I have Synology DS923+ NAS with 32 GB memory and two hard drives in RAID1. It runs Linux 4.4 with the ext4 filesystem. Copying a 20GB file from my laptop to NAS using SMB with 10GbE wired ethernet the transfer is 500MB/s, but after 10%, slower than 100MB/s (same as direct HDD write speed). I changed to vm.dirty_ratio from 30% to 90%. It's ok. It use 4% when normal idle. and changed to vm.dirty_background_ratio from 10% to 3% for faster cache flushing. And... It sends more than 500MB/s to 90%. but last 10% was slowing down: What else can I do to make sure that even in the last 10%, I'm still getting the maximum transfer speed of the network?

I can successfully mount a windows network drive/share using this command: mount -t cfis //servername/sharename /mnt -o 'username=user,sec=ntlmssp' as running this commands prompts a password to be input and then if correct mounts. According to man mount.cifs I should be able to to this. mount -t cfis //servername/sharename /mnt -o 'username=user,password=pwd,sec=ntlmssp' or this PASSWD='pwd' mount -t cfis //servername/sharename /mnt -o 'username=user,sec=ntlmssp' However strangely both those commands fail with this message. mount error(13): Permission denied Now because our company does this "supersmart" thing to require passwords with **special characters** mine does contain a exclamation mark "!". I know that this would have a special meaning to the command line shell, so I have escaped it properly such that if my password was pwd! I would issue those two commands: PASSWD='pwd\!' mount -t cfis //servername/sharename /mnt -o 'username=user,sec=ntlmssp' mount -t cfis //servername/sharename /mnt -o 'username=user,password=pwd\!,sec=ntlmssp' but still it does not work. Connecting to Windows I do not have any particular feeling of urgency to hide my password (of appearing in the bash history) so I would be happy to find a way to skip the password prompt. Mostly I would like to know what the problem is? Lastly I have even tried a credentials file which also did not work.

I logged into SWAT with my nonprivileged user, since the root account is usually disabled on modern Linux systems. I cannot control any Samba parameters by this user. Once I enable the root account, how should I logout from SWAT and re-login into SWAT as root? Or how should I make my nonprivileged user to be able to control Samba parameters? Put the user into certain group? Specify the user in some SWAT config as a privileged one?

Let's say I am the user Alice and I have a publicly accessible folder /samba/public The permissions of the public Samba folder (/samba/public/) are nobody:nogroup and 0777. When Alice tries to copy over something from her home folder to the shared public drive (e.g cp ~/Downloads/* /samba/public), Alice wants the newly copied files to be editable/deletable by all guests who have access to the public Samba share. I want the copied files to be owned by nobody:nogroup and set to 0777. Instead, what happens is that the newly copied files are owned by alice:alice and guest users on the public drive can't edit or delete the files. How can I ensure that future copy/move operations of content from Alice's home folder to the shared/public Samba folder will be owned by nobody:nogroup so that guest users aren't then prevented from deleting/editing the files themselves?

