for Linux raid. Matthew Geddes added:

We've had over 300 concurrent connections. We're doing the whole lot on a Linux box with Samba 2.0.7. The box itself is a 450MHz Celery processor and 256MB RAM. The HDD is a single 13GB IDE. It sometimes uses a fair amount of swap, but we've not had any complaints. This box also manages a connection from each machine to it's closest printer. This box is not a PDC or WINS server.

Shawn Wright in his post also asked:

I've heard talk about open file limits in the smbd process - is this only an issue with WTS clients? I'd appreciate any tips for tuning samba for this type of environment.

Simo Sorce replied:

No that's a normal limitation for normal process, it may be bypassed using ulimt command in startup scripts. eg:

# Set max number files limit to 16384

ulimit -Hn 16384

ulimit -Sn 16384

this is in my /etc/rc.d/init.d/smb script before launching smbd and nmbd

Shawn Wright was also concerned as to which was the best OS to run samba on as one his concerns was security:

- although our two longest running linux boxes (3.5 and 5.5 years) have been very stable, we have had two remote exploits during this time (both on RedHat 6.2). To be fair, both could have been avoided had I been more diligent on the patches, but it also makes me wonder if going with OpenBSD wouldn't be a better idea

He went on to ask about ACL support, quota support and backup systems. Kevin Colby agreed about the problems with ACL's but on quotas:

Quotas are reportedly working just fine. However, the quota setup and analysis of usage is up to the OS tools.

Gerald Carter pointed that ACL suport was comming in 2.2, others had already pointed out the ACL was a funtion of the underlying Operating System and that currently Linux is not quite there yet.

Michael E Osborne that AIX 4.1.4+ had ACL support built in. This discovery Shawn Wright.

The thread finished on that note.

 

 

 

 

 

 

Sharon And Joy
 

Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at kernel.org. All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.