[Samba] Accessing member server prompts for credentials
Mike Galvez
mrg8n at virginia.edu
Fri Jun 20 19:41:39 GMT 2008
Hi,
I'm having a similar issue with 3.0.28a on FreeBSD 7 (installed via ports).
The net join to ADS was successful and wbinfo -u -g and -t return users, groups and success
for trust secret, but I'm still prompted for credentials when trying to access a share.
The client log error shows:
[2008/06/20 14:48:06, 2] smbd/service.c:make_connection_snum(616)
user 'MYDOMAIN\mrg8n' (from session setup) not permitted to access this share
(mrg8n)
[2008/06/20 14:48:06, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2008/06/20 14:49:06, 3] smbd/sec_ctx.c:set_sec_ctx(307)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Will the patch below work for 3.0.28a?
Thanks
-Mike
On Fri, Jun 20, 2008 at 10:28:57AM -0700, Jeremy Allison wrote:
> On Fri, Jun 20, 2008 at 08:29:52AM +0000, Leon Stringer wrote:
> > > From: Jeremy Allison <jra at samba.org>
> > > Date: 2008/06/19 Thu PM 04:58:55 GMT
> > > To: Leon Stringer <leon.stringer at ntlworld.com>
> > > CC: samba at lists.samba.org
> > > Subject: Re: [Samba] Accessing member server prompts for credentials
> > >
> > > On Thu, Jun 19, 2008 at 10:08:34AM +0000, Leon Stringer wrote:
> > > >
> > > > Toby: thanks for prompting me, I had missed those comments. I've configured nsswitch.conf hopefully correctly.
> > > >
> > > > And when I do wbinfo -t I get:
> > > >
> > > > the trust secret via RPC calls succeeded
> > > >
> > > > but only for the first five minutes after starting winbindd. After
> > > > five minutes I get:
> > > >
> > > > checking the trust secret via RPC calls failed
> > > > error code was (0x0)
> > > > Could not check secret
> > > >
> > > > wbinfo -u does not work at any point.
> > > >
> > > > log.winbindd-idmap says:
> > > >
> > > > [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
> > > > async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it.
> > > > [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
> > > > Could not receive trustdoms
> > > >
> > > > Any more advice gratefully received.
> > >
> > > What Samba version is this please ? Looks like a bug I've fixed
> > > recently.
> > >
> >
> > 3.0.30 (Fedora 8 package).
>
> Yep, this is definately something I fixed recently. Here is
> the patch. If you aren't able to apply it, Jerry is planning
> 3.0.31 (soon) to address this.
>
> Jeremy.
> diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c
> index 636d635..c79bb46 100644
> --- a/source/nsswitch/winbindd.c
> +++ b/source/nsswitch/winbindd.c
> @@ -117,14 +117,21 @@ static void flush_caches(void)
>
> /* Handle the signal by unlinking socket and exiting */
>
> -static void terminate(void)
> +static void terminate(bool in_parent)
> {
> - pstring path;
> -
> - /* Remove socket file */
> - pstr_sprintf(path, "%s/%s",
> - WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
> - unlink(path);
> + if (in_parent) {
> + /* When parent goes away we should
> + * remove the socket file. Not so
> + * when children terminate.
> + */
> +
> + pstring path;
> +
> + /* Remove socket file */
> + pstr_sprintf(path, "%s/%s",
> + WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
> + unlink(path);
> + }
>
> idmap_close();
>
> @@ -731,10 +738,10 @@ void winbind_check_sighup(void)
> }
>
> /* check if TERM has been received */
> -void winbind_check_sigterm(void)
> +void winbind_check_sigterm(bool in_parent)
> {
> if (do_sigterm)
> - terminate();
> + terminate(in_parent);
> }
>
> /* Process incoming clients on listen_sock. We use a tricky non-blocking,
> @@ -901,7 +908,7 @@ static void process_loop(void)
>
> /* Check signal handling things */
>
> - winbind_check_sigterm();
> + winbind_check_sigterm(true);
> winbind_check_sighup();
>
> if (do_sigusr2) {
> diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c
> index 7176a25..7b79734 100644
> --- a/source/nsswitch/winbindd_dual.c
> +++ b/source/nsswitch/winbindd_dual.c
> @@ -1005,7 +1005,7 @@ static BOOL fork_domain_child(struct winbindd_child *child)
> main_loop_TALLOC_FREE();
>
> /* check for signals */
> - winbind_check_sigterm();
> + winbind_check_sigterm(false);
> winbind_check_sighup();
>
> run_events(winbind_event_context(), 0, NULL, NULL);
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
Mike Galvez
More information about the samba
mailing list