sone weired bugs
Jens Skripczynski
jens.skripczynski at igd.fhg.de
Sun Jan 16 13:52:22 GMT 2000
Hi,
i think I ran over some strange bugs.
Setup:
SAMBA 3.0 with TNG.
PDC: SHADOWLAND
Domain: PRIVAT
Client: TirNaOrg (NT4 SP4 German)
1)
I can connect to my Printer on shadowland by using \\shadowland\lp.
But I did not configure a share named "lp" ?! Is this a bug or a feature ?
2)
Most of the RPC to shadowland from TirNaOrg fail, some only when logged in as
Domain User:
\\PRIVAT\Jens: the IPC connect fails. I cannot open "network
nei..."->"shadowland" =. The error "Auf \\shadowland kann nicht zugegriffen
werden. \n Beim abgesetzten Proceduraufruf (RPC) ist ein Protokollfehler
aufgetreten" Meaning something like "Cannot access \\shadowland. \n With the
Procedure Call (RPC) a protocoll Error accured".
But connecting as \\TIRNAORG\administrator:
Everything works fine. I see the anonymous shares the Printers directory and
my (configured) Printer "hp4p".
-- Where can I trace this error ?
2) The Usermanager fail to work:
(Tried to translate) "With the Procedure Call (RPC) a protocoll Error accured.
Do you want to select another Domain to administer".
3) netlogond:
The Logfile tells me the following:
file_changed: Unable to stat file /usr/local/etc/samba/private/domaingroup.map.
Error was Permission denied
">sudo ls -la /usr/local/etc/samba/private/"
total 9
drwx------ 3 root root 1024 Jan 14 22:57 .
drwxr-xr-x 5 root root 1024 Jan 13 22:37 ..
-rw------- 1 root root 46 Jan 13 22:37 PRIVAT.SHADOWLAND.mac
-rw-r--r-- 1 root root 42 Jan 13 22:33 PRIVAT.SID
-rw-r--r-- 1 root root 20 Jan 14 22:40 domaingroup.map
-rw-r--r-- 1 root root 19 Jan 14 22:57 domainuser.map
-rw-r--r-- 1 root root 29 Jan 13 20:40 localgroup.map
drwxr-xr-x 2 root root 1024 Dec 17 16:57 old
-rw------- 1 root root 638 Jan 15 17:49 smbpasswd
As I run samba as root netlogon should find the file and access it...
Also after starting netlogond in the logfile the following line give me a
headache:
Added interface ip=192.168.0.254 bcast=192.168.0.255 nmask=255.255.255.0
Added interface ip=10.0.0.254 bcast=10.0.0.255 nmask=255.255.255.0
standard input is not a socket, assuming -D option
create_pipe_socket: /var/lock/samba/.msrpc perms=448
/var/lock/samba/.msrpc/NETL
OGON perms=448
*** Please someone examine create_pipe_socket and fix it ***
*** if used other than for exclusive root access ***
*** (see perms, which should be 0700 and 0600) ***
*** there is a race condition to be exploited. ***
--> remove on /var/lock/samba/.msrpc/NETLOGON failed <--
waiting for a connection
Why does he want to remove his own pipe/socket ? Even he does not fail to
operate. What shall this logmessage tell me ?
3)
Here is a log of smbd:
ftp is my anonymous user.
Jens is myself.
LP is my Printer !
lib/access.c:check_access(258) Allowed connection from TirNaOrg.sc (10.0.0.3)
smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file.
smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file.
smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [claudia]
smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [jens]
smbd/password.c:pass_check_smb(504) Couldn't find user 'lp' in smb_passwd file.
rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(140) user session key not available (yet).
rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(141) password-change operations may fail.
a) As user ftp is my anonymous user, why does samba complain about not being in
the smbpasswd file ?
b) I _did_ use the correct password ! Why does samba tell
a invalid password ? Is this a wrong log message ?
c) Why does samba suddenly look up a share name as a user ?
4) All the socket daemons give the following error :
*** Please someone examine create_pipe_socket and fix it ***
*** if used other than for exclusive root access ***
*** (see perms, which should be 0700 and 0600) ***
*** there is a race condition to be exploited. ***
Isn't there a way to implement something similar to fetchmail or sshd
who check at the start for the correct file perms ?
as dirmode 0700 root.root and 0600 root.root filemode shouldn't be possibly
exploited.
5) The changing of file permissions on samba shares does not work either.
Again some RPC error...
6) When i configure the Profiles directory with a sticky bit (mode 1777)
The TNG tree automatically makes a Profile directory under the Profile share
when the user first logs in. The 3.0/tng combination fails.
7) How good are 3.0 and tng connected together. I mean after what amount of
time are changes in the tng subtree avaible in the 3.0 ? Is it instantly
because this pipe/socket stuff ? Or are there certain changes in the 3.0 tree
to be done for new features to work ?
Luke can you (if you have some spare time) maybe make a check list of things
working at tng, someone who is responsible for the head branch also.
So one could check what works at the combination.
Ciao
Jens Skripczynski
--
E-Mail: skripi at igd.fhg.de
Computers are like airconditioners: They stop working
properly if you open windows.
More information about the samba-ntdom
mailing list