HP OpenVMS CIFS Version 1.2 ECO1 Release Notes © Copyright 2011 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. HP CIFS Server is derived from the Open Source Samba product and is subject to the GPL license. Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Table of Contents About this document Intended audience Document organization HP encourages your comments 1 Introduction 1.1 Distribution kit 1.2 How to build HP CIFS sources on OpenVMS 1.3 General information 2 Features 2.1 New features provided by HP CIFS Server Version 1.2 ECO1 2.2 Features provided by HP CIFS Server Version 1.2 2.3 Features provided by HP CIFS Server Version 1.1 ECO1 2.4 Features provided by HP CIFS Server Version 1.1 3 Problems fixed 4 Known problems 5 Limitations List of Tables 1-1 Mandatory kits 1-2 Disk space requirements About this document ------------------- This release notes describes the features, problems fixed, known problems, and limitations found in HP CIFS Server. Intended audience This document is intended for OpenVMS system administrators and network administrators. For more information about the HP CIFS Server, see the HP CIFS Server documentation: http://h71000.www7.hp.com/doc/CIFS.html Document organization The document is organized as follows: Chapter 1 Introduction Provides information about HP CIFS Server software. Chapter 2 Features Describes the features. Chapter 3 Problems Fixed Describes the problems fixed. Chapter 4 Known Problems Describes the known problems. Chapter 5 Limitations Describes the limitations. HP encourages your comments HP encourages your comments and suggestions on this document. Please send comments to: mailto:openvmsdoc@hp.com 1 Introduction -------------- 1.1 Distribution kit The HP CIFS Server software is supported on OpenVMS Alpha and OpenVMS Integrity server systems. The following kits are, ECO kit versions of HP OpenVMS CIFS Version 1.2. * For OpenVMS Alpha Versions 8.3 and 8.4 is: HP-AXPVMS-SAMBA-V0102-ECO1-1.SFX_AXPEXE * For OpenVMS Integrity server Versions 8.3, 8.3-1H1, and 8.4 is: HP-I64VMS-SAMBA-V0102-ECO1-1.SFX_I64EXE Mandatory kits The following kits must be installed prior to installing the HP CIFS Version 1.2 ECO1 kit: Table 1-1 Mandatory kits ------------------------------------------------------------------------------------------- Kit Name OpenVMS Version Architecture ------------------------------------------------------------------------------------------- HP-I64VMS-VMS83I_ACRTL-V0900--4.PCSI$COMPRESSED 8.3 Integrity servers HP-I64VMS-VMS831H1I_ACRTL-V0500--4.PCSI$COMPRESSED 8.3-1H1 Integrity servers HP-I64VMS-VMS84I_UPDATE-V0500--4.PCSI$COMPRESSED 8.4 Integrity servers DEC-AXPVMS-VMS83A_ACRTL-V0700--4.PCSI$COMPRESSED 8.3 Alpha DEC-AXPVMS-VMS84A_UPDATE-V0500--4.PCSI$COMPRESSED 8.4 Alpha ------------------------------------------------------------------------------------------- You must also install Kerberos Version 3.0 or higher. Disk space requirement Table 1-2 lists the disk space required for installing the software. Table 1-2 Disk space requirements ----------------------------------------------------------------------------------- Operating System Disk Space (approximate block size) ----------------------------------------------------------------------------------- OpenVMS Alpha V8.3 and V8.4 94558 OpenVMS Integrity servers V8.3, V8.3-1H1, and V8.4 108960 ----------------------------------------------------------------------------------- 1.2 How to build HP CIFS sources on OpenVMS Following are the steps to build the HP CIFS sources on OpenVMS: 1. Extract the sources provided with the HP CIFS PCSI file from SAMBA$SRC.BCK to a directory on your disk. To extract the source files after the installation completes, enter the following command: $ PRODUCT EXTRACT FILE SAMBA /SELECT=SAMBA$SRC.BCK/SOURCE=[TEST1] The PCSI utility extracts the SAMBA$SRC.BCK file from the kit to the [TEST1] directory, which is the default directory. NOTE: The HP CIFS source can be extracted during installation by using the steps provided in the sample installation log. For more information, see Appendix A in the HP OpenVMS CIFS Administrator's Guide. 2. Install the latest HP C compiler to build source files and the minimum version requirement for the same is Version 7.1. 3. Install HP Module Management System (MMS) for OpenVMS. MMS software for OpenVMS is available from OpenVMS DECSET software package. 