[Samba] Intermittent ACCESS DENIED
Steven Cardinal
steven.cardinal at gmail.com
Wed Sep 27 13:14:37 GMT 2006
In a follow-up to a previous post a couple weeks back, we've implemented a
Samba 3.0.20 (Suse packages on 10.0 - recompiled to include idmap_rid)
server to replace the Windows 2000 file server in our Win2003 Active
Directory. For the most part things have been going well, but occassionally
people will get access denied errors to things that they were accessing just
fine minutes before. With file shares, they can access the share via UNC
and, if they unmap and remap the share, it works. The recommendation was to
increase the log level to 10. I was finally able to capture a log while
someone was having a problem. In this instance they were getting access
denied to the printers.
To date, I've only seen these errors on Windows 2000 workstations and not
our XP workstations, but since this is so intermittent and we have only a
few XP boxes, I'm not sure that is signficant, but I figured I'd throw it
out there anyway. Here's my config (with the names changed to protect the
innocent)
[global]
unix charset = LOCALE
workgroup = MYDOMAIN
realm = MYDOMAIN.INT
server string = Production File Server 03
security = ADS
allow trusted domains = No
enable privileges = Yes
username map = /etc/samba/smbusers
log level = 10
log file = /var/log/samba/%m
max log size = 50
deadtime = 15
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap name = cups
wins server = 10.0.0.10
ldap ssl = no
idmap backend = idmap_rid:MYDOMAIN=10000-50000
idmap uid = 10000-50000
idmap gid = 10000-50000
template shell = /bin/bash
winbind separator = +
cups options = raw
[Software]
comment = Adheris Software
path = /srv/public/software
valid users = @MYDOMAIN+grpIT, @MYDOMAIN+grpDevelopers
admin users = "@MYDOMAIN+Domain Admins"
read only = No
create mask = 0664
directory mask = 0775
dos filemode = Yes
[Home$]
path = /srv/private/home
valid users = "@MYDOMAIN+Domain Users"
admin users = "@MYDOMAIN+Domain Admins"
read only = No
create mask = 0660
directory mask = 0770
dos filemode = Yes
[Users]
comment = Adheris User Data
path = /srv/public/users
valid users = "@MYDOMAIN+Domain Users"
admin users = "@MYDOMAIN+Domain Admins"
read only = No
create mask = 02664
directory mask = 02775
dos filemode = Yes
[Printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root, "@MYDOMAIN+Domain Admins"
And here is the debug information. The thing that stands out to me is the
request for spoolss that fails. We do not have the iptables firewall
enabled, but we seem to be getting a pipe issue perhaps? I'm weak on the
programming/debugging side but take directions well if anyone has some
suggestions. Thanks
[2006/09/26 16:19:51, 10]
lib/util_sock.c:read_smb_length_return_keepalive(615)
got smb length of 49
[2006/09/26 16:19:51, 6] smbd/process.c:process_smb(1113)
got message type 0x0 of len 0x31
[2006/09/26 16:19:51, 3] smbd/process.c:process_smb(1114)
Transaction 1145 of length 53
[2006/09/26 16:19:51, 5] lib/util.c:show_msg(454)
[2006/09/26 16:19:51, 5] lib/util.c:show_msg(464)
size=49
smb_com=0x2b
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=49219
smb_tid=65535
smb_pid=65279
smb_uid=0
smb_mid=65534
smt_wct=1
smb_vwv[ 0]= 1 (0x1)
smb_bcc=12
[2006/09/26 16:19:51, 10] lib/util.c:dump_data(2053)
[000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr.
[2006/09/26 16:19:51, 3] smbd/process.c:switch_message(900)
switch message SMBecho (pid 23178) conn 0x0
[2006/09/26 16:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/26 16:19:51, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2006/09/26 16:19:51, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/26 16:19:51, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/09/26 16:19:51, 5] lib/util.c:show_msg(454)
[2006/09/26 16:19:51, 5] lib/util.c:show_msg(464)
size=49
smb_com=0x2b
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=65535
smb_pid=65279
smb_uid=0
smb_mid=65534
smt_wct=1
smb_vwv[ 0]= 1 (0x1)
smb_bcc=12
[2006/09/26 16:19:51, 10] lib/util.c:dump_data(2053)
[000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr.