I have a mini PC (Intel Celeron J4005, 4GB RAM, Intel Gigabit NIC), configured with: - Ubuntu (5.4.0-81-generic, installed on sda) - Samba (version 4.11.6-Ubuntu) - FTP (vsftpd, no encryption) - RAID5 (mdadm, md0: sdb-sdc-sdd, USB-SATA) The RAID array is shared via Samba and FTP, but I want to eliminate FTP, all major clients are Windows machines. The problem is that I get way slower speeds through Samba share than FTP: | Device | Method | Read Speed (Mbyte/s, one large file) | |-| -|-| | md0 | local | ~220 | | md0 | LAN, FTP | ~115 (network limit) | | md0 | LAN, Samba | ~48 | | md0 | LAN, Samba, second run (cached in memory) | ~115 (network limit) | | sda | LAN, Samba | ~115 (network limit) | I tried with default Samba settings and with the current one (attached below), but I got the same result. I flushed the cache between tests. iostat output sample (LAN, Samba, first run): Device r/s rkB/s rrqm/s %rrqm r_await rareq-sz w/s wkB/s wrqm/s %wrqm w_await wareq-sz d/s dkB/s drqm/s %drqm d_await dareq-sz aqu-sz %util md0 793.00 433408.00 0.00 0.00 0.00 546.54 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sda 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdb 254.00 16768.00 8.00 3.05 14.74 66.02 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 3.27 84.80 sdc 171.00 16896.00 93.00 35.23 2.99 98.81 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.32 60.80 sdd 161.00 16640.00 101.00 38.55 11.74 103.35 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 1.57 96.00 iostat output sample (LAN, FTP, first run): Device r/s rkB/s rrqm/s %rrqm r_await rareq-sz w/s wkB/s wrqm/s %wrqm w_await wareq-sz d/s dkB/s drqm/s %drqm d_await dareq-sz aqu-sz %util md0 1828.00 292480.00 0.00 0.00 0.00 160.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sda 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdb 458.00 39040.00 153.00 25.04 1.66 85.24 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.18 75.60 sdc 457.00 38976.00 152.00 24.96 1.45 85.29 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.09 70.40 sdd 457.00 38976.00 152.00 24.96 1.59 85.29 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.15 75.20 I have no clue what the problem can be, can someone help me, or at least where I should start investigating? ---------- Samba config: [global] workgroup = WORKGROUP min protocol = SMB3 log level = 1 socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 IPTOS_LOWDELAY SO_KEEPALIVE use sendfile = true aio read size = 65536 aio write size = 65536 read raw = yes write raw = yes getwd cache = yes acl allow execute always = true log file = /var/log/samba/log.%m max log size = 1000 logging = file server role = standalone server obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user [Share] path = /media/hdd writable = yes valid users = myuser directory mode = 0770 create mode = 0660 RAID array configuration: /dev/md0: Version : 1.2 Creation Time : Tue Sep 7 13:19:26 2021 Raid Level : raid5 Array Size : 976441344 (931.21 GiB 999.88 GB) Used Dev Size : 488220672 (465.60 GiB 499.94 GB) Raid Devices : 3 Total Devices : 3 Persistence : Superblock is persistent Intent Bitmap : Internal Update Time : Tue Sep 9 14:37:52 2021 State : clean Active Devices : 3 Working Devices : 3 Failed Devices : 0 Spare Devices : 0 Layout : left-symmetric Chunk Size : 64K Consistency Policy : bitmap Filesystem info: root@MiniPC:~# df -h Filesystem Size Used Avail Use% Mounted on udev 1.8G 0 1.8G 0% /dev tmpfs 371M 12M 360M 3% /run /dev/sda2 58G 3.4G 55G 6% / tmpfs 1.9G 12K 1.9G 1% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup tmpfs 500M 79M 422M 16% /var/cache/apt tmpfs 500M 0 500M 0% /tmp tmpfs 500M 0 500M 0% /var/backups tmpfs 500M 2.2M 498M 1% /var/log tmpfs 500M 0 500M 0% /var/tmp /dev/sda1 511M 5.3M 506M 2% /boot/efi /dev/md0 917G 356G 562G 39% /media/hdd root@MiniPC:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 59.6G 0 disk ├─sda1 8:1 0 512M 0 part /boot/efi └─sda2 8:2 0 59.1G 0 part / sdb 8:16 0 465.7G 0 disk └─sdb1 8:17 0 465.7G 0 part └─md0 9:0 0 931.2G 0 raid5 /media/hdd sdc 8:32 0 465.8G 0 disk └─sdc1 8:33 0 465.8G 0 part └─md0 9:0 0 931.2G 0 raid5 /media/hdd sdd 8:48 0 465.8G 0 disk └─sdd1 8:49 0 465.8G 0 part └─md0 9:0 0 931.2G 0 raid5 /media/hdd

Currently have a CentOS8 server AD integrated using SSSD + automatic SID->UID mapping/generation. I would like to setup some file shares to make use of AD groups, but am struggling to get it set up. Does anybody have an example config that does not make use of winbind? Currently have the following: [global] workgroup = security = ads realm = domain master = no local master = no preferred master = no client min protocol = SMB3 vfs objects = acl_xattr map acl inherit = yes log level = 5 idmap config * : backend = sss idmap config * : range = 10001-2000100000 kerberos method = secrets and keytab I'm not familiar with setting up Samba, so maybe some of those settings dont make sense/are superfluous? I get the following error when trying to start Samba: [2021/02/08 19:26:53.511544, 3] ../../source3/auth/token_util.c:788(finalize_local_nt_token) Failed to check for local Guests membership (NT_STATUS_INVALID_PARAMETER_MIX) [2021/02/08 19:26:53.511550, 0] ../../source3/auth/auth_util.c:1403(make_new_session_info_guest) create_local_token failed: NT_STATUS_INVALID_PARAMETER_MIX [2021/02/08 19:26:53.511603, 0] ../../source3/smbd/server.c:2052(main) ERROR: failed to setup guest info. Thank you

