SMB issues


I've collected all recent SMB issues in gvfs/Nautilus and made a quick
summary. Some of the issues were discussed with gicmo and seb128 last
week. I wanted to open a discussion on the major design issues before we
start implementing something.

(Some bugs listed here may be Fedora-only bugs, I haven't started filing
their counterparts in Gnome bugzilla yet).

Authentication in gvfs-smb-browse and gvfs-smb
- judging from the number of bugs filed after final Fedora 9 release,
people are having problems accessing their SMB shares. The big issue
here is that list of shares differs with different username. So we need
to allow user choose username (and domain) before exploring the server.
Anonymous login should not be default anymore.
- UI-wise there are several possibilities:
   1. Present user the password dialog (with gnome-keyring integration
of course) having an anonymous option there. Check the attachment for
illustration. One way or another this is rather annoying, when browsing
several servers in short time. 
   2. Use anonymous login by default (if possible, otherwise show login
dialog) and display cluebar in Nautilus (similar to the one in n-c-b)
allowing user to switch user.
   3. Integrate a menu item somewhere (popup menu over the SMB server
icon) allowing to set/switch user.
- anyway credentials used to browse the server should be used too when
mounting the particular share - but here we have an issue with two
separate gvfs backends having need to communicate between each other. If
possible, I want to avoid code duplication in both backends.
- other thing to care about: don't show any prompt dialogs when having
valid kerberos tickets, but of course allow fallback to password entry
when krb login fails (this is something libsmbclient does

Mountspec issues - duplicate mount icons on desktop
- ok, we're setting real username and domain after successful mount now,
- "gvfs-mount -l" output is wrong, should list URIs containing username
and domain (if set). Now it only returns server/share, while is
naturally possible to have one share mounted under different usernames.
  --> modify client/smburi.c
- we have username, domain, server and share parameters available to be
set into mountspec. However username and domain shouldn't be set unless
we really need them. At the moment, non-anonymous mounts have both
username and domain set which confuses Nautilus. 
This causes troubles when user gvfs-mount's smb://server/share but
gvfs-ls can't find this location mounted then because it has username
and domain set in mountspec.
- the domain problem: libsmbclient accepts any domain string and still
usually connects to the share. Sometimes even in ADS domain (weird). We
need to detect when domain is really required to be set in order to
connect to a server.

Domain name doesn't get propagated to backend
- domain is used correctly during login and is set to mountspec. To be
closed when the previous described issue is resolved.

Kerberos authentication issues
- as stated in the bug, we need to supply libsmbclient a fake username.
Keep this in mind when making changes to authentication system in the
- good manual about setting up samba + kerberos:

"Cannot mount smb share when its subdirs are accessible but its root
- patch needs to be redone. Basically, we always try to mount the share
root which clearly fails here. Caching will need to be modified too.
> smbc_stat(smb://server.dom.ain/DynStor)
>> smbc errno NT_STATUS_ACCESS_DENIED -> 13
- the reporter confirmed mounting by path works: 
> uri = create_smb_uri (op_backend->server, op_backend->share, "bar");
- the best way here would be to mount the share root and when it fails,
try mounting the path specified. We're doing two pass stat/login anyway,
which the first one is anonymous try, this will add yet another try.
- hard to reproduce though - anybody has a sample smb.conf for this?
- other way crossing my mind - now we do smbc_stat() only on the share
reporting successful mount when no error. However getting listing can
fail. Wouldn't be better to try listing of the mounted root and return
successful mount only when listing succeeds?

Active smb mounts don't get properly resumed after suspend
- general gvfs issue, connection gets broken. Backends should be able to
re-establish their connections, using credentials from mountspec
- need a testing laptop to reproduce this

Issues when opening 40GB file from a gvfs-fuse-daemon mount - crashing
- testing needed, perhaps already fixed by recent fuse-daemon patches in
- we should test large file handling (> 4GB) across various samba
servers (incl. Windows), otherwise I don't see any reason to fail.

DFS Issues
- to be tested: set up a distributed file system network running several
Windows Servers and try to access a DFS share

Tomas Bzatek

Attachment: Screenshot-Enter Password.png
Description: PNG image

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]