From: Dominic R. <dl...@ed...> - 2011-01-21 13:28:59
|
The Samba update (to 3.5.6 from 3.4.5) in DL 1.4.1 is presenting me with some problems. The first issue is that I see a lot of messages in my log like this: smbd[21663]: canonicalize_connect_path failed for service IPC$, path /tmp I wonder if this is because /tmp is a symlink in read-only file system to /var/tmp rather than to the 'true' path which I think is /shm/var/tmp? Is there any way for me to change this and see if it helps? The second issue is more serious but probably related in some way. I have to use the setting 'wide links=yes' in my shares or else there is no access to them. This is not a good setup because 'wide links' carries some security risks and anyway I am not using any wide links. (The 'unix extensions=yes/no' setting in [global] has no affect on this problem.) My samba paths are all inside /home with generous permissions so there is no good reason IMO why Samba's canonicalize_connect_path should fail: ----------- # ls /home -dl drwxrwxrwx 8 root root 216 Jan 5 12:14 /home # ls /home/z-shares -dl drwxrwxrwx 9 root root 216 Dec 17 13:50 /home/z-shares # ls /home/z-shares/* -dl drwxrwxrwx 21 nobody nogroup 872 Jan 21 04:22 /home/z-shares/exampleshare # grep -A 6 "^\[exampleshare]" /etc/samba/smb.conf [exampleshare] path = /home/z-shares/exampleshare valid users = myname_machine guest ok = No read only = No browseable = Yes wide links = No ----------- With this setting 'wide links=No' (which is the default setting for Samba 3.5), then attempting to connect to exampleshare fails, and log shows: canonicalize_connect_path failed for service exampleshare, path /home/z-shares/exampleshare I can't see any reason for this failure as the path looks fine and so do the permissions. I should mention that I don't (and never have) run winbindd (which normally runs on DL as a component of Samba) but I can't see how this would affect anything. If I set 'widelinks = Yes', access is okay (but I still see error messages relating to IPC$ in the log). [Delving deeper into Samba code than is probably wise, the function which is returning an error is SMB_VFS_REALPATH. The actual call to this function has two forms depending on whether a compile setting REALPATH_TAKES_NULL is set or not. From what I can see this is not set in DL's configuration. (No, it doesn't mean much to me either.)] All suggestions gratefully received. Googling, I don't see other Samba users having the same issue, so that points me back towards DL configuration. Is anyone using Samba under DL 1.4.1 or 1.4.2, or could someone running DL 1.4.1 or 1.4.2 test Samba to see if they find the same problems? Dominic |
From: Heiko Z. <he...@zu...> - 2011-01-21 19:33:37
|
I don't have much time, so this is going to be a brief answer. The issue is because we did symlink /var. You may get around some of the issues by specifying /shm/var in smb.conf as the path for the shares. Check the mailinglist archives, I think I posted a fix for a couple of the issues. Heiko Quoting Dominic Raferd <dl...@ed...>: > The Samba update (to 3.5.6 from 3.4.5) in DL 1.4.1 is presenting me with > some problems. > > The first issue is that I see a lot of messages in my log like this: > > smbd[21663]: canonicalize_connect_path failed for service IPC$, path /tmp > > I wonder if this is because /tmp is a symlink in read-only file system > to /var/tmp rather than to the 'true' path which I think is > /shm/var/tmp? Is there any way for me to change this and see if it helps? > > The second issue is more serious but probably related in some way. I > have to use the setting 'wide links=yes' in my shares or else there is > no access to them. This is not a good setup because 'wide links' carries > some security risks and anyway I am not using any wide links. (The 'unix > extensions=yes/no' setting in [global] has no affect on this problem.) > > My samba paths are all inside /home with generous permissions so there > is no good reason IMO why Samba's canonicalize_connect_path should fail: > ----------- > # ls /home -dl > drwxrwxrwx 8 root root 216 Jan 5 12:14 /home > # ls /home/z-shares -dl > drwxrwxrwx 9 root root 216 Dec 17 13:50 /home/z-shares > # ls /home/z-shares/* -dl > drwxrwxrwx 21 nobody nogroup 872 Jan 21 04:22 /home/z-shares/exampleshare > # grep -A 6 "^\[exampleshare]" /etc/samba/smb.conf > [exampleshare] > path = /home/z-shares/exampleshare > valid users = myname_machine > guest ok = No > read only = No > browseable = Yes > wide links = No > ----------- > With this setting 'wide links=No' (which is the default setting for > Samba 3.5), then attempting to connect to exampleshare fails, and log shows: > canonicalize_connect_path failed for service exampleshare, path > /home/z-shares/exampleshare > > I can't see any reason for this failure as the path looks fine and so do > the permissions. I should mention that I don't (and never have) run > winbindd (which normally runs on DL as a component of Samba) but I can't > see how this would affect anything. > > If I set 'widelinks = Yes', access is okay (but I still see error > messages relating to IPC$ in the log). > > [Delving deeper into Samba code than is probably wise, the function > which is returning an error is SMB_VFS_REALPATH. The actual call to this > function has two forms depending on whether a compile setting > REALPATH_TAKES_NULL is set or not. From what I can see this is not set > in DL's configuration. (No, it doesn't mean much to me either.)] > > All suggestions gratefully received. > > Googling, I don't see other Samba users having the same issue, so that > points me back towards DL configuration. Is anyone using Samba under DL > 1.4.1 or 1.4.2, or could someone running DL 1.4.1 or 1.4.2 test Samba to > see if they find the same problems? > > Dominic > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
From: Dominic R. <dl...@ed...> - 2011-01-22 08:20:10
|
Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I only have paths that are subdirectories of /home. Dominic On 21/01/11 19:33, Heiko Zuerker wrote: > I don't have much time, so this is going to be a brief answer. > The issue is because we did symlink /var. You may get around some of > the issues by specifying /shm/var in smb.conf as the path for the > shares. > > Check the mailinglist archives, I think I posted a fix for a couple of > the issues. > > Heiko > > Quoting Dominic Raferd<dl...@ed...>: > >> The Samba update (to 3.5.6 from 3.4.5) in DL 1.4.1 is presenting me with >> some problems. >> >> The first issue is that I see a lot of messages in my log like this: >> >> smbd[21663]: canonicalize_connect_path failed for service IPC$, path /tmp >> >> I wonder if this is because /tmp is a symlink in read-only file system >> to /var/tmp rather than to the 'true' path which I think is >> /shm/var/tmp? Is there any way for me to change this and see if it helps? >> >> The second issue is more serious but probably related in some way. I >> have to use the setting 'wide links=yes' in my shares or else there is >> no access to them. This is not a good setup because 'wide links' carries >> some security risks and anyway I am not using any wide links. (The 'unix >> extensions=yes/no' setting in [global] has no affect on this problem.) >> >> My samba paths are all inside /home with generous permissions so there >> is no good reason IMO why Samba's canonicalize_connect_path should fail: >> ----------- >> # ls /home -dl >> drwxrwxrwx 8 root root 216 Jan 5 12:14 /home >> # ls /home/z-shares -dl >> drwxrwxrwx 9 root root 216 Dec 17 13:50 /home/z-shares >> # ls /home/z-shares/* -dl >> drwxrwxrwx 21 nobody nogroup 872 Jan 21 04:22 /home/z-shares/exampleshare >> # grep -A 6 "^\[exampleshare]" /etc/samba/smb.conf >> [exampleshare] >> path = /home/z-shares/exampleshare >> valid users = myname_machine >> guest ok = No >> read only = No >> browseable = Yes >> wide links = No >> ----------- >> With this setting 'wide links=No' (which is the default setting for >> Samba 3.5), then attempting to connect to exampleshare fails, and log shows: >> canonicalize_connect_path failed for service exampleshare, path >> /home/z-shares/exampleshare >> >> I can't see any reason for this failure as the path looks fine and so do >> the permissions. I should mention that I don't (and never have) run >> winbindd (which normally runs on DL as a component of Samba) but I can't >> see how this would affect anything. >> >> If I