[2006/09/26 16:19:51, 3] smbd/reply.c:reply_echo(3499)
echo 1 times
[2006/09/26 16:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/26 16:19:51, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2006/09/26 16:19:51, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/26 16:19:51, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/09/26 16:19:51, 6] param/loadparm.c:lp_file_list_changed(2959)
lp_file_list_changed()
file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Sep 20
10:13:30 2006
[2006/09/26 16:20:25, 10]
lib/util_sock.c:read_smb_length_return_keepalive(615)
got smb length of 49
[2006/09/26 16:20:25, 6] smbd/process.c:process_smb(1113)
got message type 0x0 of len 0x31
[2006/09/26 16:20:25, 3] smbd/process.c:process_smb(1114)
Transaction 1146 of length 53
[2006/09/26 16:20:25, 5] lib/util.c:show_msg(454)
[2006/09/26 16:20:25, 5] lib/util.c:show_msg(464)
size=49
smb_com=0x2b
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=49219
smb_tid=65535
smb_pid=65279
smb_uid=0
smb_mid=65534
smt_wct=1
smb_vwv[ 0]= 1 (0x1)
smb_bcc=12
[2006/09/26 16:20:25, 10] lib/util.c:dump_data(2053)
[000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr.
[2006/09/26 16:20:25, 3] smbd/process.c:switch_message(900)
switch message SMBecho (pid 23178) conn 0x0
[2006/09/26 16:20:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/26 16:20:25, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2006/09/26 16:20:25, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/26 16:20:25, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/09/26 16:20:25, 5] lib/util.c:show_msg(454)
[2006/09/26 16:20:25, 5] lib/util.c:show_msg(464)
size=49
smb_com=0x2b
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=65535
smb_pid=65279
smb_uid=0
smb_mid=65534
smt_wct=1
smb_vwv[ 0]= 1 (0x1)
smb_bcc=12
[2006/09/26 16:20:25, 10] lib/util.c:dump_data(2053)
[000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr.
[2006/09/26 16:20:25, 3] smbd/reply.c:reply_echo(3499)
echo 1 times
[2006/09/26 16:20:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/26 16:20:25, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2006/09/26 16:20:25, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/26 16:20:25, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/09/26 16:20:44, 10]
lib/util_sock.c:read_smb_length_return_keepalive(615)
got smb length of 102
[2006/09/26 16:20:44, 6] smbd/process.c:process_smb(1113)
got message type 0x0 of len 0x66
[2006/09/26 16:20:44, 3] smbd/process.c:process_smb(1114)
Transaction 1147 of length 106
[2006/09/26 16:20:44, 5] lib/util.c:show_msg(454)
[2006/09/26 16:20:44, 5] lib/util.c:show_msg(464)
size=102
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=2
smb_pid=452
smb_uid=101
smb_mid=48515
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 4096 (0x1000)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]=16384 (0x4000)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 768 (0x300)
smb_bcc=19
[2006/09/26 16:20:44, 10] lib/util.c:dump_data(2053)
[000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s
[010] 00 00 00 ...
