samba 2.2.2, smbpaswd, and hp-ux 11.00
Frank Smith
Frank.Smith at unilever.com
Tue Jan 8 19:27:06 GMT 2002
don, drew,
you gentlemen provided the answer to my problem. thank you very much.
frank smith
frank.smith at unilever.com
On Tuesday, January 08, 2002 10:52 AM, Drew.Zeller at statcan.ca
[SMTP:Drew.Zeller at statcan.ca] wrote:
> Frank,
>
> I think I have hit a similar problem before on my HP-UX servers with samba a
> while back. If I remember correctly the cause of the problem was that the
> nobody account being used by SAMBA needed to have an uid with a positive
> number (I think on HP-UX the account is created with negative uid number by
> default). From what I saw in your logs, it looks like you have a negative
> uid value for the nobody account, try changing it to a positive number and
> see if that works.
>
>
> Hope this helps.
>
>
> Drew Zeller
> drew.zeller at statcan.ca
On Tuesday, January 08, 2002 9:44 AM, MCCALL,DON (HP-USA,ex1)
[SMTP:don_mccall at hp.com] wrote:
> Hi Frank,
> Samba is sensitive to netative uid/gid pairs; the default guest account
> for samba is nobody, which is typically assigned
> -1/-2. The answer is to create an smbnull user in your etc/passwd with
> positive uid/gid pair and add the global parameter guest account = smbnull.
>
> Hope this helps,
> Don
> -----Original Message-----
> From: Frank Smith [mailto:Frank.Smith at unilever.com]
> Sent: Tuesday, January 08, 2002 9:09 AM
> To: samba at lists.samba.org; frank.smith at unilever.com;
> agnes.phipps at unilever.com
> Subject: samba 2.2.2, smbpaswd, and hp-ux 11.00
>
>
> please help!!!
>
> i encountered something rather peculiar. i installed samba 2.2.2 on an hp
> system running hp-ux 11.00. the smbpasswd program breaks when run as a
> typical
> user, but works fine when run as root. these messages show up in the
> partial
> log.smbd files: (both sessons used a log level of three.)
>
> this session had no [IPC$] section in smb.conf:
>
> <deleted>
> [2002/01/08 08:52:27.770936, 3, pid=14870]
> smbd/password.c:server_cryptkey(1116)
> got session
> [2002/01/08 08:52:27.778358, 3, pid=14870]
> smbd/password.c:server_cryptkey(1131)
> password server OK
> [2002/01/08 08:52:27.778857, 3, pid=14870] smbd/negprot.c:reply_nt1(186)
> using password server validation
> [2002/01/08 08:52:27.779332, 3, pid=14870] smbd/negprot.c:reply_negprot(433)
> Selected protocol NT LANMAN 1.0
> [2002/01/08 08:52:27.781377, 3, pid=14870] smbd/process.c:process_smb(860)
> Transaction 2 of length 78
> [2002/01/08 08:52:27.781880, 3, pid=14870]
> smbd/process.c:switch_message(667)
> switch message SMBsesssetupX (pid 14870)
> [2002/01/08 08:52:27.782361, 3, pid=14870] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:52:27.782910, 3, pid=14870]
> smbd/reply.c:reply_sesssetup_and_X(855)
> Domain=[] NativeOS=[Unix] NativeLanMan=[Samba]
> [2002/01/08 08:52:27.783424, 3, pid=14870]
> smbd/reply.c:reply_sesssetup_and_X(866)
> sesssetupX:name=[]
> [2002/01/08 08:52:27.785196, 3, pid=14870] smbd/sec_ctx.c:push_sec_ctx(288)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2002/01/08 08:52:27.785716, 3, pid=14870] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2002/01/08 08:52:27.786538, 3, pid=14870] smbd/sec_ctx.c:pop_sec_ctx(427)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:52:27.787313, 3, pid=14870]
> smbd/password.c:register_vuid(307)
> uid -2 registered to name nobody
> [2002/01/08 08:52:27.787815, 3, pid=14870]
> smbd/password.c:register_vuid(309)
> Clearing default real name
> [2002/01/08 08:52:27.788359, 3, pid=14870]
> smbd/password.c:register_vuid(311)
> User name: nobody Real name:
> [2002/01/08 08:52:27.789084, 3, pid=14870] smbd/process.c:process_smb(860)
> Transaction 3 of length 69
> [2002/01/08 08:52:27.789581, 3, pid=14870]
> smbd/process.c:switch_message(667)
> switch message SMBtconX (pid 14870)
> [2002/01/08 08:52:27.790065, 3, pid=14870] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:52:27.790704, 3, pid=14870] lib/access.c:check_access(307)
> check_access: no hostnames in host allow/deny list.
