Bug 8437 - nmbd does not load all include files
nmbd does not load all include files
Status: NEW
Product: Samba 3.5
Classification: Unclassified
Component: Nmbd
x86 Linux
: P5 normal
: ---
Assigned To: Jeremy Allison
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2011-09-06 12:19 UTC by Ashleigh
Modified: 2014-03-01 04:06 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Ashleigh 2011-09-06 12:19:25 UTC
In my configuration, the smb.conf file is auto-generated and I can't change it.

As generated, it does however include a series of other files, and I can make my local modifications to one of those files.

My modifications will affect the [global] section - so the cumulative effect is that [global] gets defined in the smb.conf, which I can't change, and then the settings are either added to or modified by a file that is included from smb.conf.

The smb.conf file and other files also set or change other sections.

I observer that testparm correctly reports that all of the include files are loaded and the resulting services and settings are as I expect. However, nmbd does not load all of the files meaning that some of the settings I expect to be applied are not actually set.

In looking at the source, nmbd makes a call:

	if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
		DEBUG(0, ("error opening config file\n"));

And this "lp_load_initial_only" appears to try to load enough of the configuration to get the [global] section, and then stop. It's means of stopping are to find that it has loaded something after [global], and then it stops reading all configuration files, including any "include" files from smb.conf.

To fix my problem, I have modified "loadparam.c" so that lp_load_initial_only is changed to:

bool lp_load_initial_only(const char *pszFname)
	return lp_load_ex(pszFname,
			  false,  // was true

The effect of this is to change the second parameter ("global_only") from false to true, so that all sections are loaded - this allows [global] to be loaded in pieces from several files with intervening sections if thats how those files are presented.

A further change in nmbd is required:

in "reload_nmbd_services", the call:

	ret = lp_load(get_dyn_CONFIGFILE(), True , False, False, True);

Needs to change to:

	ret = lp_load(get_dyn_CONFIGFILE(), False, False, False, True);

Again, this change ensures that all files are loaded.

A quick check shows that similar changes are probably needed to at least smbd and winbind.

Allowing these programs to load all sections from all files, always, will ensure that all include files are correctly processed. At present, testparm is telling lies. In my case, I can't use samba at all until these patches are applied.

It appears that the methods of loading parameters include an optimisation to only part-load the configuration files - and this is the root cause of the problem. On modern computers the additional work in loading all of the files is minimal, and this optimisation is probably  no longer warranted.

Netgear ReadyNAS NVX, linux: debian "etch" with netgear modifications and patches (though this does not really make any difference).
Comment 1 Karolin Seeger 2011-09-15 18:56:34 UTC
Jeremy, would you like to comment on this one?
Comment 2 Karolin Seeger 2011-09-22 20:01:22 UTC
Jeremy, is this one really blocker bug?
Comment 3 Ashleigh 2011-09-22 23:01:11 UTC
(In reply to comment #2)
> Jeremy, is this one really blocker bug?

I've categorised this as block because it is preventing me from deploying Samba (until I have patched and rebuilt it...and because I don't have the full package set used on my device to build the original, the rebuild in turn has other problems).
Comment 4 Jeremy Allison 2011-10-11 20:17:40 UTC
This isn't a generic Samba blocker - lowering importance to "normal". Setting up configure files so that sub-files include modifications to the [global] section is a very strange setup (sorry that this affects you, but it really is an odd way to do things).

I'm interested in fixing this, can you post your auto-generated smb.conf files so we can see if making this change is a good idea ?

Comment 5 Ashleigh 2011-10-13 10:54:31 UTC
In the below, a line of --------------------------------- indicates the start / end of a file... its me separating one file from another.

OK... here is the smb.conf file (you will note that this does not begin with a [global] section... this is not me doing this, this is how it has been auto-generated):


# This file is auto-generated.  Do not modify!

 path = /var/spool/samba
 printable = 1
 public = 1
 use client driver = 1

 allow trusted domains = 1
 delete readonly = 1
 dos charset = CP437
 encrypt passwords = 1
 follow symlinks = 1
 guest account = nobody
 hostname lookups = 0
 idmap gid = 35000-65000
 idmap uid = 35000-65000
 load printers = 1
 local master = 1
 log level = 0 auth:2
 map acl inherit = 1
 max log size = 256
 name resolve order = "lmhosts host wins bcast"
 null passwords = 1
 obey pam restrictions = 1
 oplocks = 0
 passdb backend = tdbsam
 passwd program = "/usr/bin/passwd %u"
 preferred master = 1
 preserve case = 1
 security = user
 server string = %h
 short preserve case = 1
 socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=262144 SO_RCVBUF=262144
 store dos attributes = 1
 syslog = 0
 syslog only = 0
 template homedir = /c/home/%U
 unix charset = UTF-8
 unix password sync = 1
 veto files = "/.AppleDouble/.AppleDB/.AppleDesktop/.DS_Store/.TemporaryItems/T
heVolumeSettingsFolder/TheFindByContentFolder/Network Trash Folder/Temporary It
 wins server =
 wins support = 1
 workgroup = MBS

include = /etc/frontview/samba/smb.conf.%a
include = /etc/frontview/samba/Shares.conf
include = /etc/frontview/samba/Shares.conf.%U
include = /etc/frontview/samba/addons/addons.conf

 admin users = admin","Administrator
 browseable = 0
 comment = "Private user folder"
 public = 0
 root preexec = "/bin/chmod 700 /c/home/%U"
 valid users = %S,"admin","Administrator
 writeable = 1


