[Samba] vfs_ChDir fails,
even though the share is read-write for that user
Nathan VanHoudnos
vanhoudn at uiuc.edu
Wed Dec 12 20:21:43 GMT 2007
Hi,
I'm running Samba Version 3.0.25c on Solaris 10 8/07 on X86 hardware.
It's successfully joined to AD.
But, and there always is a but, if :
* A user is a member of SomeGroup
* and the share alllows SomeGroup to access it
* and SomeGroup is NOT what the user has set as their Primary Group in
Active Directory
then
* Samba will recognize that the user can access the share
* but, vfs_ChDir will fail
Consider a user, "vanhoudn", whose primary group is "WSG Staff".
If the share config is set to:
[arrakis]
path = "/export/arrakis"
comment = "Arraken Test share"
writeable = yes
valid users = @"UIUC+domain users"
vfs objects = zfsacl
nfs4: mode = special
The logs will spit out:
[2007/12/12 10:09:17, 10] smbd/share_access.c:(232)
user_ok_token: share arrakis is ok for unix user UIUC+vanhoudn
[2007/12/12 10:09:17, 10] smbd/share_access.c:(274)
is_share_read_only_for_user: share arrakis is read-write for unix user
UIUC+vanhoudn
Which is good. And, we can see that samba is correctly finding all of
the groups that this user is a member of...
[2007/12/12 10:09:17, 5] auth/auth_util.c:(474)
UNIX token of user 10000
Primary group is 10031 and contains 58 supplementary groups
Group[ 0]: 10007
Group[ 1]: 10008
<etc>
But, the access to the share will fail. The logs throw out this:
[2007/12/12 10:09:17, 5] smbd/uid.c:(273)
change_to_user uid=(0,10000) gid=(0,10031)
[2007/12/12 10:09:17, 4] smbd/vfs.c:(665)
vfs_ChDir to /export/arrakis
[2007/12/12 10:09:17, 4] smbd/vfs.c:(665)
vfs_ChDir to /export/arrakis
[2007/12/12 10:09:17, 0] smbd/service.c:(184)
chdir (/export/arrakis) failed
[2007/12/12 10:09:17, 3] smbd/error.c:(106)
error packet at smbd/process.c(991) cmd=50 (SMBtrans2)
NT_STATUS_NETWORK_ACCESS_DENIED
And I don't think it's because of filesystem permissions. ls gives:
drwxrwx--- 2 root UIUC+domain users 8 Dec 4 14:12 arrakis
The last log entry remains the same if the "vfs objects = zfsacl" and
"nfs4: mode = special" lines are there or not.
Any help would be greatly appreciated.
Cheers,
Nathan VanHoudnos
More information about the samba
mailing list