[Samba] strange access violation in netlogon "network not found" (incl. workaround/solution and question)

Kurt Weiss info at kwnet.at
Sun Dec 29 09:09:00 GMT 2002 

i'm using samba since a view years as PDC, so i found this (problem?) 
real late (seems to exist longer):

configuration:
**************
im using samba 2.2.4 and following configuration:

##################################################################
##################################################################
[global]

...
    guest account = nobody
    keep alive = 30
    os level = 65
    security = users
    encrypt passwords = yes

    socket options = TCP_NODELAY SO_SNDBUF=16348 SO_RCVBUF=16348
    map to guest = Bad User
    local master = yes
    wins support = no

    logon script =%G.bat

    domain logons = yes
    domain master = yes
    logon path = \\%N\profiles\%u
    logon drive = i:
    logon home = \\%N\ich
    domain admin group = @***********************

    #using because of problems with visual c++:
    dos filetime resolution = yes
    dos filetimes = yes
...

[netlogon]
    comment = skripts fuer login
    browsable = yes
    path = /netzwerk/netlogon
    writable = yes
    create mask = 0744
    directory mask = 2744

[profiles]
    browsable = no
    nt acl support = no
    path = /netzwerk/profiles
    writable = yes
    create mask = 0600
    directory mask = 0700

...and so on
##################################################################
##################################################################

/netzwerk has the rights 0711
/netzwerk/netlogon HAD the rights 2740 and the owner kurt.win

problem:
********
at time of creation of this network, all was runnig well:
user "kurt" had the right to manipulate the login scripts, and all other 
windows users (group win) where able to run the scripts.

now (i think since update to 2.2.4) i discovered, that i had NO ACCESS 
TO THE NETLOGON SHARE. following failure appeared when i tried to access 
the share: "network not found"

all other shares where running well.

solution / workaround????
*************************
i discovered, that the /netzwerk/netlogon directory NEEDS THE EXECUTION FLAG
(0750 instead of 0740 or 0640)
INSIDE this share all rights are allowed (incl. 0640 a.s.o.)
so i changed the mode of /netzwerk/netlogon to 0741. the scripts (batch) 
have all 0640 as before...
now all is running well again...

question:
*********
why samba needs the execution flag for the directory the share points on?
in versions before 2.2.4 (i've constructed the PDC / w2k on 2.2.2) there 
was no x-flag nessecary to access the share...


-- 
mit freundlichen grüssen
==================================================
www.kwnet.at, one step behind future...

Ing. Kurt Weiß
Softwareentwicklung,  EDV Beratung und - Betreuung
A-6425 Haiming, Gartenweg 3
Tel.: +43 699 1 272 9926 / Fax: +43 699 4 272 9926
E-Mail: info at kwnet.at
Web:
http://www.kwnet.at     http://www.oberlandinfo.at
===================================================
Die Krise ist ein produktiver Zustand.
Man muss ihr nur den Beigeschmack
der Katastrophe nehmen.

Max Frisch,
Schweizer Dramatiker (1911-1991)
==================================================

More information about the samba mailing list