4. Execute BUILD.COM in source directory. - If BUILD.COM is executed with the RELEASE parameter, all the executables are placed in the [.BIN.REL] directory. - If BUILD.COM is executed with the DEBUG parameter, all the executables are placed in the [.BIN.DBG] directory. 1.3 General information This section describes the information specific to HP CIFS Server. * Before installing HP CIFS Server Version 1.2 ECO1, ensure that you are not running HP CIFS Server version prior to Version 1.0. If a version prior to HP CIFS Server Version 1.0 exists on the system, you must remove it and then verify the following: 1. Remove all the files under SAMBA_ROOT:[000000]. 2. Logical names starting with SAMBA* must be deassigned. 3. After installing HP CIFS Server Version 1.2 ECO1, if you are copying existing SMB.CONF file to SAMBA$ROOT:[LIB], you must change the following lines: - SAMBA_ROOT with SAMBA$ROOT - guest account = SAMBA__GUEST with guest account = SAMBA$GUEST * Users must install the latest C RTL ECO kits before installing the HP CIFS Server software. Contact HP customer support centers to get the latest C RTL kit. * Uninstalling the HP CIFS Server software displays a prompt whether to retain the SMB.CONF and TDB files. Selecting the "No" option removes all the files including the configuration files. * The default SYSUAF account template, SAMBA$TMPLT can be used to create new OpenVMS user accounts for HP CIFS Server. For more information about how to create new OpenVMS user accounts, see the HP OpenVMS CIFS Administrator's Guide. * While adding new users to OpenVMS, ensure that the UIC is unique and use /ADD_IDENTIFIER qualifier while creating the user. After the user is created, ensure that the user identifier matches with the user name, and the DISUSER flag is not set. * The installation of HP CIFS Server creates five OpenVMS user accounts, namely, SAMBA$SMBD, SAMBA$NMBD, SAMBA$GUEST, SAMBA$TMPLT, and CIFSADMIN. These accounts are internal to HP CIFS Server. You are advised not to modify or change any attributes of SAMBA$SMBD, SAMBA$NMBD, and SAMBA$GUEST accounts. * Executing SAMBA$SHUTDOWN.COM terminates all client sessions or processes in addition to stopping the NMBD process and must be run during system shutdown. * HP CIFS Server honors only the default privileges of an OpenVMS user account. * Migration utility will be provided as a separate kit from HP CIFS Server Version 1.1 onwards. The migration utility can be downloaded from the following web address: http://h71000.www7.hp.com/network/CIFS_for_Samba.html 2 Features ---------- This chapter describes the features of HP CIFS Server. The following are some of the main features supported by the HP CIFS Server: * HP CIFS Server can be configured as a member in any domain (NT4-style and ADS domains). * HP CIFS Server can be configured as a member in an NT-style Primary Domain Controller (PDC) and Backup Domain Controller (BDC). * Provides complete browser functionality. * Supports HP CIFS Server as a Member Server in OpenVMS Cluster. * Provides file security based on OpenVMS File Security. * Supports ODS-5 and ODS-2 volume. * Supports OpenVMS file formats. * Supports ASCII, ISO-8859-1, UTF-8, and VTF-7 character-set. * Supports shares present on NFS and DFS-mounted disks. * Supports session security, NTLMSSP, and 128-bit encryption. * Supports new printer drivers. 2.1 New features provided by HP CIFS Server Version 1.2 ECO1 * A directory present on ODS-2 disk can contain multiple dots upto 39 character length. * Use SAMBA$CONFIG.COM even when SMB.CONF file explicitly includes "lock directory" and "private dir" parameters. * Configure Windows 7 as workstation to CIFS PDC as it can inter-operate along with CIFS Server using the SMBv1 protocol. To configure Windows 7 as workstation to a CIFS PDC before joining it to CIFS PDC: 1. Disable client registry policy for NT4 domains as they do not have DNS names. The registry path is: HKLM\System\CCS\Services\LanManWorkstation\Parameters DWORD DNSNameResolutionRequired = 0 NOTE: Windows 2008 or Windows 7 clients perform DNS name resolution validations to enable detection of mis-configured environments early. 2. Set the value of the following policy to "Send NTLM responses only": Gpedit.msc/Computer Configuration/Windows Settings/Security Settings/Local Policies / Security Policies - "Network security: LAN Manager authentication level" * If SAMBA share path is a search list logical, SAMBA will duplicate the ASV behavior and only honor the first value in search list logical. * testparm utility will resolve all the logicals specified as "path" parameter for up to a maximum of 20 levels (that is, resolution will continue up to 20 levels). * Samba supports system-wide and cluster-wide logicals as a path value for shares. 