[Samba] winbindd instability, inconsistent handling of Domain name
alexlist at sbox.tu-graz.ac.at
Mon Sep 22 13:25:34 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 20 Sep 2003, Gerald (Jerry) Carter wrote:
> | After restarting winbindd, it works again for a while. What's the proper
> | way to produce useful debugging information for the developers?
> I think this has already been fixed in our CVS tree. The bedian
> packaging script should be fine for RC4 so you might just want to build
> your own package from that tree and see if things work better for you.
That's fixed, thanks, and AFAIR I posted that fact to the list on
Wed, 10 Sep 2003 21:11:11 +0200 (CEST).
> | user::rwx
> | user:DOMAIN+username:rwx
> | When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
> | only DOMAIN+username (the short NETBIOS name of the domain) is listed in
> | the ACL.
> Haven't we already talked about this one? I'm having serious
> deja vu here. winbindd mostly operates on the short name of the do9main.
Yep, this is also a non-issue because INTERNAL.DOMAIN.COM is correctly
mapped to DOMAIN by winbindd.
> | [admin]
> | browsable = no
> | path = /mnt/admin
> | public = no
> | write list = DOMAIN+username
> | This won't work. Windows domain user "username" gets "Access denied" when
> | trying to create a file on the share.
> | However, this works:
> | write list = INTERNAL.DOMAIN.COM+username
> | Is this a bug or a configuration problem on my side?
> did you define the workgroup and realm in smb.conf?
Yes, I did. Just compiled the latest CVS HEAD branch stuff and tested it
again. The problem won't occur if I set writable to yes, it will only
occur if writable is set to no and there's a write list statement.
Here's what I get from the logs when I try to create a directory on a
share configured as explained above:
/* First, username.c returns username at realm instead of username at domain:
[2003/09/22 14:32:04, 3] smbd/sesssetup.c:reply_spnego_kerberos(178)
Ticket name is [user at INTERNAL.DOMAIN.COM]
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam(288)
Finding user INTERNAL.DOMAIN.COM+user
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is internal.domain.com+user
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals did find user [INTERNAL.DOMAIN.COM+user]!
/* here, the realm+username is used again */
[2003/09/22 14:32:04, 10] passdb/pdb_get_set.c:pdb_set_username(593)
pdb_set_username: setting username INTERNAL.DOMAIN.COM+username, was
[2003/09/22 14:32:04, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
element 11 -> now SET
/* finally, the create directory call fails */
[2003/09/22 14:32:04, 5] smbd/filename.c:unix_convert(323)
New file test1
[2003/09/22 14:32:04, 3] smbd/dosmode.c:unix_mode(110)
unix_mode(test1) returning 0744
[2003/09/22 14:32:04, 5] smbd/files.c:file_new(122)
allocated file structure 9230, fnum = 13326 (1 used)
[2003/09/22 14:32:04, 2] smbd/open.c:open_directory(1303)
open_directory: failing create on read-only share
[2003/09/22 14:32:04, 5] smbd/files.c:file_free(385)
freed files structure 13326 (0 used)
[2003/09/22 14:32:04, 10] smbd/trans2.c:set_bad_path_error(1785)
set_bad_path_error: err = 13 bad_path = 0
[2003/09/22 14:32:04, 3] smbd/error.c:error_packet(94)
error string = Permission denied
[2003/09/22 14:32:04, 3] smbd/error.c:error_packet(113)
error packet at smbd/trans2.c(1797) cmd=162 (SMBntcreateX)
Hope this helps to find the problem... if not, I'll send you the whole log
Thanks again for your help hunting down this problem...
"They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty not safety."
--Benjamin Franklin, 1759
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the samba