« Directory Services, OpenLDAP and DNS pools | Main | Hiding directories containing spaces in Samba »

Removing ADS for Samba Users

Occasionally, I get a call that my Windows users connected to my Samba server on Mac OS X Server 10.5 can't manipulate a file. They get various errors when trying to open or download the file. The problem seems to be random but consistent; some files show problems, others are fine — even in the same directory.

Consider whether the problem is related to Windows NTFS alternate data streams (ADS). (See also the Wikipedia article.) You can see whether this is the case using the Terminal.

[root@hsd-data-server 10:48:10 /Files/Annoyances]# ls -l@
total 184
-rw-r--r--@ 1 bobjones finances 26112 Sep 21 09:13 FY_10_budget.xls  
:ZONE.IDENTIFIER:$DATA 26
-rw-r--r--@ 1 janedoe finances 62464 Sep 21 09:13 FY_11_budget.xls  
:ZONE.IDENTIFIER:$DATA 26

The extended attribute is the :ZONE.IDENTIFIER:$DATA part and needs to be whacked off. It's expendable. One command uses the xattr command. (Note that you'll need to escape the dollar sign.)

xattr -d :ZONE.IDENTIFIER:\$DATA senate.xls

There are (at least) two additional ways to handle these.

One way is script out a recursive command to run against a directory tree. This blog gives an example of a shell script to execute.

Perhaps the best way is to modify your /etc/smb.conf file to ignore these altogether. Here's an example of the smb.conf file I use on my servers. The critical part here is the last line. Pay special attention to the commented instructions from Apple at the end of the document about where to put your additions (otherwise they risk being wiped out.).

; Site-specific parameters can be added below this comment.
; END required configuration.
[global]
    use kerberos keytab = yes
    realm = stanford.edu
    acl check permissions = no
    veto files = /Thumbs.db/

    veto files = /.DS_Store/
    veto files = /.TemporaryItems/
    client use spnego = yes
    client NTLMv2 auth = no
    client lanman auth = no
    client plaintext auth = no
    lanman auth = no
    log level = 1
    nt acl support = no

This will obviate the need to selectively use the xattr command; I've found no negative consequences of this addition.

TrackBack

TrackBack URL for this entry:
http://www.stanford.edu/group/macosxsig/cgi-bin/mt/mt-tb.cgi/75

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


About

This page contains a single entry from the blog posted on October 16, 2009 11:02 AM.

The previous post in this blog was Directory Services, OpenLDAP and DNS pools.

The next post in this blog is Hiding directories containing spaces in Samba.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Traffic analyzed by Google Analytics. Site powered by Movable Type 4.32-en