2.2 Features provided by HP CIFS Server Version 1.2 * Improved installation and automated HP CIFS Server configuration and management * HP CIFS Server as member in Windows ADS Realm * File security improvements: - Simplify the use of mask and mode SMB.CONF parameters - Support for DELETE protection bit with mask and mode SMB.CONF parameters - Ability to set DELETE protection bit from Windows for OWNER/GROUP/WORLD RMS protection mask - Retain VMS ACE order while setting security - Map default_protection ace to create owner/group on windows * Performance enhancements: - Storing file size in an ACE for non-stream format files - Utility to automatically update file length hint values for Sequential VAR and VFC format files - Creation of TDB files using the optimized FDL file - Open file caching * ODS-2 volume support: - Directory enumeration performance improvement - Handle extended ASCII characters in filenames - Allow 79 character length filenames * Support for fixed and undefined format file creation * Support for share security migration from ASV to CIFS * New CIFS utilities and improvements to existing utilities * Support for different id map back ends 2.3 Features provided by HP CIFS Server Version 1.1 ECO1 The section lists the new features provided in this release: * Supports CONTROL flag a) When security is set on a file from a Windows system, the "Full Permission" have been mapped to READ+WRITE+EXECUTE+DELETE+CONTROL permission for that ACE on the OpenVMS system. b) Windows "Take Ownership" and "Change permission" have been mapped to CONTROL on OpenVMS system. c) The normal user who has "Full Permission", "Take Ownership" or "Change Permission" on a file/folder can now grant permissions to other users/groups for that particular file/folder. * Allows administrators to modify owner of the file/folder by changing the ownership to either a Windows domain-user/-group or HP CIFS-user/-group. * Supports the reading of sequential files with record formats of Fixed Length, Undefined, and files with Indexed file organization. * Allows HP CIFS Server to create files in a Stream_LF record format using the new SMB.CONF share level parameter vms rms format (rather than the default Stream record format). NOTE: Previously, this feature was controlled using the vfs objects parameter with a value of streamlf. By default, the value for vms rms format parameter is stream. To create files with a Stream_LF record format, specify the following in the share section of the SMB.CONF file for the applicable share: vms rms format = streamlf NOTE: The parameter vfs objects = varvfc has to be added either for each share definition or in the [global] section of the SMB.CONF file. * Creates SMBD process dumps in a single directory. HP CIFS Server Version 1.2 for OpenVMS provides a logical SAMBA$PROCDMP, which can be defined system-wide. In case there is an abnormal termination of the SMBD process, the SMBD process dump is created in the directory pointed by this logical. * SMBSTATUS displays node specific HP CIFS Server information by using the option --nodename= * Supports migration from Advanced Server PDC to HP CIFS Server PDC. * Supports Windows 2008. To support this feature, set the global SMB.CONF parameter "require strongkey" to "yes" as shown: [global] require strongkey = yes 2.4 Features provided by HP CIFS Server Version 1.1 The section lists the features provided by HP CIFS Server Version 1.1: * The code is based on Samba Version 3.0.28a * Improved performance of HP CIFS Server software * Improved compatibility with Windows Vista clients * Supports port 445 * Supports Primary Domain Controller (PDC) * NTLMv2 support for Windows Vista clients * VFC file support * Improved TDB handling To improve the TBD performance, hashing algorithm used for generating the TDB keys has been changed. Thus, after installing HP CIFS Server Version 1.1 on the existing HP CIFS Server Version 1.0 kit, HP CIFS Version 1.0 TDB files needs to be migrated to Version 1.1 TDB files. During installation of HP CIFS Version 1.1, a TDB migration utility will automatically migrate HP CIFS Server Version 1.0 TDB files to HP CIFS Server Version 1.1 TDB files. * Inheritance of ACLs set on parent objects to child objects * "OPTIONS=DEFAULT" and "DEFAULT_PROTECTION" support in ACEs 3 Problems fixed ---------------- This chapter describes the problems fixed in HP CIFS Server. * Define SMBMANAGE symbol to SAMBA$ROOT:[BIN]SAMBA$MANAGE_CIFS.COM SAMBA$MANAGE_CIFS.COM is used to manage the HP CIFS Server shares, users, groups, account policies, and trusts. A symbol should be used to execute SAMBA$MANAGE_CIFS.COM. * ODS-2 disk related fixes - Memory leak as a part of encode or decode on ODS-2 disk - If the "homes" share login directory is on ODS-2 disk, the user cannot delete the file even with valid permissions. This problem is seen when vms path names parameter is set to 'no' - ODS-2 convert utility used to convert an ODS-2 disk to ODS-5 disk fails - ODS-2 security issue - With HP CIFS Version 1.2, the security tab is missing for shares present on an ODS-2 disk * tdbbackup utility crash The tdbbackup utility uses a default .bak suffix and due to double dot (..) issue in an ODS-2 disk, the tdbbackup file creation fails. * Creation of multiple KRB5.CONF files in the SAMBA$ROOT directory Multiple KRB5.CONF files are created when ADS security mode is used in the SAMBA$ROOT:[VAR.KRB] directory. * Unable to configure CIFS Server as a Member Server to Windows 2008 R2 domain HP CIFS Version 1.2 is unable to join W2k8r2 domain using ADS as a Member Server. * User account created using SAMBA$MANAGE_CIFS.COM set to incorrect password When the script to manage the HP CIFS Server shares, users, groups, account policies, and trusts; SAMBA$MANAGE_CIFS.COM is used, the accounts that are created with this utility displays the incorrect password message even if the user types the correct password. * Issues in SAMBA$CONFIG.COM - Screen setting remains at "Echo Off" when SAMBA$CONFIG.COM is interrupted while the user is prompted for a password, leading to the commands or instructions passed after setting password being not seen on the terminal. - When the Print command option is changed using SAMBA$CONFIG.COM, it acquires an incorrect value. * Channel leak when accessing shares through Windows Channel leak occurs when a CIFS share is accessed through a Windows client. * Buffer-overrun vulnerability issue Stack-based buffer overflow in the sid_parse function in Samba prior to version 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code through a crafted Windows Security ID (SID) on a file share. CVE-2010-3069 was released by Open source Samba for the same. * LAT printers not shared LAT printers cannot be shared on the network using CIFS. * UTF-8 charset is mis-spelled as UTF8 UTF-8 support on CIFS as default UNIX charset is incorrect. * Issues in using Unigraphics CAD Issues are seen while creating files on Samba from TCL scripts within Unigraphics computer aided design (CAD). * NMBD crashes If the system identifier UIC does not match with the system username, the NMBD process crashes and the dump files are formed in the current directory instead of the designated SAMBA$ROOT:[VAR.CORES.NMBD]directory. * Issues while performing file operations When a share has the path of a search list logical, and that logical in turn has files with same name and same version numbers in different directories pointed by it then there are issues in accessing or creating and deleting files. This also leads to data corruption and mismatch. * testparm utility displays incorrect path testparm utility incorrectly translates the path in SMB.CONF for the shares, when the path is a search list logical. * testparm utility modifies UNIX path names testparm utility modifies the UNIX path names which contain logicals to OpenVMS path names. This happens when vms path names parameter is set to 'no'. * Cannot print a document using VARVFC module For a printer share corresponding to a LPD printer queue, when the share has VARVFC module loaded, the crash occurs when printing from a client using a WordPad application. * Issue in recognizing Unicode characters Unicode characters from ^A0-^FF are not recognized by CIFS. * Unable to see file protection when VTF module is used When using VTF module in SMB.CONF, the permissions set to files using ACLs is not honored. The use of the following parameters in SMB.CONF prevent the use of ACLs and show only the protection of the owner, group, and world on the Windows. unix charset = UTF-8 dos charset = CP850 vfs objects = vtf vms path names = no * VFC files show truncation VFC files with print attribute having valid file hint values are truncated when opened on Windows. The file size for VFC PRN files is calculated by reading the entire file irrespective