I have an issue when I try to join my domain. I am able to create the kerberos ticket successfully. root@debian:~# kinit Administrateur@ASP.DOMAIN Password for Administrateur@ASP.DOMAIN: root@debian:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrateur@ASP.DOMAIN Valid starting Expires Service principal 26/04/2016 18:20:18 27/04/2016 04:20:18 krbtgt/ASP.DOMAIN@ASP.DOMAIN renew until 27/04/2016 18:20:11 and when I try to join the domain : root@debian:~# net ads join -k Failed to join domain: failed to lookup DC info for domain 'ASP.DOMAIN' over rpc: {Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired. my krb5.conf is: [libdefaults] default_realm = ASP.DOMAIN # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] ASP.DOMAIN = { kdc = asp.domain admin_server = server.domain default_domain = DOMAIN } [domain_realm] .asp.domain = ASP.DOMAIN asp.domain = ASP.DOMAIN My smb.conf : [global] security = ADS realm = ASP.DOMAIN password server = server.domain workgroup = asp.domain winbind separator = / idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes winbind use default domain = yes domain master = no local master = no preferred master = no os level = 0 I have no idea: there is no drop on my firewall. The ticket is ok. I've tried with 3 Domain Controlers. PS : Domain is a variable EDIT : I've tried to do it with samba-tool too root@debian:~# samba-tool domain join ASP.DOMAIN MEMBER -UAdministrateur --real=ASP.DOMAIN ERROR(runtime): uncaught exception - Connection to SAMR pipe of PDC for ASP.DOMAIN failed: Connection to DC failed: NT_STATUS_IO_TIMEOUT File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 606, in run machinepass=machinepass) EDIT 2 : Join is ok ? But wbinfo -u is not ok root@debian:~# net ads join -U Administrateur Enter Administrateur's password: Using short domain name -- DOMAIN Joined 'ASP.DOMAIN' to dns domain 'asp.domain' DNS Update for asp.kapia failed: ERROR_DNS_GSS_ERROR DNS update failed: NT_STATUS_UNSUCCESSFUL root@debian:~# net ads testjoin Join is OK root@debian:~# wbinfo -u could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users EDIT 3 : EDIT 4 : root@debian:~# service winbind status ● winbind.service - LSB: start Winbind daemon Loaded: loaded (/etc/init.d/winbind) Active: active (exited) since mer. 2016-04-27 16:16:00 CEST; 55s ago Process: 2222 ExecStart=/etc/init.d/winbind start (code=exited, status=0/SUCCESS) avril 27 16:16:00 debian winbindd: #5 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_timer_delay+0xcd) [0x7fbc2b11e1cd] avril 27 16:16:00 debian winbindd: #6 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x91ca) [0x7fbc2b11f1ca] avril 27 16:16:00 debian winbindd: #7 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x78e7) [0x7fbc2b11d8e7] avril 27 16:16:00 debian winbindd: #8 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fbc2b11a12d] avril 27 16:16:00 debian winbindd: #9 /usr/sbin/winbindd(main+0xb7c) [0x7fbc325cbc8c] avril 27 16:16:00 debian winbindd: #10 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7fbc2a92db45] avril 27 16:16:00 debian winbindd: #11 /usr/sbin/winbindd(+0x25318) [0x7fbc325cc318] avril 27 16:16:00 debian winbindd: [2016/04/27 16:16:00.971185, 0] ../source3/lib/dumpcore.c:318(dump_core) avril 27 16:16:00 debian winbindd: dumping core in /var/log/samba/cores/winbindd avril 27 16:16:00 debian winbindd:

We have a Samba file server and use Debian Linux for both server and clients. Everything works fine. Except for one thing: If someone opens a LibreOffice document (mainly Calc / *.ods), nobody else can open the same file concurrently, not even "read only" or as a copy. If I try to open such a file, LibreOffice says it is locked by a certain named user or by an unknown user (the latter happens if I rm the ~lock. file). Then I can choose if I want to open the file read-only or if I want to work with a copy of the file. That's fine. But none of both options work! If I choose "open read only", nothing happens. If I choose "work with a copy", an empty Writer document opens up (although I tried to open an ods file with Calc). Next thing I tried: I can't even run md5sum document.ods! It says permission denied. So it's not just LibreOffice that cannot open the file for concurrent read access. LibreOffice seems to put an exclusive lock on the file when it is opened for editing. Nobody else can open the file until the first user closes the document. Any ideas what I could try? Preventing concurrent write access is reasonable. But why does it also block concurrent read access? And how can I disable that? getfacl output on the file server looks fine so far.

