Fear, Uncertainty, Doubt and Citrix on Win2k
Lightfoot.Michael
Lightfoot.Michael at comcare.gov.au
Mon Jan 14 16:41:08 GMT 2002
We are testing a new application which uses Citrix running on Win2k servers
to access a Samba share which contains some Java files. The whole thing is
being launched by a batch file run by the user after logging into the Citrix
server.
Details of Samba are 2.2.2 running on Solaris 2.6. The only (slightly)
non-standard thing is that I have patched reply.c to allow the "'" (single
quote) character in user names (see my previous plea on 6/12 and Andrew
Bartlett's reply the same day - thanks again Andrew!)
Here are the appropriate users.map entries:
apt = Taylor.Alex ccilm.test taylor.alexw2k taylor.win2kadmin Win2k.User2
cuc = Payne.David Win2k.User1 Win2k.admin
Both the above users are members of the Unix group p2 (see below)
Here are the global settings and the appropriate share entry:
[global]
wins server = act-secondary
interfaces = XXX.XXX.XXX.XXX/255.255.252.0
load printers = no
workgroup = COMCARE
security = server
password server = act-primary
encrypt passwords = yes
username map = /usr/local/samba/lib/users.map
domain master = no
local master = no
preferred master = no
os level = 0
server string = Samba (%v,%h)
log level = 2
guest account = guest
locking = yes
strict locking = yes
keepalive = 30
password level = 2
socket options = TCP_NODELAY
map hidden = no
map archive = yes
preserve case = yes
case sensitive = yes
dead time = 15
[pracsys]
comment = Production users' share
valid users = @prod @p2
path = /export/home/pp2
browseable = no
writeable = yes
create mode = 0664
The following are some log extracts of failures and successes. Firstly a
failure to log in to the share
[2002/01/15 10:24:11, 1] smbd/password.c:server_validate(1227)
password server ACT-PRIMARY rejected the password
[2002/01/15 10:24:11, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
startsmbfilepwent_internal: unable to open file
/usr/local/samba/private/smbpasswd. Error was No such file or directory
[2002/01/15 10:24:11, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
unable to open passdb database.
[2002/01/15 10:24:11, 1] smbd/password.c:pass_check_smb(546)
Couldn't find user 'cuc' in passdb.
[2002/01/15 10:24:11, 2] smbd/reply.c:reply_sesssetup_and_X(970)
NT Password did not match for user 'cuc'!
[2002/01/15 10:24:11, 2] smbd/reply.c:reply_sesssetup_and_X(980)
Defaulting to Lanman password for cuc
[2002/01/15 10:24:11, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
startsmbfilepwent_internal: unable to open file
/usr/local/samba/private/smbpasswd. Error was No such file or directory
[2002/01/15 10:24:11, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
unable to open passdb database.
[2002/01/15 10:24:11, 1] smbd/password.c:pass_check_smb(546)
Couldn't find user 'cuc' in passdb.
[2002/01/15 10:24:11, 1] smbd/reply.c:reply_sesssetup_and_X(995)
Rejecting user 'cuc': authentication failed
[2002/01/15 10:31:39, 1] smbd/password.c:server_validate(1227)
password server rejected the password
[2002/01/15 10:31:39, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
startsmbfilepwent_internal: unable to open file
/usr/local/samba/private/smbpasswd. Error was No such file or directory
[2002/01/15 10:31:39, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
unable to open passdb database.
[2002/01/15 10:31:39, 1] smbd/password.c:pass_check_smb(546)
Couldn't find user 'cuc' in passdb.
[2002/01/15 10:31:39, 2] smbd/reply.c:reply_sesssetup_and_X(970)
NT Password did not match for user 'cuc'!
[2002/01/15 10:31:39, 2] smbd/reply.c:reply_sesssetup_and_X(980)
Defaulting to Lanman password for cuc
[2002/01/15 10:31:39, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
startsmbfilepwent_internal: unable to open file
/usr/local/samba/private/smbpasswd. Error was No such file or directory
[2002/01/15 10:31:39, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
unable to open passdb database.
