Bug 12864 - "hide special files" triggered a forcible disconnect + DNS service errors?
"hide special files" triggered a forcible disconnect + DNS service errors?
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.6.4
x64 FreeBSD
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-25 07:54 UTC by Stilez
Modified: 2017-06-26 12:20 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stilez 2017-06-25 07:54:17 UTC
I use Samba on FreeNAS 11.0 serving Windows 8.1.  It’s a standalone FreeNAS server (no AD, no DNS or proxy, etc), but has been rock solid and no issues for many months.

I updated my smb4.conf with a few changes that seemed innocent enough from the Samba wiki.  I was immediately and forcibly thrown off my Samba file share which then couldn’t be browsed.  

After some undo/redo I found the culprit seemed to be linked to the directive “hide special files = yes”.

I’m not that experienced at debugging FreeBSD/Samba/SMB.  The log contained the following error message about 6 times consecutively, one for each time I was troubleshooting and narrowing down the responsible directive. There were no other messages in the log.

Jun 24 22:10:14 svr smbd: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function

It seemed a stable issue in the sense that remove line again = no problems, add it back = forcibly disconnected. My smb4.conf is below.

I couldn’t find anything to suggest a link between this error and the setting, and I can’t see why one would exist. There wasn’t much on the error message either.

------------------------------------
Output of cat /etc/local/smb4.conf :

[global]
    server min protocol = SMB2
    server max protocol = SMB3_11
    encrypt passwords = yes
    dns proxy = no
    strict locking = no
    oplocks = yes
    deadtime = 15
    max log size = 51200
    max open files = 2826902
    logging = file
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    getwd cache = yes
    guest account = nobody
    map to guest = Bad User
    obey pam restrictions = no
    ntlm auth = no
    directory name cache size = 0
    kernel change notify = no
    panic action = /usr/local/libexec/samba/samba-backtrace
    nsupdate command = /usr/local/bin/samba-nsupdate -g
    ea support = yes
    store dos attributes = yes
    lm announce = yes
    time server = yes
    acl allow execute always = true
    dos filemode = yes
    multicast dns register = yes
    domain logons = no
    local master = yes
    idmap config *: backend = tdb
    idmap config *: range = 90000001-100000000
    server role = standalone
    netbios name = SVR
    workgroup = WORKGROUP
    security = user
    pid directory = /var/run/samba
    create mask = 0666
    directory mask = 0777
    client ntlmv2 auth = yes
    dos charset = CP850
    unix charset = UTF-8
    log level = 3

    # CUSTOM OPTIONS:

    # set socket options
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE

    # cache current directory content
    getwd cache = yes

    # speed up SMB by not testing if same filename exists with different casing, when saving
    case sensitive = yes
    preserve case = yes
    short preserve case = yes

    # disable client side caching
    csc policy = disable

    # disable MD5, require AES, prevents downgrade attacks. Also ensure proto negotiation and NTVLM2 proto required
    reject md5 clients = yes
    reject md5 servers = yes
    client use spnego = yes
    client ntlmv2 auth = yes

    # Preferred master - NetBIOS master browser controls
    preferred master = yes
    os level = 100

    # Maximum number of simultaneous SMB operations that clients can make (dflt=50). Increase for busy PCs, VM servers etc (resources are OK)
    max mux = 200
    # Time between checks for an inoperative client (secs)
    keepalive = 60
    # log each client
    # log file = /var/log/samba4/%m.log
    # don't mangle names (said to help win32/64 compatibility)
    mangled names = no
    # set a smaller log size if needed
    #     max log size = 5000
    # Allow plain password sending
    client plaintext auth = no
    # give PID as well as timestamp if debug enabled (in case running multiple threads)
    debug pid = yes
    # pkt size (65535 in older Samba, reduced to 16644 for compatibility with NT4/Win2000/WinForWorkgroups, which we won’t ever use)
    max xmit = 65535
    # Fork SMB echo handler, so clients don't think we're dead if insanely busy or network gets hectic
    async smb echo handler = yes
    # Announce as SMB timekeeper - useful for SMB communication
    time server = yes
    # Allows non-owners able to write a file to to change its times
    dos filetimes = yes
    # normally new files/dirs are owned by creator. This sets the owner/permissions to be inherited from the parent dir. Useful when it's public dir
    inherit owner = yes
    map acl inherit = yes
    # Needed according to samba wiki for Windows ACLs global use:
    map acl inherit = yes
    # Don't allow connections to IPC$ pipes
    nt pipe support = no

    # disable various DOS and OS/2 functions
    # DISABLED UNTIL CLEAR IF NEEDED
    # THERE'S A CHANCE THAT ONE OF THESE MAY BE RESPONSIBLE FOR NOT SEENG SERVER IN NETWORK PLACES ON WINDOWS??
    # store dos attributes - LEAVE THIS AS DEFAULT FOR WINDOWS ACLs PER SAMBA WIKI
    #  map hidden = no
    #  map archive = no
    #  map system = no
    ea support = no

    # MS Distributed file system not used, seems to cause log and connection errors. Test disabling it.
    # host msdfs = no

    # prevents clients from seeing special files such as sockets, devices and fifo's in directory listings.
    #  hide special files = yes