[Samba] Samba log hell

reader at newsguy.com reader at newsguy.com
Fri Aug 11 22:01:24 GMT 2006


Setup: Running Gentoo linux 2.6X kenel
       Samba 3.0.23

I'm having a time getting samba working after having it working for
mnths.  I did do a major update world.  

That kind of update on Gentoo can involve many other apps.

At the end when adjusting files under /etc/ that may have newer
versions, I rejected the new smb.conf keeping my old config which is
still in place so the trouble may be coming from somewhere else.

It seems something has suddenly chagned whereby I cannot access any
linux shares from windows.

Attempting to get some details of the failure from the logs seem
fruitless since the log output is literally huge and nothing stands
out with big letters `error'.

Maybe some kind soul can tell me what would be usefull to post here.

I'm just not prepared to understand 670 lines of output for one
connection attempt. And that is with `log level' cranked down to 3.

The following area from one of the two logs produced by this
connection attempt, seems to be important but even this small chunk
defies understanding far as I can see:

The `Sid' lines seem to be telling something but who knows what.  Then
finally it shows a ACCESS_DENIED.

`reader' and `Harry' are the only two authorized users and listed as
`valid users' on each share in smb.conf.  (I've inlined smb.conf for
reference following this message and log output.)

What provoked this piece of log is an attempt from machine `harvey' to
login to samba share on machine `reader'.  The incoming user is also
`reader'.

[...]
[2006/08/11 13:38:11, 3] lib/util_sid.c:string_to_sid(223)
  string_to_sid: Sid reader does not start with 'S-'.
[2006/08/11 13:38:11, 3] lib/util_sid.c:string_to_sid(223)
  string_to_sid: Sid Harry does not start with 'S-'.
[2006/08/11 13:38:11, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/08/11 13:38:11, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/08/11 13:38:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/11 13:38:11, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/11 13:38:11, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/08/11 13:38:11, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/08/11 13:38:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/11 13:38:11, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/11 13:38:11, 2] smbd/service.c:make_connection_snum(571)
  user 'reader' (from session setup) not permitted to access this share (smReader)
[2006/08/11 13:38:11, 3] smbd/error.c:error_packet(146)
  error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2006/08/11 13:38:11, 3] smbd/process.c:process_smb(1110)
  Transaction 4 of length 43
[2006/08/11 13:38:11, 3] smbd/process.c:switch_message(914)
  switch message SMBulogoffX (pid 4834) conn 0x0
[2006/08/11 13:38:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/11 13:38:11, 3] smbd/reply.c:reply_ulogoffX(1618)
  ulogoffX vuid=101
[2006/08/11 13:38:11, 3] smbd/process.c:timeout_processing(1359)
  timeout_processing: End of file from client (client has disconnected).
[2006/08/11 13:38:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/11 13:38:11, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to 
[2006/08/11 13:38:11, 3] smbd/server.c:exit_server_common(675)
  Server exit (normal exit)
[2006/08/11 13:38:11, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [Harvey]\[reader]@[HARVEY] with the new password interface

[...]

Then about 60 more lines and I see:

[2006/08/11 14:05:19, 3] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: sam authentication for user [reader] succeeded

===========================

smb.conf:
#======================= Global Settings =====================================
[global]

# 1. Server Naming Options:
# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = home

# netbios name is the name you will see in "Network Neighbourhood",
# but defaults to your hostname
;  netbios name = <name_of_this_server>

# server string is the equivalent of the NT Description field
   server string = Samba_%v

# Message command is run by samba when a "popup" message is sent to it.
# The example below is for use with LinPopUp:
; message command = /usr/bin/linpopup "%f" "%m" %s; rm %s

# 2. Printing Options:
# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   printcap name = cups
   load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
   printing = cups

# Samba 3.x supports the Windows NT-style point-and-print feature. To
# use this, you need to be able to upload print drivers to the samba
# server. The printer admins (or root) may install drivers onto samba.
# Note that this feature uses the print$ share, so you will need to 
# enable it below.
# printer admin = @<group> <user>
   printer admin = @adm
# This should work well for winbind:
;   printer admin = @"Domain Admins"

# 3. Logging Options:
# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 500

# Set the log (verbosity) level (0 <= log level <= 10)
log level = 3

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest
# Allow users to map to guest:
  map to guest = bad user

# Security mode. Most people will want user level security. See
# security_level.txt for details.
  security = user
# Use password server option only with security = server or security = domain
# When using security = domain, you should use password server = *
;   password server = <NT-Server-Name>
;   password server = *

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
# Encrypted passwords are required for any use of samba in a Windows NT domain
# The smbpasswd file is only required by a server doing authentication, thus
# members of a domain do not need one.
#  encrypt passwords = yes
# [HP 02/10/06 10:29  ]  
  smb passwd file = /etc/samba/private/smbpasswd


# 5. Browser Control and Networking Options:
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192


# Samba Password Database configuration:
# Samba now has runtime-configurable password database backends. Multiple
# passdb backends may be used, but users will only be added to the first one
# Default:
# [HP 02/10/06 10:29  ]passdb 
  backend = smbpasswd guest

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no 


#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = yes
   writable = yes

# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients. On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
# to swap the 'print command' line below with the commented one.
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# to allow user 'guest account' to print.
   guest ok = yes
   writable = no
   printable = yes
   create mode = 0700
# =====================================
# print command: see above for details.
# =====================================
   print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.

# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf 
[print$]
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   write list = @adm root
   guest ok = yes

## # [HP 12/09/05 19:52  HP configuration from here]
[smCDROM_ro]
	comment = ""
   valid users = reader Harry
	path = /mnt/cdrom
	writeable = no
	guest ok = yes

[smWin]
	comment = ""
	valid users = reader Harry
	path = /usb1/bak/win.bk
	writeable = yes
	guest ok = yes

[smUsb1]
   comment = ""
   valid users = reader Harry
   path = /usb1
   writeable = yes
   guest ok = yes
	
[smUsb2]
	comment = ""
	valid users = reader Harry
	path = /usb2
	writeable = yes
	guest ok = yes

[smUsrLocal]
	comment = ""
	valid users = reader Harry
	path = /usr/local
	writeable = yes
	guest ok = yes

[smRootHome]
	comment = ""
   valid users = reader Harry
	path = /root
	writeable = yes
	guest ok = yes
	
[smRoot]
	comment = ""
   valid users = reader Harry
	path = /
	writeable = yes
	guest ok = yes

[smReader]
	comment = ""
   valid users = reader Harry
	path = /home/reader
	writeable = yes
	guest ok = yes

[smPerl]
	comment = ""
	valid users = reader Harry
	path = /mnt/pack/Projects/reader_proj/perl
	writeable = yes
	guest ok = yes

[smJunk]
	comment = "" 
	valid users = reader Harry
	path = /home/reader/.junk
	writeable = yes
	guest ok = yes

[smBak]
	comment = ""
	valid users = reader Harry
	path = /anex2/bak/misc
	writeable = yes
	guest ok = yes

[smPub]
	comment = ""
	valid users = reader Harry
	path = /mnt/pack/pub
	writeable = yes
	guest ok = yes

[smNo_bak]
	comment = ""
	valid users = reader Harry
	path = /mnt/pack/NoBak/reader_nobak
	writeable = yes
	guest ok = yes

[smProj]
	comment = ""
	valid users = reader Harry
	path = /mnt/pack/Projects/reader_proj	writeable = yes
	writeable = yes
	guest ok = yes

[smCdrom_wr]
	comment = ""
	valid users = reader Harry
	path = /mnt/cdrom
	writeable = yes




More information about the samba mailing list