[Samba] Accessing member server prompts for credentials

Mike Galvez mrg8n at virginia.edu
Fri Jun 20 19:41:39 GMT 2008 

Hi,

I'm having a similar issue with 3.0.28a on FreeBSD 7 (installed via ports).

The net join to ADS was successful and wbinfo -u -g and -t return users, groups and success 
for trust secret, but I'm still prompted for credentials when trying to access a share. 

The client log error shows:

[2008/06/20 14:48:06, 2] smbd/service.c:make_connection_snum(616)
  user 'MYDOMAIN\mrg8n' (from session setup) not permitted to access this share
(mrg8n)
[2008/06/20 14:48:06, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2008/06/20 14:49:06, 3] smbd/sec_ctx.c:set_sec_ctx(307)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0


Will the patch below work for 3.0.28a?

Thanks

	-Mike


On Fri, Jun 20, 2008 at 10:28:57AM -0700, Jeremy Allison wrote:
> On Fri, Jun 20, 2008 at 08:29:52AM +0000, Leon Stringer wrote:
> > > From: Jeremy Allison <jra at samba.org>
> > > Date: 2008/06/19 Thu PM 04:58:55 GMT
> > > To: Leon Stringer <leon.stringer at ntlworld.com>
> > > CC: samba at lists.samba.org
> > > Subject: Re: [Samba] Accessing member server prompts for credentials
> > > 
> > > On Thu, Jun 19, 2008 at 10:08:34AM +0000, Leon Stringer wrote:
> > > > 
> > > > Toby: thanks for prompting me, I had missed those comments. I've configured nsswitch.conf hopefully correctly.
> > > > 
> > > > And when I do wbinfo -t I get:
> > > > 
> > > >   the trust secret via RPC calls succeeded
> > > > 
> > > > but only for the first five minutes after starting winbindd. After 
> > > > five minutes I get:
> > > > 
> > > >   checking the trust secret via RPC calls failed
> > > >   error code was  (0x0)
> > > >   Could not check secret
> > > > 
> > > > wbinfo -u does not work at any point.
> > > > 
> > > > log.winbindd-idmap says:
> > > > 
> > > > [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
> > > >   async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it.
> > > > [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
> > > >   Could not receive trustdoms
> > > > 
> > > > Any more advice gratefully received.
> > > 
> > > What Samba version is this please ? Looks like a bug I've fixed
> > > recently.
> > > 
> > 
> > 3.0.30 (Fedora 8 package).
> 
> Yep, this is definately something I fixed recently. Here is
> the patch. If you aren't able to apply it, Jerry is planning
> 3.0.31 (soon) to address this.
> 
> Jeremy.

> diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c
> index 636d635..c79bb46 100644
> --- a/source/nsswitch/winbindd.c
> +++ b/source/nsswitch/winbindd.c
> @@ -117,14 +117,21 @@ static void flush_caches(void)
>  
>  /* Handle the signal by unlinking socket and exiting */
>  
> -static void terminate(void)
> +static void terminate(bool in_parent)
>  {
> -	pstring path;
> -
> -	/* Remove socket file */
> -	pstr_sprintf(path, "%s/%s", 
> -		 WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
> -	unlink(path);
> +	if (in_parent) {
> +		/* When parent goes away we should
> +		 * remove the socket file. Not so
> +		 * when children terminate.
> +		 */ 
> +
> +		pstring path;
> +
> +		/* Remove socket file */
> +		pstr_sprintf(path, "%s/%s", 
> +			WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
> +		unlink(path);
> +	}
>  
>  	idmap_close();
>  	
> @@ -731,10 +738,10 @@ void winbind_check_sighup(void)
>  }
>  
>  /* check if TERM has been received */
> -void winbind_check_sigterm(void)
> +void winbind_check_sigterm(bool in_parent)
>  {
>  	if (do_sigterm)
> -		terminate();
> +		terminate(in_parent);
>  }
>  
>  /* Process incoming clients on listen_sock.  We use a tricky non-blocking,
> @@ -901,7 +908,7 @@ static void process_loop(void)
>  
>  	/* Check signal handling things */
>  
> -	winbind_check_sigterm();
> +	winbind_check_sigterm(true);
>  	winbind_check_sighup();
>  
>  	if (do_sigusr2) {
> diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c
> index 7176a25..7b79734 100644
> --- a/source/nsswitch/winbindd_dual.c
> +++ b/source/nsswitch/winbindd_dual.c
> @@ -1005,7 +1005,7 @@ static BOOL fork_domain_child(struct winbindd_child *child)
>  		main_loop_TALLOC_FREE();
>  
>  		/* check for signals */
> -		winbind_check_sigterm();
> +		winbind_check_sigterm(false);
>  		winbind_check_sighup();
>  
>  		run_events(winbind_event_context(), 0, NULL, NULL);

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Mike Galvez

More information about the samba mailing list