[Samba] Samba 3.0 issues with mapped drives properties

Gémes Géza geza at kzsdabas.sulinet.hu
Sun Oct 5 07:55:01 GMT 2003 

Mark írta:
> Mandrake 9.1 Samba 3.0, windows2000 pro sp4.
> 
> I finally got Samba 3.0 working thanks to Gémes Géza. Now I am having
> another issue as outlined below:
> 
> 1)There are 2 users on the Linux pc, markw (regular user) and root. Both
> have valid samba passwords.
> 
> 2)I have a share called:
> [data]
> path = /test
> valid users = markw, root
> read only = No
> browseable = yes
> 
> 3)I am able to map the share with the user markw. 
> 
> 4)Right click on the share and choose properties>>security>>add, the
> dialog box tells me that "you are logged on with an account that does
> not have access to HOME. Enter a name and password, which I do: markw +
> password. Error message the credentials supplied conflict with an
> existing set of credentials.
> 
> 5)Ok, so I enter in root as the name and password and get the exact same
> error message.
> 
> 6) disconnect the mapped drive and log on the share as root, and same
> problem occurs..
> 
> 7) Rebooting the win pc does not help.
> 
> I read through the samba how-to until my eyes bled...
> 
> My question is what is causing these error messages in the logs??
> Please see the attached log.
> 
> Regards,
> Mark
> 
> 
> workgroup = HOME
> 	netbios name = GREPLINUX
> 	interfaces = eth0 192.168.0.203
> 	bind interfaces only = Yes
> 	encrypt passwords = Yes
> 	time server = Yes
> 	domain logons = Yes
> 	os level = 65
> 	preferred master = Yes
> 	domain master = Yes
> 	follow symlinks = No
> 	passdb backend = smbpasswd, guest
> 	log level = 1
> 
> [homes]
> 	read only = No
> 	browseable = No
> 
> [data]
>   path = /test
> 	valid users = markw, root
>       read only = No
> 	browseable = yes
> 
> [netlogon]
> 	path = /var/lib/samba/netlogon
> 	guest ok = Yes
> 	share modes = No
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> [2003/10/04 20:18:12, 0] smbd/server.c:main(747)
>   smbd version 3.0.0 started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2003
> [2003/10/04 20:18:19, 1] smbd/service.c:make_connection_snum(698)
>   win2000 (192.168.0.200) connect to service test initially as user markw (uid=501, gid=501) (pid 15388)
> [2003/10/04 20:18:19, 1] smbd/service.c:make_connection_snum(698)
>   win2000 (192.168.0.200) connect to service test initially as user markw (uid=501, gid=501) (pid 15388)
> [2003/10/04 20:18:19, 1] smbd/service.c:close_cnum(880)
>   win2000 (192.168.0.200) closed connection to service test
> [2003/10/04 20:18:23, 1] smbd/service.c:make_connection_snum(698)
>   win2000 (192.168.0.200) connect to service test initially as user markw (uid=501, gid=501) (pid 15388)
> [2003/10/04 20:18:23, 1] smbd/fake_file.c:open_fake_file_shared1(45)
>   access_denied to service[test] file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[markw]
> [2003/10/04 20:18:25, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
>   get_domain_user_groups: primary gid of user [root] is not a Domain group !
>   get_domain_user_groups: You should fix it, NT doesn't like that
> [2003/10/04 20:18:30, 1] smbd/service.c:close_cnum(880)
>   win2000 (192.168.0.200) closed connection to service test
> [2003/10/04 20:18:40, 1] smbd/service.c:make_connection_snum(698)
>   win2000 (192.168.0.200) connect to service test initially as user markw (uid=501, gid=501) (pid 15388)
> [2003/10/04 20:18:40, 1] smbd/fake_file.c:open_fake_file_shared1(45)
>   access_denied to service[test] file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[markw]
> [2003/10/04 20:18:41, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
>   get_domain_user_groups: primary gid of user [root] is not a Domain group !
>   get_domain_user_groups: You should fix it, NT doesn't like that
> [2003/10/04 20:18:47, 1] smbd/service.c:close_cnum(880)
>   win2000 (192.168.0.200) closed connection to service test
> [2003/10/04 20:18:57, 1] smbd/service.c:close_cnum(880)
>   win2000 (192.168.0.200) closed connection to service test
> [2003/10/04 20:19:14, 1] smbd/service.c:make_connection_snum(698)
>   win2000 (192.168.0.200) connect to service test initially as user root (uid=0, gid=0) (pid 15388)
> [2003/10/04 20:19:14, 1] smbd/service.c:make_connection_snum(698)
>   win2000 (192.168.0.200) connect to service test initially as user root (uid=0, gid=0) (pid 15388)
> [2003/10/04 20:19:14, 1] smbd/service.c:close_cnum(880)
>   win2000 (192.168.0.200) closed connection to service test
> [2003/10/04 20:19:18, 1] smbd/service.c:make_connection_snum(698)
>   win2000 (192.168.0.200) connect to service test initially as user root (uid=0, gid=0) (pid 15388)
> [2003/10/04 20:19:18, 1] smbd/fake_file.c:open_fake_file_shared1(45)
>   access_denied to service[test] file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[root]
> [2003/10/04 20:19:19, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
>   get_domain_user_groups: primary gid of user [root] is not a Domain group !
>   get_domain_user_groups: You should fix it, NT doesn't like that
> [2003/10/04 20:19:23, 1] smbd/service.c:close_cnum(880)
>   win2000 (192.168.0.200) closed connection to service test
> [2003/10/04 20:19:29, 1] smbd/service.c:make_connection_snum(698)
>   win2000 (192.168.0.200) connect to service test initially as user root (uid=0, gid=0) (pid 15388)
> [2003/10/04 20:19:29, 1] smbd/fake_file.c:open_fake_file_shared1(45)
>   access_denied to service[test] file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[root]
> [2003/10/04 20:19:31, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
>   get_domain_user_groups: primary gid of user [root] is not a Domain group !
>   get_domain_user_groups: You should fix it, NT doesn't like that
> [2003/10/04 20:19:38, 1] smbd/service.c:close_cnum(880)
>   win2000 (192.168.0.200) closed connection to service test
> [2003/10/04 20:19:42, 1] smbd/service.c:close_cnum(880)
>   win2000 (192.168.0.200) closed connection to service test
> 
> 
There are 4 possible issues, your problem could reside in one, or all of 
them:

1. You are using Mandrake 9.1 (so am I), and the kernel shipped with it 
lacks acl support :-( If you have acl installed: urpmi acl, you could 
give it a try:
getfacl somefile
setfacl -m u:someuser:somerights somefile
if the latter gives you an error, then you are in case 1 or 2
a workaround for 1. would be, to aply the kernel patch attached, or use 
the kernel shipped with Mandrake 9.0 (so I did, but had to recompile it 
to have ACPI support)

2. You aren't using an acl enabled filesystem:
XFS supports them out of the box, for ext2/ext3, you have to specify acl 
in your /etc/fstab, and remount it.

3. Your samba3 was compiled on a machine without acl support. This could 
happen if it was compiled without having libacl-devel installed, or 
having %define acl-support 0 somwhere in the specfile in the case of a 
rpm build.

4. ACL modifying is as follows:
You are allowed to it, if
-You are the owner of the file
-You are in posession of the CAP_FOWNER perogative (currently only root)

Another thing: from your logs it seem to be advisable, to try to map 
your groups: net3 groupmap as root

Good Luck!

Geza Gemes

More information about the samba mailing list