of the file hint values being valid or invalid on ODS-5 disk. For the VFC files with other attributes, the file size is calculated using the file hint values. * MultiNet server does not restart MultiNet server does not restart whenever SMBD services are enabled or disabled, and SMBD processes do not terminate when SMBD services are disabled. * Files that are known to exist are not listed on the CIFS share Using Windows Explorer on a mapped network drive, files that are known to exist are not listed on the CIFS share. * Problem handling StreamLF and record formatted files HP CIFS Server does not support StreamLF and VARVFC VFS object specification (vfs objects=varvfc streamLF) in a share. * Unable to access Home share on ODS-2 disks OpenVMS users who have a login directory pointing to an ODS-2 disk are not able to access the home share present on the ODS-2 disk. * HP CIFS Server does not honour permissions for built-in group users or resource Identifier cifs$users When a user accesses an HP CIFS share that has full permission granted for the built-in group Users or the resource identifier cifs$users associated with it, the user is unable to access the share. * Unable to rename/delete file if host owner has no permission If two VMS users belonging to the same UIC group and the group has no permission to delete a folder, one corresponding domain user cannot delete or rename the files created by the other user. This happens despite the resource identifier granted to these accounts has full permissions to do so. * Unable to access files if user is mapped by username.map file If a domain user is host mapped to a VMS user using file, the permissions granted to a share for the domain group to which the user belongs is not honoured. * Unable to set share permissions using computer management With HP CIFS Server Version 1.1, an administrator cannot set share permissions using Computer Management utility present on Windows. * SMBD process crashes during file creation/modification/deletion in a share SMBD crashes if change notify = no is not present in the SMB.CONF file and/or also if the share path name in the SMB.CONF file is a logical name instead of the full VMS pathname. * HP CIFS Server ignores "vms path names" set to "no" Share path names in UNIX path format existing on ODS-5 disk get converted to VMS path format, even if vms path names = no is specified for the share. * SMBD process crashes at multiple places SMBD process crashes at multiple places due to memory corruption. * TDB migration utility crashes while migrating HP CIFS Version 1.0 TDBs During installation of HP CIFS Server Version 1.1 kit, TDB migration utility crashes while migrating HP CIFS Version 1.0 format TDBs to HP CIFS Version 1.1 format TDBs. * Unable to print a document if data exceeds buffer size After the spool file is created during a print operation and if the data exceeds the user's buffer size, the document is not printed. * NET RPC GROUP MEMBERS crashes while listing global group members When $ NET RPC GROUP MEMBERS is executed, sometimes it results in a NET utility crash. * User permissions disappear while setting permissions on files In some cases, while setting permissions on files or folders from Windows the existing user permissions might disappear. * Too Many Audit Log Messages for Process Creation For each SMBD process creation, audit messages are logged leading to the accumulation of log messages. * SMBD process loops during directory enumeration from Windows With HP CIFS Server Version 1.1, SMBD process loops during directory enumeration from Windows if the share section contains the following SMB.CONF parameters: [sharename] vms path names = no vfs objects = vtf * Audit/Alarm messages generated while trying to access a File When a non-privileged user who is not an OWNER of a file tries to access the file having READ, WRITE, DELETE, and EXECUTE protection for WORLD, the following audit/alarm message gets logged: "%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation" * NET RPC VAMPIRE utility crashes while migrating user accounts When NET RPC VAMPIRE utility is executed to migrate user accounts, it crashes with the following error message: %SYSTEM-F-ACCVIO, access violation, reason mask=04, virtual address=00000000000002EE, PC=00000000005C30A0, PS=0000001B %TRACE-F-TRACEBACK * SMBD process crashes when servicing two user sessions From a Windows client that is a member of the HP CIFS PDC, if two different user sessions are established to