In my configuration, the smb.conf file is auto-generated and I can't change it. As generated, it does however include a series of other files, and I can make my local modifications to one of those files. My modifications will affect the [global] section - so the cumulative effect is that [global] gets defined in the smb.conf, which I can't change, and then the settings are either added to or modified by a file that is included from smb.conf. The smb.conf file and other files also set or change other sections. I observer that testparm correctly reports that all of the include files are loaded and the resulting services and settings are as I expect. However, nmbd does not load all of the files meaning that some of the settings I expect to be applied are not actually set. In looking at the source, nmbd makes a call: if (!lp_load_initial_only(get_dyn_CONFIGFILE())) { DEBUG(0, ("error opening config file\n")); exit(1); } And this "lp_load_initial_only" appears to try to load enough of the configuration to get the [global] section, and then stop. It's means of stopping are to find that it has loaded something after [global], and then it stops reading all configuration files, including any "include" files from smb.conf. To fix my problem, I have modified "loadparam.c" so that lp_load_initial_only is changed to: bool lp_load_initial_only(const char *pszFname) { return lp_load_ex(pszFname, false, // was true false, false, true, false, false); } The effect of this is to change the second parameter ("global_only") from false to true, so that all sections are loaded - this allows [global] to be loaded in pieces from several files with intervening sections if thats how those files are presented. A further change in nmbd is required: in "reload_nmbd_services", the call: ret = lp_load(get_dyn_CONFIGFILE(), True , False, False, True); Needs to change to: ret = lp_load(get_dyn_CONFIGFILE(), False, False, False, True); Again, this change ensures that all files are loaded. A quick check shows that similar changes are probably needed to at least smbd and winbind. Allowing these programs to load all sections from all files, always, will ensure that all include files are correctly processed. At present, testparm is telling lies. In my case, I can't use samba at all until these patches are applied. Comment: It appears that the methods of loading parameters include an optimisation to only part-load the configuration files - and this is the root cause of the problem. On modern computers the additional work in loading all of the files is minimal, and this optimisation is probably no longer warranted. Platform: Netgear ReadyNAS NVX, linux: debian "etch" with netgear modifications and patches (though this does not really make any difference).
Jeremy, would you like to comment on this one?
Jeremy, is this one really blocker bug?
(In reply to comment #2) > Jeremy, is this one really blocker bug? I've categorised this as block because it is preventing me from deploying Samba (until I have patched and rebuilt it...and because I don't have the full package set used on my device to build the original, the rebuild in turn has other problems).
This isn't a generic Samba blocker - lowering importance to "normal". Setting up configure files so that sub-files include modifications to the [global] section is a very strange setup (sorry that this affects you, but it really is an odd way to do things). I'm interested in fixing this, can you post your auto-generated smb.conf files so we can see if making this change is a good idea ? Jeremy.
In the below, a line of --------------------------------- indicates the start / end of a file... its me separating one file from another. OK... here is the smb.conf file (you will note that this does not begin with a [global] section... this is not me doing this, this is how it has been auto-generated): ------------------------------------------------------------------- # This file is auto-generated. Do not modify! [printers] path = /var/spool/samba printable = 1 public = 1 use client driver = 1 [global] allow trusted domains = 1 delete readonly = 1 dos charset = CP437 encrypt passwords = 1 follow symlinks = 1 guest account = nobody hostname lookups = 0 idmap gid = 35000-65000 idmap uid = 35000-65000 load printers = 1 local master = 1 log level = 0 auth:2 map acl inherit = 1 max log size = 256 name resolve order = "lmhosts host wins bcast" null passwords = 1 obey pam restrictions = 1 oplocks = 0 passdb backend = tdbsam passwd program = "/usr/bin/passwd %u" preferred master = 1 preserve case = 1 security = user server string = %h short preserve case = 1 socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=262144 SO_RCVBUF=262144 store dos attributes = 1 syslog = 0 syslog only = 0 template homedir = /c/home/%U unix charset = UTF-8 unix password sync = 1 veto files = "/.AppleDouble/.AppleDB/.AppleDesktop/.DS_Store/.TemporaryItems/T heVolumeSettingsFolder/TheFindByContentFolder/Network Trash Folder/Temporary It ems/" wins server = wins support = 1 workgroup = MBS include = /etc/frontview/samba/smb.conf.%a include = /etc/frontview/samba/Shares.conf include = /etc/frontview/samba/Shares.conf.