[Samba] Winbind: User can read a file on server but not on a share

Marc Mühlfeld Marc.Muehlfeld at web.de
Mon Sep 11 23:24:41 GMT 2006


Hello,

I have two Domains (DOM1 and DOM2). Each trust each other. Now I configured winbind on PDC1 with the following settings:

        winbind separator = +
        idmap backend = ldap:ldap://192.168.1.4
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%U
        template shell = /bin/bash


On PDC1 i can see the users of DOM2 now:

# wbinfo -u
DOM2+user2
.....


Nsswitch is configured to use winbind too.


I put DOM2+user2 in a global group (mygroup) on DOM1:

# id DOM2+user2
uid=10000(DOM2+user2) gid=10006(DOM2+domain users) groups=10006(DOM2+domain users),1031(mygroup)


I put a file on a share of PDC1 that is readable for mygroup:

# ls -la /share/test.txt
-rw-r-----  1 root mygroup 8 Sep 11 00:16 /share/test.txt


And here`s my problem:

When I do "su - DOM2+user2" on PDC1 I can read the content of this file (because of being a member of the group that has read rights on the file). But when I access the file from a machine out of DOM2, I get a permission denied error message.


Heres the output of log level = 10:

[2006/09/11 03:47:47, 10] lib/util.c:dump_data(2058)
  [000] 00 5C 00 54 00 45 00 53  00 54 00 2E 00 54 00 58  .\.T.E.S .T...T.X
  [010] 00 54 00 00 00                                    .T...
[2006/09/11 03:47:47, 3] smbd/process.c:switch_message(993)
  switch message SMBntcreateX (pid 22401) conn 0x8033e648
[2006/09/11 03:47:47, 4] smbd/uid.c:change_to_user(222)
  change_to_user: Skipping user change - already user
[2006/09/11 03:47:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(506)
  reply_ntcreateX: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x4140 root_dir_f
id = 0x0
[2006/09/11 03:47:47, 5] smbd/filename.c:unix_convert(108)
  unix_convert called on file "TEST.TXT"
[2006/09/11 03:47:47, 10] smbd/statcache.c:stat_cache_lookup(248)
  stat_cache_lookup: lookup succeeded for name [TEST.TXT] -> [test.txt]
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1677)
  is_in_path: test.txt
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1697)
  is_in_path: match not found
[2006/09/11 03:47:47, 2] smbd/dosmode.c:unix_mode(70)
  unix_mode(test.txt) inheriting from .
[2006/09/11 03:47:47, 2] smbd/dosmode.c:unix_mode(78)
  unix_mode(test.txt) inherit mode 40755
[2006/09/11 03:47:47, 3] smbd/dosmode.c:unix_mode(121)
  unix_mode(test.txt) returning 0644
[2006/09/11 03:47:47, 10] smbd/open.c:open_file_ntcreate(1091)
  open_file_ntcreate: fname=test.txt, dos_attrs=0x80 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x4140 unix mode=0644 oplock
_request=3
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1677)
  is_in_path: test.txt
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1697)
  is_in_path: match not found
[2006/09/11 03:47:47, 8] smbd/dosmode.c:dos_mode(300)
  dos_mode: test.txt
[2006/09/11 03:47:47, 8] smbd/dosmode.c:dos_mode_from_sbuf(167)
  dos_mode_from_sbuf returning
[2006/09/11 03:47:47, 8] smbd/dosmode.c:dos_mode(334)
  dos_mode returning
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1677)
  is_in_path: test.txt
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1697)
  is_in_path: match not found
[2006/09/11 03:47:47, 10] smbd/open.c:open_file_ntcreate(1259)
  open_file_ntcreate: fname=test.txt, after mapping access_mask=0x20089
[2006/09/11 03:47:47, 5] smbd/files.c:file_new(128)
  allocated file structure 8902, fnum = 12998 (1 used)
[2006/09/11 03:47:47, 4] smbd/open.c:open_file_ntcreate(1490)
  calling open_file with flags=0x0 flags2=0x0 mode=0644
[2006/09/11 03:47:47, 10] smbd/open.c:fd_open(55)
  fd_open: name test.txt, flags = 00 mode = 0644, fd = -1. Permission denied
[2006/09/11 03:47:47, 3] smbd/open.c:open_file(276)
  Error opening file test.txt (Permission denied) (local_flags=0) (flags=0)
[2006/09/11 03:47:47, 5] smbd/files.c:file_free(450)
  freed files structure 12998 (0 used)
[2006/09/11 03:47:47, 10] smbd/trans2.c:set_bad_path_error(2623)
  set_bad_path_error: err = 13 bad_path = 0
[2006/09/11 03:47:47, 3] smbd/error.c:unix_error_packet(90)
  unix_error_packet: error string = Permission denied
[2006/09/11 03:47:47, 3] smbd/error.c:error_packet(146)
  error packet at smbd/trans2.c(2632) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED




Maybe anybody can tell me what I did wrong.

Best regards
Marc

_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066



More information about the samba mailing list