Fear, Uncertainty, Doubt and Citrix on Win2k

Lightfoot.Michael Lightfoot.Michael at comcare.gov.au
Mon Jan 14 16:41:08 GMT 2002 

We are testing a new application which uses Citrix running on Win2k servers
to access a Samba share which contains some Java files.  The whole thing is
being launched by a batch file run by the user after logging into the Citrix
server.

Details of Samba are 2.2.2 running on Solaris 2.6.  The only (slightly)
non-standard thing is that I have patched reply.c to allow the "'" (single
quote) character in user names (see my previous plea on 6/12 and Andrew
Bartlett's reply the same day - thanks again Andrew!)

Here are the appropriate users.map entries:
apt = Taylor.Alex ccilm.test taylor.alexw2k taylor.win2kadmin Win2k.User2
cuc = Payne.David Win2k.User1 Win2k.admin

Both the above users are members of the Unix group p2 (see below)

Here are the global settings and the appropriate share entry:

[global]
  wins server = act-secondary
  interfaces = XXX.XXX.XXX.XXX/255.255.252.0
   load printers = no
   workgroup = COMCARE
   security = server
   password server = act-primary
   encrypt passwords = yes
   username map = /usr/local/samba/lib/users.map
   domain master = no
   local master = no
   preferred master = no
   os level = 0
   server string = Samba (%v,%h)
   log level = 2
   guest account = guest
   locking = yes
   strict locking = yes
   keepalive = 30
   password level = 2
   socket options = TCP_NODELAY
   map hidden = no
   map archive = yes
   preserve case = yes
   case sensitive = yes
   dead time = 15

[pracsys]
   comment = Production users' share
   valid users = @prod @p2
   path = /export/home/pp2
   browseable = no
   writeable = yes
   create mode = 0664


The following are some log extracts of failures and successes.  Firstly a
failure to log in to the share

[2002/01/15 10:24:11, 1] smbd/password.c:server_validate(1227)
  password server ACT-PRIMARY rejected the password
[2002/01/15 10:24:11, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
  startsmbfilepwent_internal: unable to open file
/usr/local/samba/private/smbpasswd. Error was No such file or directory
[2002/01/15 10:24:11, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
  unable to open passdb database.
[2002/01/15 10:24:11, 1] smbd/password.c:pass_check_smb(546)
  Couldn't find user 'cuc' in passdb.
[2002/01/15 10:24:11, 2] smbd/reply.c:reply_sesssetup_and_X(970)
  NT Password did not match for user 'cuc'!
[2002/01/15 10:24:11, 2] smbd/reply.c:reply_sesssetup_and_X(980)
  Defaulting to Lanman password for cuc
[2002/01/15 10:24:11, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
  startsmbfilepwent_internal: unable to open file
/usr/local/samba/private/smbpasswd. Error was No such file or directory
[2002/01/15 10:24:11, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
  unable to open passdb database.
[2002/01/15 10:24:11, 1] smbd/password.c:pass_check_smb(546)
  Couldn't find user 'cuc' in passdb.
[2002/01/15 10:24:11, 1] smbd/reply.c:reply_sesssetup_and_X(995)
  Rejecting user 'cuc': authentication failed


[2002/01/15 10:31:39, 1] smbd/password.c:server_validate(1227)
  password server  rejected the password
[2002/01/15 10:31:39, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
  startsmbfilepwent_internal: unable to open file
/usr/local/samba/private/smbpasswd. Error was No such file or directory
[2002/01/15 10:31:39, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
  unable to open passdb database.
[2002/01/15 10:31:39, 1] smbd/password.c:pass_check_smb(546)
  Couldn't find user 'cuc' in passdb.
[2002/01/15 10:31:39, 2] smbd/reply.c:reply_sesssetup_and_X(970)
  NT Password did not match for user 'cuc'!
[2002/01/15 10:31:39, 2] smbd/reply.c:reply_sesssetup_and_X(980)
  Defaulting to Lanman password for cuc
[2002/01/15 10:31:39, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
  startsmbfilepwent_internal: unable to open file
/usr/local/samba/private/smbpasswd. Error was No such file or directory
[2002/01/15 10:31:39, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
  unable to open passdb database.
[2002/01/15 10:31:39, 1] smbd/password.c:pass_check_smb(546)
  Couldn't find user 'cuc' in passdb.
[2002/01/15 10:31:39, 1] smbd/reply.c:reply_sesssetup_and_X(995)
  Rejecting user 'cuc': authentication failed

