[Samba] winbindd instability, inconsistent handling of Domain name
Alexander List
alexlist at sbox.tu-graz.ac.at
Mon Sep 22 13:25:34 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 20 Sep 2003, Gerald (Jerry) Carter wrote:
> | After restarting winbindd, it works again for a while. What's the proper
> | way to produce useful debugging information for the developers?
>
> I think this has already been fixed in our CVS tree. The bedian
> packaging script should be fine for RC4 so you might just want to build
> your own package from that tree and see if things work better for you.
That's fixed, thanks, and AFAIR I posted that fact to the list on
Wed, 10 Sep 2003 21:11:11 +0200 (CEST).
> | user::rwx
> | user:DOMAIN+username:rwx
> |
> | When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
> | only DOMAIN+username (the short NETBIOS name of the domain) is listed in
> | the ACL.
>
> Haven't we already talked about this one? I'm having serious
> deja vu here. winbindd mostly operates on the short name of the do9main.
Yep, this is also a non-issue because INTERNAL.DOMAIN.COM is correctly
mapped to DOMAIN by winbindd.
> | [admin]
> | browsable = no
> | path = /mnt/admin
> | public = no
> | write list = DOMAIN+username
> |
> | This won't work. Windows domain user "username" gets "Access denied" when
> | trying to create a file on the share.
> |
> | However, this works:
> |
> | write list = INTERNAL.DOMAIN.COM+username
> |
> | Is this a bug or a configuration problem on my side?
>
> did you define the workgroup and realm in smb.conf?
Yes, I did. Just compiled the latest CVS HEAD branch stuff and tested it
again. The problem won't occur if I set writable to yes, it will only
occur if writable is set to no and there's a write list statement.
Here's what I get from the logs when I try to create a directory on a
share configured as explained above:
/* First, username.c returns username at realm instead of username at domain:
*/
[2003/09/22 14:32:04, 3] smbd/sesssetup.c:reply_spnego_kerberos(178)
Ticket name is [user at INTERNAL.DOMAIN.COM]
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam(288)
Finding user INTERNAL.DOMAIN.COM+user
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is internal.domain.com+user
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals did find user [INTERNAL.DOMAIN.COM+user]!
[...]
/* here, the realm+username is used again */
[2003/09/22 14:32:04, 10] passdb/pdb_get_set.c:pdb_set_username(593)
pdb_set_username: setting username INTERNAL.DOMAIN.COM+username, was
[2003/09/22 14:32:04, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
element 11 -> now SET
[...]
/* finally, the create directory call fails */
[2003/09/22 14:32:04, 5] smbd/filename.c:unix_convert(323)
New file test1
[2003/09/22 14:32:04, 3] smbd/dosmode.c:unix_mode(110)
unix_mode(test1) returning 0744
[2003/09/22 14:32:04, 5] smbd/files.c:file_new(122)
allocated file structure 9230, fnum = 13326 (1 used)
[2003/09/22 14:32:04, 2] smbd/open.c:open_directory(1303)
open_directory: failing create on read-only share
[2003/09/22 14:32:04, 5] smbd/files.c:file_free(385)
freed files structure 13326 (0 used)
[2003/09/22 14:32:04, 10] smbd/trans2.c:set_bad_path_error(1785)
set_bad_path_error: err = 13 bad_path = 0
[2003/09/22 14:32:04, 3] smbd/error.c:error_packet(94)
error string = Permission denied
[2003/09/22 14:32:04, 3] smbd/error.c:error_packet(113)
error packet at smbd/trans2.c(1797) cmd=162 (SMBntcreateX)
NT_STATUS_ACCESS_DENIED
Hope this helps to find the problem... if not, I'll send you the whole log
directly.
Thanks again for your help hunting down this problem...
Alex
- --
"They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty not safety."
--Benjamin Franklin, 1759
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/bvhfNf7NP+s4C+YRAopGAKCJXKHsWtcakml+RuCavTI7jb0oOACdFFv6
hn//IBiqSeNFEaTyjDao7do=
=ByDR
-----END PGP SIGNATURE-----
More information about the samba
mailing list