> Message du 05/03/12 10:48 > De : "sergio.conrad" > A : "Jeff Layton" > Copie à : > Objet : Re: cifs oplock windows share > > > Hi, > > I am sorry for the lack of clarity of my precendents posts: > subject: mount share problems with fedora core 14, winbind,pam_mount,cifs windows 2008/ > subject: why I do echo 0 > /proc/fs/cifs/OplockEnabled on windows 2008 share > subject: It doesn't work in 2K8R2 > > Here is the configuration made in the workstations > > 1°) the workstations are joined to active directory on 2008 with the authconfig command: > authconfig --update --kickstart --enableshadow --enablemd5 --enablewinbind --enablewinbindauth --smbsecurity=ads --smbworkgroup=$WORKGROUP --smbrealm=$REALM --smbservers=$DC --winbindtemplatehomedir=/home/%U --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --enablelocauthorize --enablemkhomedir > 2°) Changes are made to the files /etc/pam.d/system-auth and /etc/pam.d/password-auth with the sed commands > session optional pam_mount.so > sed -i 's/\(^.*auth[\t ]*required[\t ]*pam_deny\.so.*\)/auth optional pam_mount\.so use_first_pass\n\1/' /etc/pam.d/system-auth > sed -i 's/\(^.*session[\t ]*optional[\t ]*pam_mkhomedir\.so.*\)/\1\nsession optional pam_mount\.so/' /etc/pam.d/system-auth > > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_fprintd.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 1000 quiet > auth sufficient pam_winbind.so use_first_pass > auth optional pam_mount.so use_first_pass > auth required pam_deny.so > account required pam_unix.so broken_shadow > account sufficient pam_localuser.so > account sufficient pam_succeed_if.so uid < 1000 quiet > account [default=bad success=ok user_unknown=ignore] pam_winbind.so > account required pam_permit.so > password requisite pam_cracklib.so try_first_pass retry=3 type= > password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok > password sufficient pam_winbind.so use_authtok > password required pam_deny.so > session optional pam_keyinit.so revoke > session required pam_limits.so > -session optional pam_systemd.so > session optional pam_mount.so > session optional pam_mkhomedir.so > session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid > session required pam_unix.so > > 3°) Changes are made in the /etc/security/pam_mount.conf.xml > > > 4°) Everything is working fine when working only with a few workstations. > > 5°) But when the students were working on severals, we find some problems. > In the /var/log/messages > Oct 5 16:42:24 u1209-01l kernel: [ 58.783078] CIFS VFS: No response for cmd 114 mid 1 > Oct 5 16:42:24 u1209-01l kernel: [ 58.783094] CIFS VFS: cifs_mount failed w/return code = -112 > Oct 5 16:42:24 u1209-01l kdm: :0[1926]: pam_mount(mount.c:64): Errors from underlying mount program: > Oct 5 16:42:24 u1209-01l kdm: :0[1926]: pam_mount(mount.c:68): mount error(112): Host is down > Oct 5 16:42:24 u1209-01l kdm: :0[1926]: pam_mount(mount.c:68): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > Oct 5 16:42:24 u1209-01l kdm: :0[1926]: pam_mount(pam_mount.c:521): mount of data/u20 failed > The windows 2008 server share hangs up and must be rebooted > > 6°) I dot not find much informations on this problem execpt in > http : //blog.dhampir.no/content/cifs-vfs-no-response-for-cmd-n-mid > "On a few systems, I've noticed CIFS mounts have a tendency to lock up the system when transferring large files, or a shitload of small ones in quick succession. When this happens, the system may or may not completely lock up, and lines like these will appear in your syslog:" > ... > > I have experimented this in /etc/rc.d/rc.local > modprobe cifs > echo 0 > /proc/fs/cifs/OplockEnabled > and the problem seems to be resolved. (On windows 2008) > 7°) > With windows 2008 R2, this do not resolve the problem... > dcdiag gives ... (sorry in french) > Démarrage du test : SysVolCheck > [SVT1] Une opération net use ou LsaPolicy a échoué avec l'erreur 64, > Le nom réseau spécifié n'est plus disponible.. > ......................... Le test SysVolCheck > de SVT1 a échoué > > Démarrage du test : NetLogons > [SVT1] Une opération net use ou LsaPolicy a échoué avec l'erreur 64, > Le nom réseau spécifié n'est plus disponible.. > ......................... Le test NetLogons > de SVT1 a échoué > Démarrage du test : Services > Impossible d'ouvrir IPC distant à [svt1.svt.snap.fsi] : erreur 0x40 > « Le nom réseau spécifié n'est plus disponible. » > ......................... Le test Services > de SVT1 a échoué > > Thank you for looking at this problem. > Serge > > > > Message du 02/03/12 17:43 > > De : "Jeff Layton" > > A : "sergio.conrad" > > Copie à : linux-cifs@xxxxxxxxxxxxxxx > > Objet : Re: cifs oplock windows share > > > > On Fri, 02 Mar 2012 17:21:44 +0100 > > "sergio.conrad" wrote: > > > > > > > > Thanks for your response. > > > > > > I am actually migrating users data from a windows 2008 R2 file server to another windows 2008. > > > I fear i don't understand why I have to disable oplocks. > > > > > > > I fear that I don't either. I was just speculating. > > > > > Is the cifs protocol compatible with windows 2008 smb ? > > > > Yes. I often test against win2k8 and don't see this problem. > > > > > Must I specify max protocol =smb2 in samba ? > > > > You mean in smb.conf? The cifs client doesn't use that at all. That's > > for the samba userspace code. cifs.ko does not support smb2 at this > > time. > > > > > The issue this day: > > > Linux Cifs mount on Windows 2008 (via pam_mount): work with oplocks disabled. > > > Linux cifs mount on Windows 2008 R2 (via pam_mount): don't seems to work even with oplocks disabled > > > (Perhaps thereis another problem on the server but I don't think so) > > > > > > > I can't help much with this since you haven't provided any details. > > > > "works" and "doesn't work" doesn't tell me anything about what's really > > wrong. If you say "it failed with this error message" or "I got this > > error message in the log when I attempted it", then that may tell us > > something. > > > > -- > > Jeff Layton > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? > Je crée ma boîte mail www.laposte.net > Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