[2006/09/26 16:20:44, 3] smbd/process.c:switch_message(900)
switch message SMBntcreateX (pid 23178) conn 0x803c0bf8
[2006/09/26 16:20:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (11999, 10513) - sec_ctx_stack_ndx = 0
[2006/09/26 16:20:44, 5] auth/auth_util.c:debug_nt_user_token(457)
NT user token of user S-1-5-21-3400670868-1557003858-4011083039-24998
contains 19 SIDs
SID[ 0]: S-1-5-21-3400670868-1557003858-4011083039-24998
SID[ 1]: S-1-5-21-3400670868-1557003858-4011083039-22027
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-21-2065454515-1881373809-78262646-513
SID[ 6]: S-1-5-21-2065454515-1881373809-78262646-2964
SID[ 7]: S-1-5-21-2065454515-1881373809-78262646-2221
SID[ 8]: S-1-5-21-2065454515-1881373809-78262646-3461
SID[ 9]: S-1-5-21-2065454515-1881373809-78262646-5176
SID[ 10]: S-1-5-21-2065454515-1881373809-78262646-5147
SID[ 11]: S-1-5-21-2065454515-1881373809-78262646-5114
SID[ 12]: S-1-5-21-2065454515-1881373809-78262646-5179
SID[ 13]: S-1-5-21-2065454515-1881373809-78262646-2128
SID[ 14]: S-1-5-21-2065454515-1881373809-78262646-3025
SID[ 15]: S-1-5-21-2065454515-1881373809-78262646-2222
SID[ 16]: S-1-5-21-2065454515-1881373809-78262646-3021
SID[ 17]: S-1-5-21-2065454515-1881373809-78262646-2129
SID[ 18]: S-1-5-21-2065454515-1881373809-78262646-1879
SE_PRIV 0x0 0x0 0x0 0x0
[2006/09/26 16:20:44, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 11999
Primary group is 10513 and contains 14 supplementary groups
Group[ 0]: 10513
Group[ 1]: 12964
Group[ 2]: 12221
Group[ 3]: 13461
Group[ 4]: 15176
Group[ 5]: 15147
Group[ 6]: 15114
Group[ 7]: 15179
Group[ 8]: 12128
Group[ 9]: 13025
Group[ 10]: 12222
Group[ 11]: 13021
Group[ 12]: 12129
Group[ 13]: 11879
[2006/09/26 16:20:44, 5] smbd/uid.c:change_to_user(304)
change_to_user uid=(11999,11999) gid=(0,10513)
[2006/09/26 16:20:44, 10] smbd/nttrans.c:reply_ntcreate_and_X(506)
reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes =
0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040
root_dir_fid = 0x0
[2006/09/26 16:20:44, 5] smbd/filename.c:unix_convert(108)
unix_convert called on file "spoolss"
[2006/09/26 16:20:44, 10] smbd/statcache.c:stat_cache_lookup(215)
stat_cache_lookup: lookup failed for name [SPOOLSS]
[2006/09/26 16:20:44, 5] smbd/filename.c:unix_convert(175)
unix_convert begin: name = spoolss, dirpath = , start = spoolss
[2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled(276)
is_mangled spoolss ?
[2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled_component(215)
is_mangled_component spoolss (len 7) ?
[2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled(276)
is_mangled spoolss ?
[2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled_component(215)
is_mangled_component spoolss (len 7) ?
[2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled(276)
is_mangled spoolss ?
[2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled_component(215)
is_mangled_component spoolss (len 7) ?
[2006/09/26 16:20:44, 5] smbd/filename.c:unix_convert(324)
New file spoolss
[2006/09/26 16:20:44, 3] smbd/dosmode.c:unix_mode(121)
unix_mode(spoolss) returning 0664
[2006/09/26 16:20:44, 10] smbd/open.c:open_file_ntcreate(1236)
open_file_ntcreate: fname=spoolss, dos_attrs=0x0 access_mask=0x2019f
share_access=0x3 create_disposition = 0x1 create_options=0x400040 unix
mode=0664 oplock_request=3
[2006/09/26 16:20:44, 5] smbd/open.c:open_file_ntcreate(1327)
open_file_ntcreate: FILE_OPEN requested for file spoolss and file doesn't
exist.
[2006/09/26 16:20:44, 10] smbd/trans2.c:set_bad_path_error(2583)
set_bad_path_error: err = 2 bad_path = 0
[2006/09/26 16:20:44, 3] smbd/error.c:error_packet(147)
error packet at smbd/trans2.c(2589) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2006/09/26 16:20:44, 5] lib/util.c:show_msg(454)
[2006/09/26 16:20:44, 5] lib/util.c:show_msg(464)
size=35
smb_com=0xa2
smb_rcls=52
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=2
smb_pid=452
smb_uid=101
smb_mid=48515
smt_wct=0
smb_bcc=0
More information about the samba
mailing list