Here is an example (one of many) of /etc/frontview/samba/smb.conf.%a
(this one is "smb.conf.WinXP", you will note that due to the way it is included, this extends the [global] section):


 use sendfile = 1
 deadtime = 10
 vfs objects = acl_xattr


Here is an examples of /etc/frontview/samba/Shares.conf


  path = /c/backup
  comment = "Backup Share"
  oplocks = 1
  force create mode = 0666
  create mask = 0666
  force directory mode = 1777
  directory mask = 1777
  admin users = "admin","Administrator"
  available = 0
  valid users = "admin","Administrator","nobody"
  write list = "admin","Administrator"

  path = /c/webroot
  admin users = "admin","Administrator"
  writeable = 1


NOTE: the above files are all auto-generated from other configuration information. The program that generates these files is a binary (no source), not a script, so modification of it is not possible.

The files as shown also include the file: /etc/frontview/samba/addons/addons.conf

This is what I have placed into this file:


# Samba configuration file ADDITIONS to make the NAS act as a Domain
# Controller.
# These settings extend the defaults applied by Netgear AND MAY CONFLICT
# with or extend that function.
#======================= Global Settings =====================================

# Options for the name of the machine
# (The machine operates in user mode unless FrontView is used to change it,
# and that would be bad, things will break.)
   netbios name  = XXX-SVR
   server string = XXXServer

# set by main config file and FrontView - override here
   security      = user

# set by main config file and FrontView - override here
   workgroup     = XXX

   max protocol = SMB2

# Security options - only serve machines in the local Class C subnet
# and also in the OpenVPN subnet
#   hosts allow   = 192.168.94. 127. 10.8.0.

# Browser Master Control Options
   local master = yes
   os level     = 65

# Domain master and logon options
   domain master    = yes
   preferred master = yes
   domain logons    = yes
   logon drive      = H:
   logon home       = \\%L\%U
   logon path       = \\%L\profiles\%U\%a
   logon script     = mbs_logon.bat

   map to guest     = Never
   show add printer wizard = no

# Windows Internet Name Server is turned on, these might be set
# by Frontview but are overridden here for good measure.
   wins support = yes
   name resolve order = "wins bcasts hosts"

# Allow time serving
   time server = yes

# Password, login, user add and authentication options
# Set by Frontview, override here
#   passdb backend = tdbsam     # set by main config

# Generic settings - shares are browsable unless explicitly set otherwise
   browseable = yes
   hide dot files = yes
   invalid users = bin daemon sys man postfix mail ftp ntp mysql admin
   admin users = @Domain.Admins, root

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
  add user script               = /usr/sbin/useradd -g Domain.Users -s /bin/bas
h -d /c/home/%u -m %u
  delete user script            = /usr/sbin/userdel -r %u

  add group script              = /usr/sbin/groupadd %g
  delete group script           = /usr/sbin/groupdel %g

  add user to group script      = /usr/bin/gpasswd -a %u %g
  delete user from group script = /usr/bin/gpasswd -d %u %g

  add machine script            = /usr/sbin/useradd -g machines -c Machine -d /
dev/null -s /bin/false %u



Final note: All of these auto-generated files can't be modified (well they can, but any changes will be lost on the next machine reboot where these config files  EXCEPT the addons file will be re-generated). The only means I have to apply a customisation is to include it in the addons file, and as-shipped samba does not read the config file (and all its includes) in its entirety.
Comment 6 Ashleigh 2011-10-16 05:04:47 UTC
Additional note:

- running testparm shows that all of the config files are loaded, and shows a complete services dump

- running smbd or nmbd does not load all of the files, and thus the services actually in use are incomplete (even if the [global] section is not being modified in a later included file)

As it is, testparm is not performing "according to the label", in that it gives a misleading impression of what is actually going to happen.

At its root this seems to be related to the method used to load the configuration which involves a "shortcut" or abbreviated load. Once upon a time that may have made sense, but these days I think this makes the code more complex without delivering a great deal of performance value when starting samba, or when the configuration file(s) change.
Comment 7 Ashleigh 2014-03-01 04:06:18 UTC
I hate to sound like a whiner, however this has now been open for 2.5 years, the corrections are very simple, and I'm looking at upgrading my installed samba version to the latest release.

Is there any chance at all of a resolution of this?