set 'widelinks = Yes', access is okay (but I still see error >> messages relating to IPC$ in the log). >> >> [Delving deeper into Samba code than is probably wise, the function >> which is returning an error is SMB_VFS_REALPATH. The actual call to this >> function has two forms depending on whether a compile setting >> REALPATH_TAKES_NULL is set or not. From what I can see this is not set >> in DL's configuration. (No, it doesn't mean much to me either.)] >> >> All suggestions gratefully received. >> >> Googling, I don't see other Samba users having the same issue, so that >> points me back towards DL configuration. Is anyone using Samba under DL >> 1.4.1 or 1.4.2, or could someone running DL 1.4.1 or 1.4.2 test Samba to >> see if they find the same problems? >> >> Dominic >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> > > |
From: Heiko Z. <he...@zu...> - 2011-01-22 11:45:45
|
Quoting Dominic Raferd <dl...@ed...>: > > Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I > only have paths that are subdirectories of /home. Okay. Do you have this line in the smb.conf? [IPC$] wide links = Yes -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
From: Dominic R. <dl...@ed...> - 2011-01-22 11:53:22
|
On 22/01/11 11:45, Heiko Zuerker wrote: > Quoting Dominic Raferd<dl...@ed...>: >> Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I >> only have paths that are subdirectories of /home. > Okay. > > Do you have this line in the smb.conf? > > [IPC$] > wide links = Yes > No, I have no reference to IPC at all. I think IPC is some internal Samba thingy. I do have 'wide links = Yes' in all my shares (but IPC is not among them) - I want to have wide links = No (the default - safe - setting) but this prevents access. |
From: Heiko Z. <he...@zu...> - 2011-01-22 12:06:14
|
Quoting Dominic Raferd <dl...@ed...>: > On 22/01/11 11:45, Heiko Zuerker wrote: >> Quoting Dominic Raferd<dl...@ed...>: >>> Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I >>> only have paths that are subdirectories of /home. >> Okay. >> >> Do you have this line in the smb.conf? >> >> [IPC$] >> wide links = Yes >> > No, I have no reference to IPC at all. I think IPC is some internal > Samba thingy. I do have 'wide links = Yes' in all my shares (but IPC is > not among them) - I want to have wide links = No (the default - safe - > setting) but this prevents access. Add the above 2 lines to your smb.conf and things should work better. It's a hidden share which is being used for the communication. (Not sure about the details on it). -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
From: Dominic R. <dl...@ed...> - 2011-01-22 14:32:30
|
On 22/01/11 12:06, Heiko Zuerker wrote: > Quoting Dominic Raferd<dl...@ed...>: > >> On 22/01/11 11:45, Heiko Zuerker wrote: >>> Quoting Dominic Raferd<dl...@ed...>: >>>> Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I >>>> only have paths that are subdirectories of /home. >>> Okay. >>> >>> Do you have this line in the smb.conf? >>> >>> [IPC$] >>> wide links = Yes >>> >> No, I have no reference to IPC at all. I think IPC is some internal >> Samba thingy. I do have 'wide links = Yes' in all my shares (but IPC is >> not among them) - I want to have wide links = No (the default - safe - >> setting) but this prevents access. > Add the above 2 lines to your smb.conf and things should work better. > It's a hidden share which is being used for the communication. > (Not sure about the details on it). If I add lines: [IPC$] path = /shm/var/tmp wide links = Yes then the errors in log about IPC stop, which is good, thanks. Both of these lines are needed. But if I have a share with wide links = No and I try to connect to it I still see this in the log: [2011/01/22 14:27:18.361834, 0] smbd/service.c:988(make_connection_snum) canonicalize_connect_path failed for service exampleshare, path /home/z-shares/exampleshare |
From: Heiko Z. <he...@zu...> - 2011-01-22 20:20:09
|
