Section 15.9. Shared Data Integrity

15.9. Shared Data Integrity

The integrity of shared data is often viewed as a particularly emotional issue, especially where there are concurrent problems with multiuser data access. Contrary to the assertions of some who have experienced problems in either area, the cause has nothing to do with the phases of the moons of Jupiter.

The solution to concurrent multiuser data access problems must consider three separate areas from which the problem may stem:

  • application-level locking controls

  • client-side locking controls

  • server-side locking controls

Many database applications use some form of application-level access control. An example of one well-known application that uses application-level locking is Microsoft Access. Detailed guidance is provided here because this is the most common application for which problems have been reported.

Common applications that are affected by client-and server-side locking controls include MS Excel and Act!. Important locking guidance is provided here.

15.9.1. Microsoft Access

The best advice that can be given is to carefully read the Microsoft knowledgebase articles that cover this area. Examples of relevant documents include:



Make sure that your MS Access database file is configured for multiuser access (not set for exclusive open). Open MS Access on each client workstation, then set the following: (Menu bar) Tools+Options+[tab] General. Set network path to Default database folder: \\server\share\folder.

You can configure MS Access file sharing behavior as follows: click [tab] Advanced. Set:

  • Default open mode: Shared

  • Default Record Locking: Edited Record

  • Open databases using record level_locking

You must now commit the changes so that they will take effect. To do so, click ApplyOk. At this point, you should exit MS Access, restart it, and then validate that these settings have not changed.

15.9.2. Act! Database Sharing

Where the server sharing the ACT! database(s) is running Samba,or Windows NT, 200x, or XP, you must disable opportunistic locking on the server and all workstations. Failure to do so results in data corruption. This information is available from the Act! Web site knowledgebase articles 1998223162925[6] as well as from article 200110485036[7].

[6] <>

[7] <>

These documents clearly state that opportunistic locking must be disabled on both the server (Samba in the case we are interested in here), as well as on every workstation from which the centrally shared Act! database will be accessed. Act! provides a tool called Act!Diag that may be used to disable all workstation registry settings that may otherwise interfere with the operation of Act! Registered Act! users may download this utility from the Act! Web site.[8]

[8] <>

15.9.3. Opportunistic Locking Controls

Third-party Windows applications may not be compatible with the use of opportunistic file and record locking. For applications that are known not to be compatible,[9] oplock support may need to be disabled both on the Samba server and on the Windows workstations.

[9] Refer to the application manufacturer's installation guidelines and knowledge base for specific information regarding compatibility. It is often safe to assume that if the software manufacturer does not specifically mention incompatibilities with opportunistic file and record locking, or with Windows client file caching, the application is probably compatible with Windows (as well as Samba) default settings.

Oplocks enable a Windows client to cache parts of a file that are being edited. Another windows client may then request to open the file with the ability to write to it. The server will then ask the original workstation that had the file open with a write lock to release its lock. Before doing so, that workstation must flush the file from cache memory to the disk or network drive.

Disabling of Oplocks usage may require server and client changes. Oplocks may be disabled by file, by file pattern, on the share, or on the Samba server.

The following are examples showing how Oplock support may be managed using Samba smb.conf file settings:

By file:        veto oplock files = myfile.mdb By Pattern:     veto oplock files = /*.mdb/ On the Share:   oplocks = No                 level2 oplocks = No On the server: (in [global])  oplocks = No                level2 oplocks = No 

The following registry entries on Microsoft Windows XP Professional, 2000 Professional, and Windows NT4 workstation clients must be configured as shown here:

REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\             Services\LanmanServer\Parameters]       "EnableOplocks"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\             Services\LanmanWorkstation\Parameters]       "UseOpportunisticLocking"=dword:00000000 

Comprehensive coverage of file and record-locking controls is provided in TOSHARG2, Chapter 13. The information in that chapter was obtained from a wide variety of sources.

Example 15.3.2. A Sample Samba Control Script for Red Hat Linux
#!/bin/sh # # chkconfig: 345 81 35 # description: Starts and stops the Samba smbd and nmbd daemons \ #              used to provide SMB network services. # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [${NETWORKING} = "no"] && exit 0 CONFIG=/etc/samba/smb.conf # Check that smb.conf exists. [-f $CONFIG] || exit 0 # See how we were called. case "$1" in   start)         echo -n "Starting SMB services: "         daemon smbd -D; daemon nmbd -D; echo;         touch /var/lock/subsys/smb         ;;   stop)         echo -n "Shutting down SMB services: "         smbdpids='ps guax | grep smbd | grep -v grep | awk '{print $2}''         for pid in $smbdpids; do                 kill -TERM $pid         done         killproc nmbd -TERM; rm -f /var/lock/subsys/smb         echo ""         ;;   status)         status smbd; status nmbd;         ;;   restart)         echo -n "Restarting SMB services: "         $0 stop; $0 start;         echo "done."         ;;   *)         echo "Usage: smb {start|stop|restart|status}"         exit 1 esac 