We were able to use Samba and NIS on Samba 3.0.8 on Solaris 10 U5. When we update system to Solaris 10 U11, samba version became 3.6.12. And we are unable to authenticate like old style. I did not include some parameters on below(create directory mask,etc...) Old smb.conf [global] workgroup = WORKGROUPNAME server string = Samba Server security = SERVER password server = dc6n, dc7n username map = /etc/sfw/username.map local master = No dns proxy = No wins server = dc6n, dc7n kernel oplocks = No host msdfs = No map archive = No oplocks = No level2 oplocks = No old nsswitch.conf passwd files nis hosts files nis We try to set same configuration to Samba 3.6.12, but it did not work. So I decided to use security = ADS with Kerberos. This is worked but the way we did not want. Because, only windows domain users were able to login and NIS users not. New /etc/smb.conf workgroup = WORKGROUPNAME realm = domain.com security = ADS password server = dc6n.domain.com utmp = Yes idmap config *:backend = tdb idmap config *:range = 5000-9999 idmap config NETADM:backend = tdb idmap config NETADM:range = 10000-90000 idmap uid = 100000-500000 idmap gid = 100000-500000 template homedir = /home/%U template shell = /bin/tcsh winbind cache time = 1800 winbind enum users = No winbind enum groups = No winbind use default domain = Yes winbind separator = / create krb5 conf = No local master = yes domain login = yes domain master = yes preferred master = yes New /etc/nsswitch.conf passwd files winbind nis hosts files winbind nis New /etc/krb5.conf [libdefaults] domain.com = domain.com dns_lookup_kdc = true [realms] symantec.local = { kdc = dc6n.domain.com admin_server = dc6n.domain.com } [domain_realm] .domain.com = domain.com I am able to get users info from AD and NIS with wbinfo and genent commands. How can we authenticate like old style again?

Yesterday I was able to mount my smb share with the following command:

sudo mount -t cifs //XXXX/share /media/share -o user=Ben,password=XXX,workgroup=WORKGROUP,ip=XXX.XX.XX,uid=ben,gid=ben,rw

I don't know why it is not working anymore. (Maybe from system update). I got the following error : mount: only root can mount //XXX.XXX.XXX/share on /home/ben/share I don't know how to fix this problem.. I've also tried to mount it with su -, and Smbclient is working. I'm Running ArchLinux.

I am trying to set up a 2-PC cluster with shared resources: ClusterIP, ClusterSamba, ClusterNFS, DRBD (cloned resource), and a DRBDFS. The beginning of the project followed the [Clusters from Scratch](https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/2.0/html/Clusters_from_Scratch/index.html) guide. When everything in this guide is done, it works without problems. So, I wanted to use parts of that guide and build my own setup: I created one shared IP (ClusterIP) that is automatically assigned to one node, and (here is where it gets tricky) on that node, I mount my /dev/drbd1 device to /exports and then share this mount through **SAMBA** and **NFS**. When I start the cluster, all resources come up as they should, _but DRBD does not go up on the secondary node_ (Primary/Unknown). If I bring it up manually, it syncs and works. Also, when I stop the cluster (or forcibly reboot the first node), all resources transfer to the other node and everything works, _except DRBD on the other node goes into an Unknown state_. ### So now, here is the problem: **Why does DRBD go down on the secondary node when I stop the cluster? Or why doesn't it start in the Secondary role on the secondary node?** Sorry if my description is bad. --- ## Here are the commands I used