Quoting Dominic Raferd <dl...@ed...>: > On 22/01/11 12:06, Heiko Zuerker wrote: >> Quoting Dominic Raferd<dl...@ed...>: >> >>> On 22/01/11 11:45, Heiko Zuerker wrote: >>>> Quoting Dominic Raferd<dl...@ed...>: >>>>> Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I >>>>> only have paths that are subdirectories of /home. >>>> Okay. >>>> >>>> Do you have this line in the smb.conf? >>>> >>>> [IPC$] >>>> wide links = Yes >>>> >>> No, I have no reference to IPC at all. I think IPC is some internal >>> Samba thingy. I do have 'wide links = Yes' in all my shares (but IPC is >>> not among them) - I want to have wide links = No (the default - safe - >>> setting) but this prevents access. >> Add the above 2 lines to your smb.conf and things should work better. >> It's a hidden share which is being used for the communication. >> (Not sure about the details on it). > If I add lines: > > [IPC$] > path = /shm/var/tmp > wide links = Yes > > then the errors in log about IPC stop, which is good, thanks. Both of > these lines are needed. But if I have a share with wide links = No and I > try to connect to it I still see this in the log: > > [2011/01/22 14:27:18.361834, 0] smbd/service.c:988(make_connection_snum) > canonicalize_connect_path failed for service exampleshare, path > /home/z-shares/exampleshare I don't understand why it fails on /home, the ones I used under /var were explained by the symlink. -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
From: Dominic R. <dl...@ed...> - 2011-01-23 09:40:34
|
On 22/01/11 20:20, Heiko Zuerker wrote: > Quoting Dominic Raferd<dl...@ed...>: >> On 22/01/11 12:06, Heiko Zuerker wrote: >>> Quoting Dominic Raferd<dl...@ed...>: >>> >>>> On 22/01/11 11:45, Heiko Zuerker wrote: >>>>> Quoting Dominic Raferd<dl...@ed...>: >>>>>> Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I >>>>>> only have paths that are subdirectories of /home. >>>>> Okay. >>>>> >>>>> Do you have this line in the smb.conf? >>>>> >>>>> [IPC$] >>>>> wide links = Yes >>>>> >>>> No, I have no reference to IPC at all. I think IPC is some internal >>>> Samba thingy. I do have 'wide links = Yes' in all my shares (but IPC is >>>> not among them) - I want to have wide links = No (the default - safe - >>>> setting) but this prevents access. >>> Add the above 2 lines to your smb.conf and things should work better. >>> It's a hidden share which is being used for the communication. >>> (Not sure about the details on it). >> If I add lines: >> >> [IPC$] >> path = /shm/var/tmp >> wide links = Yes >> >> then the errors in log about IPC stop, which is good, thanks. Both of >> these lines are needed. But if I have a share with wide links = No and I >> try to connect to it I still see this in the log: >> >> [2011/01/22 14:27:18.361834, 0] smbd/service.c:988(make_connection_snum) >> canonicalize_connect_path failed for service exampleshare, path >> /home/z-shares/exampleshare > I don't understand why it fails on /home, the ones I used under /var > were explained by the symlink. > And it not only fails on /home, it also fails with shares on /var or /shm/var... The only way I can get it to work is with 'wide links = Yes' parameter. In fact I cannot find any location that works with 'wide links = no'. Do you have shares on /var working with 'wide links = No'? |
From: Heiko Z. <he...@zu...> - 2011-01-23 14:36:02
|
Quoting Dominic Raferd <dl...@ed...>: > On 22/01/11 20:20, Heiko Zuerker wrote: >> Quoting Dominic Raferd<dl...@ed...>: >>> On 22/01/11 12:06, Heiko Zuerker wrote: >>>> Quoting Dominic Raferd<dl...@ed...>: >>>> >>>>> On 22/01/11 11:45, Heiko Zuerker wrote: >>>>>> Quoting Dominic Raferd<dl...@ed...>: >>>>>>> Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I >>>>>>> only have paths that are subdirectories of /home. >>>>>> Okay. >>>>>> >>>>>> Do you have this line in the smb.conf? >>>>>> >>>>>> [IPC$] >>>>>> wide links = Yes >>>>>> >>>>> No, I have no reference to IPC at all. I think IPC is some internal >>>>> Samba thingy. I do have 'wide links = Yes' in all my shares (but IPC is >>>>> not among them) - I want to have wide links = No (the default - safe - >>>>> setting) but this prevents access. >>>> Add the above 2 lines to your smb.conf and things should work better. >>>> It's a hidden share which is being used for the communication. >>>> (Not sure about the details on it). >>> If I add lines: >>> >>> [IPC$] >>> path = /shm/var/tmp >>> wide links = Yes >>> >>> then the errors in log about IPC stop, which is good, thanks. Both of >>> these