the HP CIFS Server, it leads to the abnormal termination of the SMBD process that serves these session requests. * SMBD process crashes if the SYSUAF file has READ access to WORLD When READ permission is granted to WORLD for the System Authorization file instead of the default protection, and when a normal user tries to connect to the HP CIFS Server, the SMBD process created for this user session abnormally terminates. * Unable to print to HP CIFS Server from a normal domain account Unable to print to an HP CIFS Server when the session to the HP CIFS Server is established using a normal domain user account and this account is mapped to the VMS host account with minimum privileges using username map file. * Accumulation of browse.dat files in cluster When the HP CIFS Server is configured on multiple nodes in a cluster that uses common SAMBA$ROOT disk, all the nodes running the HP CIFS Server uses the same browse.dat file. This leads to an accumulation of browse.dat files as there is no synchronization in writing to the browse.dat file. 4 Known problems ---------------- This chapter describes the known problems in HP CIFS Server. * Issues in cluster when ALLOCLASS SYSGEN parameter is set to 0 Problem: If ALLOCLASS SYSGEN parameter is set to 0 and if you run CIFS in cluster where more than one node share the same SAMBA$ROOT installation directory, the following problem is observed: When two Windows clients connect to CIFS Server on two different nodes in a cluster and try to open the same file, there is no way for CIFS to know that the clients are trying to open the same file. This can lead to unpredictable results. Workaround: Use one of the following solutions: - Set ALLOCLASS SYSGEN parameter to non-zero value. - Each node must have the following: * ALLOCLASS value that is different from all other nodes in the cluster * To obtain a DECC$SHR image, contact HP Support Center. * Kerberos authentication fails Problem: When CIFS is configured as Member Server to a Windows domain using ADS security mode, if the user is a member of many groups, Kerberos authentication for the user fails. Workaround: You must install Kerberos patch. Contact HP Support Center to obtain the Kerberos patch. Issues if the logical name translation exceeds 1024 characters Problem: CIFS supports the logical name translation up to 20 levels. If the logical name translation exceeds 1024 characters, it might cause unexpected behavior from Samba. Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. * Problem in accessing share when configuration of Samba server is changed Problem: When changing the configuration of Samba server from "Member Server with security = ADS" to any other security mode, it might lead to problems in accessing the shares with the new configuration. Workaround: Execute NET ADS LEAVE command when changing the configuration of HP CIFS Server. * NET RPC VAMPIRE utility fails Problem: $NET RPC VAMPIRE "-S" "-U%password" command fails with the following error message: Fetching DOMAIN database Receiving SMB: Server stopped responding rpc_api_pipe: Remote machine pipe \NETLOGON fnum 0x4returned critical error. Error was Call timed out: server did not respond after 10000 milliseconds Failed to fetch domain database: NT_STATUS_IO_TIMEOUT This occurs due to timing issues. Workaround: Execute the command with the debug log level 10 as shown: $NET RPC VAMPIRE "-S" "-U%password" -d10 * NET RPC VAMPIRE utility response delayed Problem: $NET RPC VAMPIRE "-S" "-U%password" takes a long time to respond. This command tries to communicate through port 445, which takes a long time to respond. Workaround: The solution is to hard code the port number to 139 as shown: $NET RPC VAMPIRE "-S" "-U%password" --port 139 * NET RPC JOIN or NET RPC TESTJOIN fails with an error message Problem: While configuring HP CIFS Server as member server to a domain with Advanced Server for OpenVMS (ASV) as PDC in a cluster environment, the following error message is displayed: Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Workaround: If the cluster alias name exists for ASV, you must specify the ASV cluster alias name when attempting to communicate with the ASV. This can be done using "-S" or "-server" option on the NET commands and in HP CIFS Server utilities. * Protections and ACLs are not displayed correctly Problem: Protections and ACLs are not displayed correctly on Windows by right-clicking and selecting Properties -> Security option. Workaround: In order to avoid this