Removing ADS for Samba Users

| No Comments | No TrackBacks

Occasionally, I get a call that my Windows users connected to my Samba server on Mac OS X Server 10.5 can't manipulate a file. They get various errors when trying to open or download the file. The problem seems to be random but consistent; some files show problems, others are fine — even in the same directory.

Consider whether the problem is related to Windows NTFS alternate data streams (ADS). (See also the Wikipedia article.) You can see whether this is the case using the Terminal.

[root@hsd-data-server 10:48:10 /Files/Annoyances]# ls -l@
total 184
-rw-r--r--@ 1 bobjones finances 26112 Sep 21 09:13 FY_10_budget.xls  
:ZONE.IDENTIFIER:$DATA 26
-rw-r--r--@ 1 janedoe finances 62464 Sep 21 09:13 FY_11_budget.xls  
:ZONE.IDENTIFIER:$DATA 26

The extended attribute is the :ZONE.IDENTIFIER:$DATA part and needs to be whacked off. It's expendable. One command uses the xattr command. (Note that you'll need to escape the dollar sign.)

xattr -d :ZONE.IDENTIFIER:\$DATA senate.xls

There are (at least) two additional ways to handle these.

One way is script out a recursive command to run against a directory tree. This blog gives an example of a shell script to execute.

Perhaps the best way is to modify your /etc/smb.conf file to ignore these altogether. Here's an example of the smb.conf file I use on my servers. The critical part here is the last line. Pay special attention to the commented instructions from Apple at the end of the document about where to put your additions (otherwise they risk being wiped out.).

; Site-specific parameters can be added below this comment.
; END required configuration.
[global]
    use kerberos keytab = yes
    realm = stanford.edu
    acl check permissions = no
    veto files = /Thumbs.db/

    veto files = /.DS_Store/
    veto files = /.TemporaryItems/
    client use spnego = yes
    client NTLMv2 auth = no
    client lanman auth = no
    client plaintext auth = no
    lanman auth = no
    log level = 1
    nt acl support = no

This will obviate the need to selectively use the xattr command; I've found no negative consequences of this addition.

No TrackBacks

TrackBack URL: http://www.stanford.edu/group/macosxsig/cgi-bin/mt/mt-tb.cgi/75

Leave a comment

About this Entry

This page contains a single entry by Noah Abrahamson published on October 16, 2009 11:02 AM.

Directory Services, OpenLDAP and DNS pools was the previous entry in this blog.

Hiding directories containing spaces in Samba is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.