# apt install -y pacemaker pcs psmisc policycoreutils-python-utils drbd-utils samba nfs-kernel-server 
# systemctl start pcsd.service
# systemctl enable pcsd.service
# passwd hacluster
# pcs host auth alice bob
# pcs cluster setup myCluster alice bob --force
# pcs cluster start --all
# pcs property set stonith-enabled=false
# pcs property set no-quorum-policy=ignore
# modprobe drbd
# echo drbd >/etc/modules-load.d/drbd.conf
# drbdadm create-md r0
# drbdadm up r0
# drbdadm primary r0 --force
# mkfs.ext4 /dev/drbd1
# systemctl disable smbd
# systemctl disable nfs-kernel-server.service 
# mkdir /exports
# vi /etc/samba/smb.conf 
# vi /etc/exports 
# pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip=10.1.1.30 cidr_netmask=24 op monitor interval=30s
# pcs resource defaults resource-stickiness=100
# pcs resource op defaults timeout=240s
# pcs resource create ClusterSamba lsb:smbd op monitor interval=60s
# pcs resource create ClusterNFS ocf:heartbeat:nfsserver op monitor interval=60s
# pcs resource create DRBD ocf:linbit:drbd drbd_resource=r0 op monitor interval=60s
# pcs resource promotable DRBD promoted-max=1 promoted-node-max=1 clone-max=2 clone-node-max=1 notify=true
# pcs resource create DRBDFS Filesystem device="/dev/drbd1" directory="/exports" fstype="ext4"
# pcs constraint order ClusterIP then ClusterNFS
# pcs constraint order ClusterNFS then ClusterSamba
# pcs constraint order promote DRBD-clone then start DRBDFS
# pcs constraint order DRBDFS then ClusterNFS
# pcs constraint order ClusterIP then DRBD-clone
# pcs constraint colocation ClusterSamba with ClusterIP
# pcs constraint colocation add ClusterSamba with ClusterIP
# pcs constraint colocation add ClusterNFS with ClusterIP
# pcs constraint colocation add DRBDFS with DRBD-clone INFINITY with-rsc-role=Master
# pcs constraint colocation add DRBD-clone with ClusterIP
# pcs cluster stop --all && sleep 2 && pcs cluster start --all

--- ## Configs and stats ### /etc/drbd.d/r0.res

resource r0 {
 device /dev/drbd1;
 disk /dev/sdb;
 meta-disk internal;
 net {
  allow-two-primaries;
 }
 on alice {
  address 10.1.1.31:7788;
 }
 on bob {
  address 10.1.1.32:7788;
 } 
}

--- ### /etc/corosync/corosync.conf

totem {
    version: 2
    cluster_name: myCluster
    transport: knet
    crypto_cipher: aes256
    crypto_hash: sha256
}

nodelist {
    node {
        ring0_addr: alice
        name: alice
        nodeid: 1
    }

    node {
        ring0_addr: bob
        name: bob
        nodeid: 2
    }
}

quorum {
    provider: corosync_votequorum
    two_node: 1
}

logging {
    to_logfile: yes
    logfile: /var/log/corosync/corosync.log
    to_syslog: yes
    timestamp: on
}

--- ### pcs status

Cluster name: myCluster
Stack: corosync
Current DC: alice (version 2.0.1-9e909a5bdd) - partition with quorum
Last updated: Fri May 15 12:28:30 2020
Last change: Fri May 15 11:04:50 2020 by root via cibadmin on bob

2 nodes configured
6 resources configured

Online: [ alice bob ]

Full list of resources:

 ClusterIP      (ocf::heartbeat:IPaddr2):       Started alice
 ClusterSamba   (lsb:smbd):     Started alice
 ClusterNFS     (ocf::heartbeat:nfsserver):     Started alice
 Clone Set: DRBD-clone [DRBD] (promotable)
 Masters: [ alice ]
 Stopped: [ bob ]
 DRBDFS (ocf::heartbeat:Filesystem):    Started alice

Daemon Status:
  corosync: active/disabled
  pacemaker: active/disabled
  pcsd: active/enabled

--- ### pcs constraint --full

Location Constraints:

Ordering Constraints:
  start ClusterIP then start ClusterNFS (kind:Mandatory) (id:order-ClusterIP-ClusterNFS-mandatory)
  start ClusterNFS then start ClusterSamba (kind:Mandatory) (id:order-ClusterNFS-ClusterSamba-mandatory)
  promote DRBD-clone then start DRBDFS (kind:Mandatory) (id:order-DRBD-clone-DRBDFS-mandatory)
  start DRBDFS then start ClusterNFS (kind:Mandatory) (id:order-DRBDFS-ClusterNFS-mandatory)
  start ClusterIP then start DRBD-clone (kind:Mandatory) (id:order-ClusterIP-DRBD-clone-mandatory)
  start ClusterIP then promote DRBD-clone (kind:Mandatory) (id:order-ClusterIP-DRBD-clone-mandatory-1)