Now a success:

[2002/01/15 10:34:32, 2] smbd/reply.c:reply_special(93)
  netbios connect: name1=GRIFFIN          name2=ACT-TERMSERV01
[2002/01/15 10:34:32, 2] smbd/reply.c:reply_special(112)
  netbios connect: local=griffin remote=act-termserv01
[2002/01/15 10:34:32, 1] smbd/service.c:make_connection(610)
  act-termserv01 (163.233.5.39) connect to service pracsys as user cuc
(uid=60028, gid=201) (pid 25627)
[2002/01/15 10:34:32, 2] smbd/open.c:open_file(217)
  Win2k.Admin opened file classesJ131/gp1pracsys.jar read=Yes write=No
(numopen=1)
[2002/01/15 10:34:32, 2] smbd/open.c:open_file(217)
  Win2k.Admin opened file classesJ131/symbeans.jar read=Yes write=No
(numopen=2)
[2002/01/15 10:34:33, 2] smbd/open.c:open_file(217)
  Win2k.Admin opened file classesJ131/pracsys.properties read=Yes write=No
(numopen=3)
[2002/01/15 10:34:33, 2] smbd/close.c:close_normal_file(208)
  cuc closed file classesJ131/pracsys.properties (numopen=2)
[2002/01/15 10:34:33, 2] smbd/open.c:open_file(217)
  Win2k.Admin opened file classesJ131/pracsys.properties read=Yes write=No
(numopen=3)
[2002/01/15 10:34:42, 2] smbd/close.c:close_normal_file(208)
  cuc closed file classesJ131/gp1pracsys.jar (numopen=2)
[2002/01/15 10:34:42, 2] smbd/close.c:close_normal_file(208)
  cuc closed file classesJ131/symbeans.jar (numopen=1)
[2002/01/15 10:34:42, 2] smbd/open.c:open_file(217)
  Win2k.Admin opened file classesJ131/gp1pracsys.jar read=Yes write=No
(numopen=2)
[2002/01/15 10:34:43, 2] smbd/open.c:open_file(217)
  Win2k.Admin opened file classesJ131/symbeans.jar read=Yes write=No
(numopen=3)
[2002/01/15 10:34:43, 1] smbd/service.c:close_cnum(650)
  act501760 (163.233.7.179) closed connection to service letter
[2002/01/15 10:34:43, 2] smbd/server.c:exit_server(458)
  Closing connections

The only other relevant error I can find is the follwoing:

[2002/01/15 10:22:14, 0] lib/util_sock.c:write_socket_data(542)
  write_socket_data: write failure. Error = Broken pipe
[2002/01/15 10:22:14, 2] smbd/process.c:timeout_processing(1130)
  password server keepalive failed.

and again later:

[2002/01/15 10:35:49, 2] smbd/open.c:open_file(217)
  Win2k.Admin opened file pracsys.properties read=Yes write=No (numopen=3)
[2002/01/15 10:35:49, 0] lib/util_sock.c:write_socket_data(542)
  write_socket_data: write failure. Error = Broken pipe
[2002/01/15 10:35:49, 2] smbd/process.c:timeout_processing(1130)
  password server keepalive failed.

Has anyone out there any idea what is happening here?  We can't even see a
pattern to the successes and failures.  Originally it appeared that the
first login would fail, but then subsequent ones succeed.  I postulated a
probelm "waking up" the password server.  That theory disappeared in a puff
off M$ fud when the opposite started to happen.  Lately failures have been
less predictable.  We have found that restarting Samba would alleviate the
problem for a short time, as would rebooting the Citrix server.

Samba is working flawlessly for shares on several Solaris systems (2.6 and
8), including the system in the logs above, accessed via production users NT
desktops or the new test Win2k desktops.


Michael Lightfoot
ISG/Host Systems
ext 0680

More information about the samba mailing list