[2002/01/15 10:31:39, 1] smbd/password.c:pass_check_smb(546)
Couldn't find user 'cuc' in passdb.
[2002/01/15 10:31:39, 1] smbd/reply.c:reply_sesssetup_and_X(995)
Rejecting user 'cuc': authentication failed
Now a success:
[2002/01/15 10:34:32, 2] smbd/reply.c:reply_special(93)
netbios connect: name1=GRIFFIN name2=ACT-TERMSERV01
[2002/01/15 10:34:32, 2] smbd/reply.c:reply_special(112)
netbios connect: local=griffin remote=act-termserv01
[2002/01/15 10:34:32, 1] smbd/service.c:make_connection(610)
act-termserv01 (163.233.5.39) connect to service pracsys as user cuc
(uid=60028, gid=201) (pid 25627)
[2002/01/15 10:34:32, 2] smbd/open.c:open_file(217)
Win2k.Admin opened file classesJ131/gp1pracsys.jar read=Yes write=No
(numopen=1)
[2002/01/15 10:34:32, 2] smbd/open.c:open_file(217)
Win2k.Admin opened file classesJ131/symbeans.jar read=Yes write=No
(numopen=2)
[2002/01/15 10:34:33, 2] smbd/open.c:open_file(217)
Win2k.Admin opened file classesJ131/pracsys.properties read=Yes write=No
(numopen=3)
[2002/01/15 10:34:33, 2] smbd/close.c:close_normal_file(208)
cuc closed file classesJ131/pracsys.properties (numopen=2)
[2002/01/15 10:34:33, 2] smbd/open.c:open_file(217)
Win2k.Admin opened file classesJ131/pracsys.properties read=Yes write=No
(numopen=3)
[2002/01/15 10:34:42, 2] smbd/close.c:close_normal_file(208)
cuc closed file classesJ131/gp1pracsys.jar (numopen=2)
[2002/01/15 10:34:42, 2] smbd/close.c:close_normal_file(208)
cuc closed file classesJ131/symbeans.jar (numopen=1)
[2002/01/15 10:34:42, 2] smbd/open.c:open_file(217)
Win2k.Admin opened file classesJ131/gp1pracsys.jar read=Yes write=No
(numopen=2)
[2002/01/15 10:34:43, 2] smbd/open.c:open_file(217)
Win2k.Admin opened file classesJ131/symbeans.jar read=Yes write=No
(numopen=3)
[2002/01/15 10:34:43, 1] smbd/service.c:close_cnum(650)
act501760 (163.233.7.179) closed connection to service letter
[2002/01/15 10:34:43, 2] smbd/server.c:exit_server(458)
Closing connections
The only other relevant error I can find is the follwoing:
[2002/01/15 10:22:14, 0] lib/util_sock.c:write_socket_data(542)
write_socket_data: write failure. Error = Broken pipe
[2002/01/15 10:22:14, 2] smbd/process.c:timeout_processing(1130)
password server keepalive failed.
and again later:
[2002/01/15 10:35:49, 2] smbd/open.c:open_file(217)
Win2k.Admin opened file pracsys.properties read=Yes write=No (numopen=3)
[2002/01/15 10:35:49, 0] lib/util_sock.c:write_socket_data(542)
write_socket_data: write failure. Error = Broken pipe
[2002/01/15 10:35:49, 2] smbd/process.c:timeout_processing(1130)
password server keepalive failed.
Has anyone out there any idea what is happening here? We can't even see a
pattern to the successes and failures. Originally it appeared that the
first login would fail, but then subsequent ones succeed. I postulated a
probelm "waking up" the password server. That theory disappeared in a puff
off M$ fud when the opposite started to happen. Lately failures have been
less predictable. We have found that restarting Samba would alleviate the
problem for a short time, as would rebooting the Citrix server.
Samba is working flawlessly for shares on several Solaris systems (2.6 and
8), including the system in the logs above, accessed via production users NT
desktops or the new test Win2k desktops.
Michael Lightfoot
ISG/Host Systems
ext 0680
More information about the samba
mailing list