%U include = /etc/frontview/samba/addons/addons.conf [homes] admin users = admin","Administrator browseable = 0 comment = "Private user folder" public = 0 root preexec = "/bin/chmod 700 /c/home/%U" valid users = %S,"admin","Administrator writeable = 1 ------------------------------------------------------------------- Here is an example (one of many) of /etc/frontview/samba/smb.conf.%a (this one is "smb.conf.WinXP", you will note that due to the way it is included, this extends the [global] section): ------------------------------------------------------------------- use sendfile = 1 deadtime = 10 vfs objects = acl_xattr ------------------------------------------------------------------- Here is an examples of /etc/frontview/samba/Shares.conf ------------------------------------------------------------------- [backup] path = /c/backup comment = "Backup Share" oplocks = 1 force create mode = 0666 create mask = 0666 force directory mode = 1777 directory mask = 1777 admin users = "admin","Administrator" available = 0 valid users = "admin","Administrator","nobody" write list = "admin","Administrator" [webroot] path = /c/webroot admin users = "admin","Administrator" writeable = 1 ------------------------------------------------------------------- NOTE: the above files are all auto-generated from other configuration information. The program that generates these files is a binary (no source), not a script, so modification of it is not possible. The files as shown also include the file: /etc/frontview/samba/addons/addons.conf This is what I have placed into this file: ------------------------------------------------------------------- # # Samba configuration file ADDITIONS to make the NAS act as a Domain # Controller. # # These settings extend the defaults applied by Netgear AND MAY CONFLICT # with or extend that function. # #======================= Global Settings ===================================== [global] # # Options for the name of the machine # # (The machine operates in user mode unless FrontView is used to change it, # and that would be bad, things will break.) # netbios name = XXX-SVR server string = XXXServer # set by main config file and FrontView - override here security = user # set by main config file and FrontView - override here workgroup = XXX max protocol = SMB2 # # Security options - only serve machines in the local Class C subnet # and also in the OpenVPN subnet # # hosts allow = 192.168.94. 127. 10.8.0. # # Browser Master Control Options # local master = yes os level = 65 # # Domain master and logon options # domain master = yes preferred master = yes domain logons = yes logon drive = H: logon home = \\%L\%U logon path = \\%L\profiles\%U\%a logon script = mbs_logon.bat map to guest = Never show add printer wizard = no # # Windows Internet Name Server is turned on, these might be set # by Frontview but are overridden here for good measure. # wins support = yes name resolve order = "wins bcasts hosts" # # Allow time serving # time server = yes # # Password, login, user add and authentication options # Set by Frontview, override here # # passdb backend = tdbsam # set by main config # # Generic settings - shares are browsable unless explicitly set otherwise # browseable = yes hide dot files = yes invalid users = bin daemon sys man postfix mail ftp ntp mysql admin admin users = @Domain.Admins, root # # These scripts are used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts # add user script = /usr/sbin/useradd -g Domain.Users -s /bin/bas h -d /c/home/%u -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/bin/gpasswd -a %u %g delete user from group script = /usr/bin/gpasswd -d %u %g add machine script = /usr/sbin/useradd -g machines -c Machine -d / dev/null -s /bin/false %u # AFTER THIS POINT ARE A SERIES OF SHARE DEFINITIONS, THE CONTENTS OF WHICH # ARE NOT RELEVANT HERE. ------------------------------------------------------------------- Final note: All of these auto-generated files can't be modified (well they can, but any changes will be lost on the next machine reboot where these config files EXCEPT the addons file will be re-generated). The only means I have to apply a customisation is to include it in the addons file, and as-shipped samba does not read the config file (and all its includes) in its entirety.
Additional note: - running testparm shows that all of the config files are loaded, and shows a complete services dump - running smbd or nmbd does not load all of the files, and thus the services actually in use are incomplete (even if the [global] section is not being modified in a later included file) As it is, testparm is not performing "according to the label", in that it gives a misleading impression of what is actually going to happen. At its root this seems to be related to the method used to load the configuration which involves a "shortcut" or abbreviated load. Once upon a time that may have made sense, but these days I think this makes the code more complex without delivering a great deal of performance value when starting samba, or when the configuration file(s) change.
I hate to sound like a whiner, however this has now been open for 2.5 years, the corrections are very simple, and I'm looking at upgrading my installed samba version to the latest release. Is there any chance at all of a resolution of this?