lines are needed. But if I have a share with wide links = No and I >>> try to connect to it I still see this in the log: >>> >>> [2011/01/22 14:27:18.361834, 0] smbd/service.c:988(make_connection_snum) >>> canonicalize_connect_path failed for service exampleshare, path >>> /home/z-shares/exampleshare >> I don't understand why it fails on /home, the ones I used under /var >> were explained by the symlink. >> > And it not only fails on /home, it also fails with shares on /var or > /shm/var... The only way I can get it to work is with 'wide links = Yes' > parameter. In fact I cannot find any location that works with 'wide > links = no'. Do you have shares on /var working with 'wide links = No'? No. wide links = yes used to be the default on Samba, but they changed it. That's why it's failing all the sudden. It has to do with the symlinks we're using. One thing you can try is pointing TMP to a different location before you start samba, so that there's no symlink being used (i.e. /shm/tmp ). I did a lot of trial and error when I analyzed it first. Don't remember all the things I did. I'm planning to not use many symlinks in the next major DL release, but rather use the "bind" feature of mount. This should help prevent problems like this. -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
From: Dominic R. <dl...@ed...> - 2011-01-23 17:21:58
|
On 23/01/11 14:35, Heiko Zuerker wrote: > Quoting Dominic Raferd<dl...@ed...>: > >> On 22/01/11 20:20, Heiko Zuerker wrote: >>> Quoting Dominic Raferd<dl...@ed...>: >>>> On 22/01/11 12:06, Heiko Zuerker wrote: >>>>> Quoting Dominic Raferd<dl...@ed...>: >>>>> >>>>>> On 22/01/11 11:45, Heiko Zuerker wrote: >>>>>>> Quoting Dominic Raferd<dl...@ed...>: >>>>>>>> Thanks Heiko, but I do not have /var anywhere in my smb.conf file. I >>>>>>>> only have paths that are subdirectories of /home. >>>>>>> Okay. >>>>>>> >>>>>>> Do you have this line in the smb.conf? >>>>>>> >>>>>>> [IPC$] >>>>>>> wide links = Yes >>>>>>> >>>>>> No, I have no reference to IPC at all. I think IPC is some internal >>>>>> Samba thingy. I do have 'wide links = Yes' in all my shares (but IPC is >>>>>> not among them) - I want to have wide links = No (the default - safe - >>>>>> setting) but this prevents access. >>>>> Add the above 2 lines to your smb.conf and things should work better. >>>>> It's a hidden share which is being used for the communication. >>>>> (Not sure about the details on it). >>>> If I add lines: >>>> >>>> [IPC$] >>>> path = /shm/var/tmp >>>> wide links = Yes >>>> >>>> then the errors in log about IPC stop, which is good, thanks. Both of >>>> these lines are needed. But if I have a share with wide links = No and I >>>> try to connect to it I still see this in the log: >>>> >>>> [2011/01/22 14:27:18.361834, 0] smbd/service.c:988(make_connection_snum) >>>> canonicalize_connect_path failed for service exampleshare, path >>>> /home/z-shares/exampleshare >>> I don't understand why it fails on /home, the ones I used under /var >>> were explained by the symlink. >>> >> And it not only fails on /home, it also fails with shares on /var or >> /shm/var... The only way I can get it to work is with 'wide links = Yes' >> parameter. In fact I cannot find any location that works with 'wide >> links = no'. Do you have shares on /var working with 'wide links = No'? > No. > wide links = yes used to be the default on Samba, but they changed it. > That's why it's failing all the sudden. Yes, when I first ran 1.4.1 it broke everything until I realised this (and added 'wide links = no') > It has to do with the symlinks we're using. > One thing you can try is pointing TMP to a different location before > you start samba, so that there's no symlink being used (i.e. /shm/tmp > ). I did a lot of trial and error when I analyzed it first. Don't > remember all the things I did. You mean something like: # export TMP=/shm/var/tmp # /etc/init.d/samba restart ? I tried this (and also for TEMP and TMPDIR) but no joy :-( > I'm planning to not use many symlinks in the next major DL release, > but rather use the "bind" feature of mount. This should help prevent > problems like this. Sounds good, I will look forward to it - but I know it may be a while :-) Dominic |