Re: CIFS Server and Domain Mismatch Problem

Emil Henry · ‎09-07-2004

Hello!

We are running SAMBA 2.2.8a from HP (CIFS) on a HP-UX (11i) server. It is running great and all that. The only issue is that the users would like to be able to share there shares to other users that they specify through the Windows clients. The problem is that when they look at properties they see the hostname\username under the Group or user name - which is themselves. When we try to do the domain\username it accepts it as valid, but disappears when we try to apply.

Please advice.

Thanks in advance.

Regards,

Emil

eric roseme · ‎09-07-2004

Hi Emil,

Two things:

1. If you want to use HP CIFS server with POSIX ACLs, then you will need JFS 3.3 or later with file system layout 4 for your shared directories.

2. On CIFS 2.2.X when you try to add a domain user to the ACL it will not work, because you are trying to add a Windows SID to a POSIX file descriptor. That will not work. Your users must add hostname\username because that is a UID that *can* be added to the POSIX file descriptor.
This is all explained in "HP CIFS Server Administrator's Guide":

http://www.docs.hp.com/hpux/pdf/B8725-90073.pdf

Go to page 59 for NT clients, 68 for 2000/XP clients. The instructions are pretty good.

The symptom that you are seeing is the same for attempting to add an SID to the POSIX ACL, or for adding a UID to a filesystem that does not support ACLs.

Eric Roseme

PS - I also replied to your post on samba.org

Sundar_7 · ‎09-07-2004

With 11i by default you are going to have VXFS filesystem layout version of 4 that has support for ACLs. So, work on the second suggestion from Eric.

Learn What to do ,How to do and more importantly When to do ?

Emil Henry · ‎09-07-2004

Hello Eric!

Thanks for the info. When I log into the machine under "DOMAIN", and try to change the settings for a share which is owned by HOSTNAME\USER it does not allow me to add anyone HOSTNAME\ANOTHER. Hope I am clear. Am I doing something wrong.

Regards,

Emil

Emil Henry · ‎09-07-2004

Thanks Sundar for saving me time finding that info.

Dave Olker · ‎09-07-2004

Hi Sundar and Emil,

One thing to be aware of - if your system arrived with HP-UX 11i or you did a cold install with 11i then you will have VxFS 3.3 with disk layout 4 as the default. However, if this system was previously running HP-UX 11.0 and was updated to 11i, it is very likely that the filesystems will be running with an older disk layout, since disk layout version 3 was the default for 11.0.

To be sure, I'd recommend using the mkfs command with the -m option to verify which disk layout your filesystem is using. For example, on my system I did:

# mkfs -m /dev/vg00/lvol4
mkfs -F vxfs -o ninode=unlimited,bsize=1024,version=4,inosize=256,logsize=1024,nolargefiles /dev/vg00/lvol4 2621440

This shows my filesystem is using disk layout version 4, which means it must be VxFS 3.3 or higher, since disk layout 4 arrived with VxFS 3.3. VxFS 3.1 only supported layouts 2 and 3.

Just to be safe, you should verify that disk layout 4 is being used.

Regards,

Dave

I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

eric roseme · ‎09-07-2004

Hi Emil,

Go ahead an verify that your *shares* are on 3.3 layout 4. If you are, then post me your client version, and send me your smb.conf (eric.roseme@hp.com). Also, let me know exactly what happens when you specify hostname\another (yes - I understand what you mean).

See you later,

Eric

Emil Henry · ‎09-07-2004

Hi Dave!

Thanks for the info. It is version 4.

mkfs -m /dev/vg00/lvol6
mkfs -F vxfs -o ninode=unlimited,bsize=8192,version=4,inosize=256,logsize=256,largefiles /dev/vg00/lvol6 262144

This machine is a clean build.

Regards,

Emil

eric roseme · ‎09-08-2004

In case anybody is follwoing this, there were 2 problems:

1. The shares in question were on an NFS mounted filesystem. NFS can honor ACLs, but not set them. The CIFS/Samba feature is actually setting the POSIX ACL, which cannot be done over a share that is NFS-mounted.

2. CIFS/Samba gets the ACL data from /var/opt/samba/private/smbpasswd. If the smbpasswd file is not populated with valid UNIX users, then the ACL cannot be set. There is a utility for CIFS called /opt/samba/bin/syncsmbpasswd that must be run to sync smbpasswd with /etc/passwd.

Eric Roseme

Dave Olker · ‎09-09-2004

Hi Emil,

Please remember to award points to the people who helped you with your problem. It looks like Eric spent a good deal of offline time working with you on a solution.

Regards,

Dave

I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: CIFS Server and Domain Mismatch Problem

CIFS Server and Domain Mismatch Problem