> [2002/01/08 08:52:27.791385, 2, pid=14870] lib/access.c:check_access(316)
> Allowed connection from (127.0.0.1)
> [2002/01/08 08:52:27.792196, 3, pid=14870]
> smbd/password.c:authorise_login(897)
> authorise_login: ACCEPTED: guest account and guest ok (nobody)
> [2002/01/08 08:52:27.792895, 3, pid=14870]
> smbd/service.c:make_connection(477)
> Connect path is /tmp
> [2002/01/08 08:52:27.793369, 3, pid=14870] smbd/sec_ctx.c:push_sec_ctx(288)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2002/01/08 08:52:27.793850, 3, pid=14870] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2002/01/08 08:52:27.794519, 3, pid=14870] smbd/sec_ctx.c:pop_sec_ctx(427)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:52:27.796141, 3, pid=14870]
> lib/util_seaccess.c:se_access_check(242)
> se_access_check: user sid is S-1-5-21-3833845860-385089584-3296444123-996
> [2002/01/08 08:52:27.796701, 3, pid=14870]
> lib/util_seaccess.c:se_access_check(245)
> se_access_check: also S-1-5-21-3833845860-385089584-3296444123-997
> [2002/01/08 08:52:27.797237, 3, pid=14870]
> lib/util_seaccess.c:se_access_check(245)
> se_access_check: also S-1-1-0
> [2002/01/08 08:52:27.797722, 3, pid=14870]
> lib/util_seaccess.c:se_access_check(245)
> se_access_check: also S-1-5-2
> [2002/01/08 08:52:27.798281, 3, pid=14870]
> lib/util_seaccess.c:se_access_check(245)
> se_access_check: also S-1-5-32-546
> [2002/01/08 08:52:27.798826, 3, pid=14870] smbd/vfs.c:vfs_init_default(98)
> Initialising default vfs hooks
> [2002/01/08 08:52:27.799389, 3, pid=14870] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (4294967294, 4294967294) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:52:27.799917, 0, pid=14870] lib/util_sec.c:assert_gid(94)
> Failed to set gid privileges to (-1,-2) now set to (0,0) uid=(0,0)
> [2002/01/08 08:52:27.800417, 0, pid=14870] lib/util.c:smb_panic(1055)
> PANIC: failed to set gid
> <end of file>
>
>
>
> this session had an explicit [IPC$] in smb.conf:
>
> <deleted>
> [2002/01/08 08:53:28.710400, 3, pid=14877]
> smbd/password.c:server_cryptkey(1116)
> got session
> [2002/01/08 08:53:28.712511, 3, pid=14877]
> smbd/password.c:server_cryptkey(1131)
> password server OK
> [2002/01/08 08:53:28.713001, 3, pid=14877] smbd/negprot.c:reply_nt1(186)
> using password server validation
> [2002/01/08 08:53:28.713470, 3, pid=14877] smbd/negprot.c:reply_negprot(433)
> Selected protocol NT LANMAN 1.0
> [2002/01/08 08:53:28.715485, 3, pid=14877] smbd/process.c:process_smb(860)
> Transaction 2 of length 78
> [2002/01/08 08:53:28.715978, 3, pid=14877]
> smbd/process.c:switch_message(667)
> switch message SMBsesssetupX (pid 14877)
> [2002/01/08 08:53:28.716444, 3, pid=14877] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:53:28.716993, 3, pid=14877]
> smbd/reply.c:reply_sesssetup_and_X(855)
> Domain=[] NativeOS=[Unix] NativeLanMan=[Samba]
> [2002/01/08 08:53:28.717502, 3, pid=14877]