Colocation Constraints:
  ClusterSamba with ClusterIP (score:INFINITY) (id:colocation-ClusterSamba-ClusterIP-INFINITY)
  ClusterNFS with ClusterIP (score:INFINITY) (id:colocation-ClusterNFS-ClusterIP-INFINITY)
  DRBDFS with DRBD-clone (score:INFINITY) (with-rsc-role:Master) (id:colocation-DRBDFS-DRBD-clone-INFINITY)
  DRBD-clone with ClusterIP (score:INFINITY) (id:colocation-DRBD-clone-ClusterIP-INFINITY)

Ticket Constraints:

--- ### /proc/drbd

version: 8.4.10 (api:1/proto:86-101)
srcversion: 983FCB77F30137D4E127B83 

 1: cs:WFConnection ro:Primary/Unknown ds:UpToDate/DUnknown C r-----
    ns:0 nr:4 dw:8 dr:17 al:1 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:4

According to the SMB docs server-side copy should work on recent versions of SMB via cp --reflink When trying this with a server running smbd 4.15 (via crazy-max/docker-samba ) and a share mounted with mount -t cifs -o uid=1000,gid=1000,vers=3.1.1 //host/share/ /share, I always get Operation not supported for cp --reflink /share/test /share/test2. The versions on the client machine are:

~$ mount.cifs --version
mount.cifs version: 6.9
~$ uname -r
5.4.0-125-generic

Why is it not working? Any ideas? Thanks!

I'm using [homes] section for every user for their /home/username directory. The code in smb.conf is like this

[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mask = 0664
   directory mask = 2775
   valid users = %S

But I also have a 2nd disk and I want to create /home2/username for everyone on it. Now I add one path for every user like this and it is so tedious.

[jack2]
    browseable = no
    path = /home2/jack
    read only = no
    create mask = 0664
    directory mask = 2775
    valid users = jack

 [fiona2]
    browseable = no
    path = /home2/fiona
    read only = no
    create mask = 0664
    directory mask = 2775
    valid users = fiona
...

I wish there is something like (this doesn't work)

[%S2]
    browseable = no
    path = /home2/%S
    read only = no
    create mask = 0664
    directory mask = 2775
    valid users = %S

so I don't need to add each one for them (the share name has a '2' appended to its name to distinguish it from the normal homes). It it possible? I'm administrator of our private server. I also use lvm on it but since I'm new to lvm and for reliability reason I didn't merge all disks into a whole one so each disk has its home directory. Thanks

We have a departmental file share and using "mount.cifs" in Centos works to connect to the share. Windows clients either standalone or domain joined can access the share. Fine !! We have a Dell storage device running FluidFS. Only Windows clients which are domain joined can connect. * Non domain joined workstations give the

The specified network password is not correct

error. * The Centos machine gives

mount error(13): Permission denied

I have tried all values for the sec option in Centos. Centos extract from /var/log/messages May 19 15:33:25 backup kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount. May 19 15:33:25 backup kernel: Status code returned 0xc000006d STATUS_LOGON_FAILURE May 19 15:33:25 backup kernel: CIFS VFS: Send error in SessSetup = -13 I don't understand what's going on. Any advice is welcome. George

I have provisioned my server to domain controller using samba sudo samba-tool domain provision \ --interactive \ --use-rfc2307 \ --backend-store=mdb \ --backend-store-size=16Gb \ --function-level=2016 \ --option="ad dc functional level = 2016" I can join other machines to domain (using sssd) and log in to them using my domain accounts. But I cannot login to my domain controller with my domain administrator account. I tried sssd, but in every instruction I saw - I need to join computer to domain (but I'm already in the domain as a domain controller). Can anyone tell me if it is possible and if so, how can I do it? While I try to log in sudo login administrator@domain.name I'm getting error - user not found If I id administrator@domain.name or id administrator I also get id: «administrator@domain.name»: There is no such user