Example 15.4.1. DNS Localhost Forward Zone File: /var/lib/named/
$TTL 1W @     IN SOA    @    root (             42      ; serial             2D      ; refresh             4H      ; retry             6W      ; expiry             1W  )      ; minimum       IN NS     @       IN A 

Example 15.4.2. DNS Localhost Reverse Zone File: /var/lib/named/
$TTL 1W @     IN SOA       localhost.      root.localhost. (              42    ; serial              2D    ; refresh              4H    ; retry              6W    ; expiry              1W )     ; minimum       IN NS     localhost. 1     IN PTR       localhost. 

Example 15.4.3. DNS Root Name Server Hint File: /var/lib/named/root.hint
; This file is made available by InterNIC under anonymous FTP as ;       file                /domain/named.root ;       on server           FTP.INTERNIC.NET ; last update: Nov 5, 2002. Related version of root zone: 2002110501 ; formerly NS.INTERNIC.NET .                        3600000  IN  NS    A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET.      3600000      A ; formerly NS1.ISI.EDU .                        3600000      NS    B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET.      3600000      A ; formerly C.PSI.NET .                        3600000      NS    C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET.      3600000      A ; formerly TERP.UMD.EDU .                        3600000      NS    D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET.      3600000      A ; formerly NS.NASA.GOV .                        3600000      NS    E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET.      3600000      A ; formerly NS.ISC.ORG .                        3600000      NS    F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET.      3600000      A ; formerly NS.NIC.DDN.MIL .                        3600000      NS    G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET.      3600000      A ; formerly AOS.ARL.ARMY.MIL .                        3600000      NS    H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET.      3600000      A ; formerly NIC.NORDU.NET .                        3600000      NS    I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET.      3600000      A ; operated by VeriSign, Inc. .                        3600000      NS    J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET.      3600000      A ; housed in LINX, operated by RIPE NCC .                        3600000      NS    K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET.      3600000      A ; operated by IANA .                        3600000      NS    L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET.      3600000      A ; housed in Japan, operated by WIDE .                        3600000      NS    M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET.      3600000      A ; End of File 

Example 15.5.1. LDAP Pre-configuration Script: Part A
#!/bin/bash # # This script prepares the ldif LDAP load file only # # Pattern File Name file=init-ldif.pat # The name of my organization ORGNAME="My Organization" # My Internet domain. ie: if my domain is:, INETDOMAIN="buckets" INETDOMAIN="my-domain" # In the above case, md domain is:, TLDORG="org" TLDORG="org" # This is the Samba Domain/Workgroup Name DOMNAME="MYWORKGROUP" # # Here We Go ... # cat <<EOF How do you wish to refer to your organization? Suggestions:    Black Tire Company, Inc.    Cat With Hat Ltd. How would you like your organization name to appear? EOF echo "Your organization name is: $ORGNAME" echo echo "Enter a new name or, press Enter to Continue." echo 

Example 15.5.2. LDAP Pre-configuration Script: Part B
echo -e -n "Name [$ORGNAME]: "    read name if [ ! -z "$name" ]; then    ORGNAME=${name} fi echo sed "s/ORGNAME/${ORGNAME}/g" < $file > $file.tmp1 # Try to find smb.conf if [ -e /usr/local/samba/lib/smb.conf]; then    CONF=/usr/local/samba/lib/smb.conf elif [ -e /etc/samba/smb.conf]; then    CONF=/etc/samba/smb.conf fi echo "Samba Config File Location [$CONF]: " echo echo "Enter a new full path or press Enter to continue." echo echo -n "Samba Config File Location [$CONF]: "    read name if [ ! -z "$name" ]; then    CONF=$name fi echo # Find the name of our Domain/Workgroup DOMNAME='grep -i workgroup ${CONF} | sed "s/ //g" | cut -f2 -d=' echo Domain Name: $DOMNAME echo sed "s/DOMNAME/${DOMNAME}/g" < $file.tmp1 > $file.tmp2 DOMSID='net getlocalsid ${DOMNAME} | cut -f2 -d: | sed "s/ //g"' echo Domain SID: $DOMSID sed "s/DOMSID/${DOMSID}/g" < $file.tmp2 > $file.tmp1 