> smbd/reply.c:reply_sesssetup_and_X(866)
> sesssetupX:name=[]
> [2002/01/08 08:53:28.719340, 3, pid=14877] smbd/sec_ctx.c:push_sec_ctx(288)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2002/01/08 08:53:28.719852, 3, pid=14877] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2002/01/08 08:53:28.720671, 3, pid=14877] smbd/sec_ctx.c:pop_sec_ctx(427)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:53:28.721453, 3, pid=14877]
> smbd/password.c:register_vuid(307)
> uid -2 registered to name nobody
> [2002/01/08 08:53:28.721949, 3, pid=14877]
> smbd/password.c:register_vuid(309)
> Clearing default real name
> [2002/01/08 08:53:28.722423, 3, pid=14877]
> smbd/password.c:register_vuid(311)
> User name: nobody Real name:
> [2002/01/08 08:53:28.723125, 3, pid=14877] smbd/process.c:process_smb(860)
> Transaction 3 of length 69
> [2002/01/08 08:53:28.723623, 3, pid=14877]
> smbd/process.c:switch_message(667)
> switch message SMBtconX (pid 14877)
> [2002/01/08 08:53:28.724098, 3, pid=14877] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:53:28.724734, 3, pid=14877] lib/access.c:check_access(307)
> check_access: no hostnames in host allow/deny list.
> [2002/01/08 08:53:28.725453, 2, pid=14877] lib/access.c:check_access(316)
> Allowed connection from (127.0.0.1)
> [2002/01/08 08:53:28.726305, 3, pid=14877]
> smbd/password.c:authorise_login(897)
> authorise_login: ACCEPTED: guest account and guest ok (nobody)
> [2002/01/08 08:53:28.726868, 0, pid=14877]
> smbd/password.c:authorise_login(906)
> authorise_login: rejected invalid user nobody
> [2002/01/08 08:53:28.727359, 2, pid=14877]
> smbd/service.c:make_connection(318)
> Invalid username/password for ipc$ [nobody]
> [2002/01/08 08:53:28.727828, 3, pid=14877] smbd/error.c:error_packet(111)
> error packet at smbd/reply.c(169) cmd=117 (SMBtconX) eclass=2 ecode=2
> [2002/01/08 08:53:28.728792, 3, pid=14877]
> smbd/process.c:timeout_processing(1085)
> end of file from client
> [2002/01/08 08:53:28.729470, 3, pid=14877] smbd/sec_ctx.c:set_sec_ctx(320)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2002/01/08 08:53:28.730277, 2, pid=14877] smbd/server.c:exit_server(458)
> Closing connections
> [2002/01/08 08:53:28.731017, 3, pid=14877]
> smbd/connection.c:yield_connection(50)
> Yielding connection to
> [2002/01/08 08:53:28.753814, 3, pid=14877] smbd/server.c:exit_server(493)
> Server exit (normal exit)
> <end of file>
>
> one major common point: both sessions connected to the samba server with a
> blank sesssetupX:name=[] field.
>
> i saw one other person about sep 2001 who encountered an almost identical
> problem. however, no one posted a response or solution to the news group
> thread.
>
> does anyone know the solution to this problem? is it a bug in smbpasswd?
>
> thank you for your time and assistance.
>
> frank smith
> frank.smith at unilever.com
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list