I'm trying to test some software on a big endian system to ensure compatibility. My plan is to use qemu on Ubuntu 12.04 to emulate a MIPS system. So far I've been able to create the quest system successfully, but I haven't been able to network it with the host system. I can access the outside world from the guest system (e.g. wget or apt-get), but my attempts at setting up samba have failed. According to this , in QEmu 1.1 and newer the network bridge helper can set tun/tap up for you without the need for additional scripting. I'm trying to use that since I've seen different versions of the scripts. Right now qemu-system-mips -version reports the following: QEMU emulator version 1.0.50 (Debian 1.0.50-2012.03-0ubuntu2.1), Copyright (c) 2003-2008 Fabrice Bellard I've compiled from the 1.4.1 source and used the version from apt-get. Both report the same thing. I'm working under the assumption that I have version 1.1 or later despite what -version is telling me. Anyway, the next instruction was to turn on the setuid attribute for the default network helper: sudo chmod u+s /usr/local/libexec/qemu-bridge-helper Next I created a bridge.conf file in /etc/qemu/ and /usr/local/etc/qemu with -rw-r--r-- for permissions. The contents of the file are: allow br0 If I start QEmu with the following command: qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta -hda disk.img -append "root=/dev/sda1 console=ttyS0" -nographic -net nic -net bridge,br=br0 -smb /home/uli/samba or with qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta -hda disk.img -append "root=/dev/sda1 console=ttyS0" -nographic -netdev bridge,id=hn0 -device virtio-net-pci,netdev=hn0,id=nic1 or with qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta -hda disk.img -append "root=/dev/sda1 console=ttyS0" -nographic -netdev tap,helper=/usr/local/libexec/qemu-bridge-helper,id=hn0 -device virtio-net-pci,netdev=hn0,id=nic1 I get the following error: failed to get mtu of bridge `br0': No such device failed to launch bridge helper qemu-system-mips: -net bridge,br=br0: Device 'bridge' could not be initialized Fair enough, I didn't create the br0 bridge. I've tried creating one with a script I don't understand, but then my quest MIPS QEmu system no longer connects to anything. It sees br0, but it doesn't get an IP address. Clearly I'm doing something wrong here: ifconfig br0 down brctl delbr br0 ifconfig eth2 0.0.0.0 promisc up brctl addbr br0 brctl setfd br0 0 brctl addif br0 eth2 echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp echo 1 > /proc/sys/net/ipv4/ip_forward dhclient br0 ifconfig br0 up Is there an easier way to do this? Personally, I would be fine just using the SMB server on \\10.0.2.4\qemu that's described here , but that hasn't worked for me either (115 errors when I try to mount the share, presumably because of networking trouble). **Update** Once I create the bridge, I see the following output from ifconfig on the host machine: br0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:10.2.32.101 Bcast:10.2.32.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:85 errors:0 dropped:0 overruns:0 frame:0 TX packets:51 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8235 (8.2 KB) TX bytes:9227 (9.2 KB) eth2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:196581 errors:0 dropped:0 overruns:0 frame:0 TX packets:44205 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:139517339 (139.5 MB) TX bytes:3365206 (3.3 MB) Checking the brctl show output, I see the following: bridge name bridge id STP enabled interfaces br0 8000.XXXXXXXXXXXX no eth2 Now I start the quest system in QEmu. If I run ifconfig, I see the following: eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:536 errors:1 dropped:51 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:55083 (53.7 KiB) TX bytes:2862 (2.7 KiB) Interrupt:10 Base address:0x1020 And the bridge looks like this: bridge name bridge id STP enabled interfaces br0 8000.XXXXXXXXXXXX no eth2 tap0 Unfortunately with this setup, the quest system has lost the limited "user mode" networking it once had (i.e. wget and apt-get no longer work). The only IP address I see is for the bridge, so I'm not sure how the quest will appear on the network. The host still appears, at the same IP address as br0. **Update** Here is the output from iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

Samba is configured to use user 'torrent' and group 'users' for guest access. I am not able to alter directory and its contents without them having g+w permissions. I'd like to have this directory writable without g+w permissions. What am i missing ? My smb.conf: [global] security = user map to guest = bad user guest account = torrent [WDC_1T] comment = -- WDC 1TB -- path = /mnt/WDC_1T read only = no writeable = yes guest only = yes guest ok = yes force user = torrent force group = users guest account = torrent create mask = 0644 force create mode = 0644 directory mask = 0755 force directory mode = 0755 created a directory via samba, everything works as supposed: ls -ld _TEST_OK_/ drwxrwxr-x 2 torrent users 4096 02-27 15:42 _TEST_OK_/ created a directory on linux, same permissions, except not writable by group -> no write access: ls -ld _TEST_PERMISSION_ERROR_/ drwxr-xr-x 2 torrent users 4096 02-27 15:40 _TEST_PERMISSION_ERROR_/ ls -lR _TEST_PERMISSION_ERROR_/ -rw-rw-r-- 1 torrent users 0 02-27 15:40 plik1.txt