Example 15.5.3. LDAP Pre-configuration Script: Part C
cat >>EOL The name of your Internet domain is now needed in a special format as follows, if your domain name is, what we need is the information in the form of:    Domain ID: mydomain    Top level: org If your fully qualified hostname is: where "snoopy" is the name of the machine, Then the information needed is:    Domain ID: garagesale    Top Level: net EOL INETDOMAIN='hostname -d | cut -f1 -d.' echo Found the following domain name: 'hostname -d' echo "I think the bit we are looking for might be: $INETDOMAIN" echo echo -n "Enter the domain name or press Enter to continue: "    read domnam if [ ! -z $domnam ]; then    INETDOMAIN=$domnam fi echo sed "s/INETDOMAIN/${INETDOMAIN}/g" < $file.tmp1 > $file.tmp2 TLDORG='hostname -d | sed "s/${INETDOMAIN}.//g"' echo "The top level organization name I will use is: ${TLDORG}" echo echo -n "Enter the top level org name or press Enter to continue: "    read domnam if [ ! -z $domnam ]; then         TLDORG=$domnam fi sed "s/TLDORG/${TLDORG}/g" < $file.tmp2 > $DOMNAME.ldif rm $file.tmp* exit 0 

Example 15.5.4. LDIF Pattern File Used to Pre-configure LDAP Part A
dn: dc=INETDOMAIN,dc=TLDORG objectClass: dcObject objectClass: organization dc: INETDOMAIN o: ORGNAME description: Posix and Samba LDAP Identity Database dn: cn=Manager,dc=INETDOMAIN,dc=TLDORG objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=INETDOMAIN,dc=TLDORG objectClass: top objectClass: organizationalUnit ou: People dn: ou=Computers,dc=INETDOMAIN,dc=TLDORG objectClass: top objectClass: organizationalUnit ou: Computers dn: ou=Groups,dc=INETDOMAIN,dc=TLDORG objectClass: top objectClass: organizationalUnit ou: Groups dn: ou=Idmap,dc=INETDOMAIN,dc=TLDORG objectClass: top objectClass: organizationalUnit ou: Idmap dn: sambaDomainName=DOMNAME,ou=Domains,dc=INETDOMAIN,dc=TLDORG objectClass: sambaDomain sambaDomainName: DOMNAME sambaSID: DOMSID sambaAlgorithmicRidBase: 1000 structuralObjectClass: sambaDomain 

Example 15.5.5. LDIF Pattern File Used to Pre-configure LDAP Part B
dn: cn=domadmins,ou=Groups,dc=INETDOMAIN,dc=TLDORG objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: domadmins sambaSID: DOMSID-512 sambaGroupType: 2 displayName: Domain Admins description: Domain Administrators dn: cn=domguests,ou=Groups,dc=INETDOMAIN,dc=TLDORG objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: domguests sambaSID: DOMSID-514 sambaGroupType: 2 displayName: Domain Guests description: Domain Guests Users dn: cn=domusers,ou=Groups,dc=INETDOMAIN,dc=TLDORG objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: domusers sambaSID: DOMSID-513 sambaGroupType: 2 displayName: Domain Users description: Domain Users 

Example 15.6.1. Example LAM Configuration File config.cfg
# password to add/delete/rename configuration profiles password: not24get # default profile, without ".conf" default: lam 

Example 15.6.2. LAM Profile Control File lam.conf
ServerURL: ldap:// Admins: cn=Manager,dc=abmas,dc=biz Passwd: not24get usersuffix: ou=People,dc=abmas,dc=biz groupsuffix: ou=Groups,dc=abmas,dc=biz hostsuffix: ou=Computers,dc=abmas,dc=biz domainsuffix: ou=Domains,dc=abmas,dc=biz MinUID: 0 MaxUID: 65535 MinGID: 0 MaxGID: 65535 MinMachine: 20000 MaxMachine: 25000 userlistAttributes: #uid;#givenName;#sn;#uidNumber;#gidNumber grouplistAttributes: #cn;#gidNumber;#memberUID;#description hostlistAttributes: #cn;#description;#uidNumber;#gidNumber maxlistentries: 30 defaultLanguage: en_GB:ISO-8859-1:English (Great Britain) scriptPath: scriptServer: samba3: yes cachetimeout: 5 pwdhash: SSHA 

    Samba-3 by Example. Practical Exercises to Successful Deployment
    Samba-3 by Example: Practical Exercises to Successful Deployment (2nd Edition)
    ISBN: 013188221X
    EAN: 2147483647
    Year: 2005
    Pages: 142

    Similar book on Amazon © 2008-2017.
    If you may any questions please contact us: