[Samba] XP Pro problem/change to root user uid=0 gid=0 ????

mike_a at speakeasy.net mike_a at speakeasy.net
Tue Aug 31 21:48:51 GMT 2004 

Hi All,

I'm running 3.0.5 on Redhat as member server using winbind connecting to a mixed mode win2k domain. secret are good, getent & wbinfo -u work fine. but
a user running xp pro cannot access the share, but can access subdirectories therein. the client log file (log level is at 10) is repetitive and is full of the following "Primary group is 0 and contains 0 supplementary groups
[2004/08/31 13:17:29, 5] smbd/uid.c:change_to_root_user(281)
  change_to_root_user: now uid=(0,0) gid=(0,0)"

I'm a bit lost after seeing him connect to subdirectories but not the share. Now we've removed and re-added his workstation to the domain and I'm out of ideas. Below is my nsswitch.conf, pam.d/login and my smb.conf

I'm very grateful for any assistance.

Mike

#############################
nsswitch..conf

#passwd:     files nisplus winbind
passwd:     files winbind
shadow:     files nisplus # winbind
#shadow:     files winbind
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns winbind


##############################
pam.d/login

#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass likeauth nullok
auth       required     /lib/security/pam_deny.so
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_unix.so
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so


#############################
smb.conf

#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = SLANT
   allow trusted domains = no
# WINS service
   #winbind uid = 10000-20000 deprectaed in 3.x
   winbind uid = 10000-20000
   idmap uid = 10000-20000
   winbind gid = 10000-20000
   ;winbind gid = 10000-20000  deprectaed in 3.x
   idmap gid = 10000-20000
   ;winbind enum users = yes  deprectaed in 3.x
   winbind enum users = yes
   ;winbind enum groups = yes deprecated in 3.x
   winbind enum groups = yes
#winbind enable local accounts = no
 #   passdb backend = tdbsam guest
;winbind separator ="\"
;wins proxy = Yes
#wins support = Yes
#wins server = hqdhcp1
#wins server = zldc2
   wins server = 172.16.211.44

# server string is the equivalent of the NT Description field
   server string = NASBKUP1

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;guest account = guest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
   max log size = 10000

# Logging Verbosity
   log level =  10

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = domain
;auth methods = guest sam ntdomain
#  obey pam restrictions = yes
# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
password server = *

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
  encrypt passwords = yes
;   smb passwd file = /etc/samba/smbpasswd

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

local master = no

dns proxy = no

#============================ Share Definitions ==============================
# A publicly writable  directory by anyone authenticated via SLANT domain

[UnixBackups]
   comment = Unix Backups
   path = /d1/unix
   ;public = yes
   ;guest ok = yes
   writable = no
   ;write list = @staff
   printable = no
   valid users = @SLANT\Lockup2, @backup
   

[Lockup]
   comment = Lockup uploads
   path = /d1/lockup
   ;public = yes
   ;guest ok = yes
   writable = yes
   printable = no
   valid users = @SLANT\Lockup2 @SLANT\Tech_Support
   ;force user = nobody
   ;force group = nobody

[WindowsBackups]
   comment = Windows Backups
   path = /d1/windows
   ;public = yes
   ;guest ok = yes
   writable = yes
   printable = no
   write list = SLANT\rwilson
   valid users = SLANT\rwilson SLANT\harry 

[OracleBackups]
   comment = Oracle Backups
   path = /d1/oracle
   ;public = yes
   ;writable = yes
   guest ok = yes
   printable = no
   write list = @staff
   valid users = SLANT\harry
[WebLogs]
   comment = Web Logs
   path = /d1/logs
   ;public = yes
   ;guest ok = yes
   writable = yes
   printable = no
   write list = @staff
   valid users = SLANT\harry
[MiscBackups]
   comment = Misc Backups
   path = /d1/misc
   ;public = yes
   writable = yes
   ;guest ok = yes
   printable = no
   valid users = SLANT\ SLANT\svawter SLANT\dneely SLANT\jharty SLANT\rhainer
   ;valid users = SLANT\Unix-Admin
   #write list = @staff

More information about the samba mailing list