[Samba] Urgent help request!

Michael St. Laurent mikes at hartwellcorp.com
Mon Feb 5 20:55:11 GMT 2007 

I've gone further down the food chain in diagnosing the problem:

A net rpc join command works but wbinfo -u or wbinfo -g fails:

[root at hcnas samba]# net rpc join -U Administrator
Password:
Joined domain MERCURY.
[root at hcnas samba]# net rpc info -U Administrator
Password:
Domain Name: MERCURY
Domain SID: S-1-5-21-356471451-824197641-1237804090
Sequence number: 20543
Num users: 625
Num domain groups: 96
Num local groups: 109
[root at hcnas samba]# wbinfo --set-auth-user=Administrator
Password:
[root at hcnas samba]# wbinfo -u
Error looking up domain users
[root at hcnas samba]# wbinfo -g
BUILTIN\administrators
BUILTIN\users
[root at hcnas samba]#

I've tried removing the server from the domain and rejoining it to no avail.  The domain has a Windows ADS controller running in mixed-mode.

Please help!  This is seriously impacting the network and my stress levels are peaking!  ;)

Here is the global section from our smb.conf file:

[global]
        workgroup = MERCURY
        server string = Network Attached Storage
        security = DOMAIN
        winbind use default domain = yes
        encrypt passwords = Yes
        password server = HCDC
        winbind nested groups = yes
        log file = /var/log/samba/log.%m
        log level = 3
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = no
        os level = 0
        local master = No
        dns proxy = No
        wins server = 10.11.10.3
        writeable = Yes
        inherit acls = Yes
        map to guest = Bad Uid


-----Original Message-----
From: samba-bounces+mikes=hartwellcorp.com at lists.samba.org [mailto:samba-bounces+mikes=hartwellcorp.com at lists.samba.org] On Behalf Of Michael St. Laurent
Sent: Monday, February 05, 2007 9:59 AM
To: samba at lists.samba.org
Subject: RE: [Samba] Samba-3.0.23 problem

I've tried using the plus sign with no change.  I also tried adding the machine name with no result.

In other words:

@mis
+mis
@HCNAS\mis
+HCNAS\mis

Have not worked.


-----Original Message-----
From: samba-bounces+mikes=hartwellcorp.com at lists.samba.org [mailto:samba-bounces+mikes=hartwellcorp.com at lists.samba.org] On Behalf Of Michael St. Laurent
Sent: Monday, February 05, 2007 9:15 AM
To: samba at lists.samba.org
Subject: RE: [Samba] Samba-3.0.23 problem

Well, why would it change after a power off?  No software upgrades were done.  In fact, that same server had been powered off before while still on the same software version (samba-3.0.23c) without any problem.  It was only after we took all servers offline simultaneously that this happened.

I'll try your suggestion of course (and thank you very much!), I'm just confused about why this happened.

-----Original Message-----
From: samba-bounces+mikes=hartwellcorp.com at lists.samba.org [mailto:samba-bounces+mikes=hartwellcorp.com at lists.samba.org] On Behalf Of Felipe Augusto van de Wiel
Sent: Monday, February 05, 2007 5:37 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Samba-3.0.23 problem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/04/2007 06:51 PM, Michael St. Laurent wrote:
> We had to power down all servers today for electrical maintenance in the
> building and for some reason I began having access problems related to
> the valid users lists when power was restored.
>  
> The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if
> it might be related even though I had not performed any software upgrade
> so I tried adding the group mappings as discussed in that thread.  It
> didn't seem to help.  If I remove the valid users parameter it works
> fine.
>  
> The below logfile snippet shows that it's having a problem with the
> group membership aspect of the valid users list.  Please note that user
> 'mikes' is most definitely a member of the unix group 'mis':
>  
>   looking for user mikes of domain (ANY) in netgroup mis
> [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64)
>   lookup_name: HCNAS\mis => HCNAS (domain), mis (name)
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208)
>   User mikes not in 'valid users'
> [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580)
>   user 'mikes' (from session setup) not permitted to access this share
> (exec_share)
> [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
>  
> [root at hcnas samba]# groups mikes
> mikes : avante mis
> [root at hcnas samba]#
>  
> [exec_share]
>         comment = Exec Share
>         path = /usr/netshare/exec_share
>         writeable = Yes
>         valid users = @exec, @exasst, @mis
>         admin users = @mis
>         force group = exec
>         force create mode = 0666
>         force directory mode = 0777
>  
> Please help!

	What happens if you try with:

		valid users = +mis


	Did you checked the "Release Notes" for 3.0.23b?

	http://us1.samba.org/samba/history/samba-3.0.23d.html


	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu
dNND4PP6sa6bFAJR0aq2fAI=
=dq8E
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list