I am maintaining a samba server for an office environment. So far, whenever there had to be a new user, I called the person over and let him type in his samba password on my console, after I typed smbpasswd -a username. I don't want to know any of the passwords. For the unix passwords, I just let them create a password digest (e.g. http://www.askapache.com/online-tools/htpasswd-generator/) in advance and edit the password file later with vipw -s. Now I have a remote colleague who can't come over to type in his password, but I still don't want to know it at all. How can I edit the samba password without actually knowing the password itself, but just a digest?

When I check samba status it shows me the following errors: service smb status Mar 03 11:17:37 fujitsu.localdomain smbd: Unable to open new log file '/var/log/samba/log.smbd': Permission denied Mar 03 11:17:37 fujitsu.localdomain smbd: [2021/03/03 11:17:37.691484, 0] ../lib/util/debug.c:1055(reopen_logs_internal) Mar 03 11:17:37 fujitsu.localdomain smbd: Unable to open new log file '/var/log/samba/log.smbd': Permission denied Mar 03 11:17:37 fujitsu.localdomain smbd: [2021/03/03 11:17:37.691532, 0] ../lib/util/debug.c:1055(reopen_logs_internal) Mar 03 11:17:37 fujitsu.localdomain smbd: Unable to open new log file '/var/log/samba/log.smbd': Permission denied Mar 03 11:17:37 fujitsu.localdomain smbd: [2021/03/03 11:17:37.728845, 0] ../lib/util/become_daemon.c:138(daemon_ready) Mar 03 11:17:37 fujitsu.localdomain smbd: daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections Mar 03 11:17:37 fujitsu.localdomain systemd: Started Samba SMB Daemon. Mar 03 11:17:37 fujitsu.localdomain smbd: [2021/03/03 11:17:37.732849, 0] ../lib/util/debug.c:1055(reopen_logs_internal) Mar 03 11:17:37 fujitsu.localdomain smbd: Unable to open new log file '/var/log/samba/log.smbd': Permission denied Otherwise status of samba is active but this error really confusing me. I tried to change permissions for this folder but it did't help.

I have shared my home folder over samba as follows: when i try to create folders from windows I get error "cant create" but folder is created. But permissions are all messed up. file is also created but permissions are messed up. As a result I am not able to open/edit these files or folders from windows. $ ls -lZ total 48 d-------w-. 2 sar sar system_u:object_r:samba_share_t:s0 4096 May 27 02:01 'New folder' d-------w-. 2 sar sar system_u:object_r:samba_share_t:s0 4096 May 27 02:01 'New folder (2)' d-------w-. 2 sar sar system_u:object_r:samba_share_t:s0 4096 May 27 02:01 'New folder (3)' --------w-. 1 sar sar system_u:object_r:samba_share_t:s0 0 May 27 02:01 'New Text Document.txt' setup process: # setsebool samba_enable_home_dirs=1 # chcon -R -t samba_share_t /home/sar cfg: [global] workgroup = mywg security = user server string = Samba Server %v netbios name = myserver map to guest = bad user passdb backend = tdbsam # interfaces = 192.168.xx.xx/255.255.255.0 # bind interfaces only = yes # Debug logging information #log level 0 none, 3=HUGE log level = 1 log file = /var/log/samba/%m.samba.log max log size = 50 debug timestamp = yes # security setup server min protocol = SMB3 # server max protocol = SMB3 # SMB3_00: Windows 8, SMB3_02: Windows 8.1, SMB3_10: early Windows 10, SMB3_11: Windows 10 default is SMB3_11 ntlm auth = yes lanman auth = no printing = cups printcap name = cups load printers = yes cups options = raw [homes] comment = Home Directories valid users = %S, %D%w%S read only = No inherit acls = Yes browseable = yes path = /home/%S create mask = 0644 #0002 directory mask = 0755 #002 I want users to be able to create, add/edit files and folders in their home folders freely. which should not be be accessible to others.