problem, click on "Advanced" tab on the Properties dialog box to view the correct values set on a particular file or directory. HP will address this problem in a future release of HP CIFS Server . * SMBPASSWD utility crash Problem: Unprivileged users attempting to change the password by using the SMBPASSWD utility results in a crash. Workaround: An administrator can log in to OpenVMS system using a privileged account and use SMBPASSWD utility to modify user passwords. On a Windows client, user can change the password by pressing Ctrl+Alt+Delete and then clicking the "change password" button. "The Network Name cannot be Found" error message "The network name cannot be found" is a common error message and is due to one of the following misconfigurations: - User trying to access the share does not have sufficient permissions. To access the share, user needs to be granted the Read (r) permission - User specified a share name that does not exist. * File size allocated on the disk is more than the actual file size Problem: When an attempt is made to save a text file using Notepad application, the following error message is displayed: "file already exists, do you want to overwrite" When you overwrite the file, it occupies 10000 blocks (5MB) even though the size of the file is just 1 block. Workaround: Edit SAMBA$SMBD_STARTUP.COM file and change the value for /EXTEND_QUANTITY as shown: $ SEARCH [BIN]SAMBA$SMBD_STARTUP.COM;1 10000 $ SET RMS_DEFAULT /EXTEND_QUANTITY=1 $! * HP CIFS utilities crash Problem: Executing HP CIFS Server utilities such as PDBEDIT from a user account that does not match the Rights Identifier results in a crash. Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. * NET RPC JOIN command fails Problem: When using the "-I" option with the $ NET RPC JOIN command, it fails with the following error message: $ NET RPC JOIN "-UADMINISTRATOR%IONETADM$1" "-I" 16.113.6.131 [2007/10/11 17:35:28, 0] SAMBA$SRC:[SOURCE.UTILS]NET_RPC_JOIN.C;1:(349) Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain IONETW2K3 Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. * Problem with user mappings stored in username.map file Problem: User mappings stored in the username map file do not work if the file format is other than Stream record format. Workaround: In order to avoid this problem, ensure that you use the username.map file located in the directory SAMBA$ROOT:[LIB]. If you create a user name map file on OpenVMS system, convert the file to Stream record format by executing the following command: $ SET FILE/ATTRIBUTE=(RFM:STM,MRS:0,LRL:0) SAMBA$ROOT:[LIB] * Problem with VFS sharable on a share Problem: On ODS-2 disk, if you specify "VARVFC" VFS sharable on a share, server becomes slow and sometimes operation fails due to large number of files. Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. * "net time" utility crash Problem: On OpenVMS Alpha, "net time" utility crashes with "-d2" option. Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. * Telnetsymbion print queues prints arbitrary characters Problem: If HP CIFS Server is configured with Telnetsymbion printer queue and tries to print a text file using the Notepad, an arbitrary character is printed. Workaround: Use the DCPS or LPD OpenVMS print queue which provides libraries by default. HP will address this problem in a future release of HP CIFS Server. * Setting client capacity with SAMBA$CONFIG Problem: The client capacity is to set to double the number that is specified. Since HP CIFS Server Version 1.1 provides support for connection on TCP port 445 (SMB over TCP/IP) in addition to TCP port 139 (SMB over NetBIOS TCP/IP), the "client capacity" set by SAMBA$CONFIG.COM is really double what the administrator specifies. For example, if the admin specifies a value of 50, the SMBD445 service has a limit of 50 and so does the SMBD service. Workaround: You can divide the client capacity numbers between the 139 and 445 ports. HP will address this problem in a future release of HP CIFS Server. * Issues while adding Advanced Server for OpenVMS as Member Server Problem: While adding Advanced Server for OpenVMS as a member server to HP CIFS PDC, there are issues while establishing secure channel with HP CIFS PDC, admin logon and so on. Workaround: There is no workaround and this is a limitation due to Advanced Server. * Using groups in Username map file does not work Problem: The functionality of using a group name in the username.map file does not work. Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. * Issues with NET RPC TRUSTDOM commands Problem: If you are trying to add a trust without a corresponding OpenVMS account (with the name $) fails without any error message. The command completes as though it is successful but actually it has failed. If you are trying to list the trusted domain entries containing the word "none" even when there are valid entries in the list. Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. * NMBD Process starts looping when configured for WINS server Problem: When HP CIFS Server is configured for WINS server with the following setting in the SMB.CONF file: [global] wins support = yes dns proxy =yes NMBD process becomes compute bound Workaround: Currently, HP CIFS does not support dns proxy parameter. So, set the dns proxy = no in the SMB.CONF file. HP will address this problem in a future release of HP CIFS Server. * Problems with share level security Problem: Share level security does not allow any users to login. Workaround: You must have SAMBA$GUEST account in the passdb.tdb database. HP will address this problem in a future release of HP CIFS Server. * NET RPC FILE CLOSE command does not work Problem: When the user tries to close an open file using NET RPC CLOSE FILE command, it fails without any error message. Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. * Cannot login to Windows Vista with Microsoft Signing enabled Problem: Currently, with SMB signing enabled on client ("Microsoft network client: Digitally sign communication (always)") and server, Windows client can be added successfully as a workstation to the domain. But after joining the domain successfully, Windows cannot login using the HP CIFS account and the following error message is displayed: "The trust relationship between this workstation and the primary domain controller failed." With "Microsoft network client: Digitally sign communication (if server agrees)" enabled both joining and login works fine. Workaround: There is no workaround. HP will address this problem in a future release of HP CIFS Server. 5 Limitations ------------- This chapter describes the limitations in HP CIFS Server. The limitations that are applicableto HP CIFS Server on OpenVMS Integrity servers are also applicable to HP CIFS Server on OpenVMS Alpha. * A file without an extension cannot be created if a directory of same name exists. * Advanced Server for OpenVMS cannot be configured as a Member Server to the HP CIFS PDC due to technical limitations. * With HP CIFS Server, it is not possible to access or create a directory containing "." (dot) in its name when the directory is located on an ODS-2 disk. * HP CIFS Server does not support external authentication. * The SMB.CONF printing parameter is hard-coded to the value "OpenVMS" and cannot be changed. * The SMB.CONF load printers parameter is hard-coded to the value "NO" and cannot be changed. * Printcap file is not supported on HP CIFS Server. * If the file share are present on ODS-2 disk, HP CIFS Server does not support Unicode characters in file names. * HP CIFS Server does not support Windows Administrative tools such as User Manager. * HP CIFS Server does not support SMB File Systems (SMBFS). * The Windows 200x or Windows XP Microsoft Management Console (MMC) cannot be used to manage HP CIFS Server. * While using the VTF modules you cannot create directories with non-ASCII characters on Windows. * HP CIFS Server does not support SMBPASSWD backend. * HP CIFS Server does not support "smbcquotas" utility as the quotas are not supported by the VMS server. * On HP CIFS Server, there is a limit on the maximum number of users that can be created automatically. This restriction is due to the SYSUAF database group on OpenVMS as the UIC value cannot be greater than 37776 (Octal) which equals to 16382 (decimal). If the number of automatically created users exceeds the limit, then HP CIFS Server fails with the following error message in the log file if the log level is set to greater than 5. 334598850 Which translates to %UAF-E-UICERR, error in UIC specification. * If HP CIFS Server is configured as PDC, the name of the workstations that are getting added to HP CIFS Server PDC must not exceed 11 characters. This limitation is due to the OpenVMS user name length limited to 12 characters in SYSUAF database. * SMBSTATUS utility does not display session information for anonymous sessions. This is by design as storing anonymous session information in sessionid.tdb is expensive.