[Samba] samba w/o openvpn: OK - else strange issues

Michael Rau michi.rau at googlemail.com
Wed Sep 9 18:17:10 MDT 2009


Hello,

I do have a very strange behavior. For some reason, I only observe
this, when I access a samba share through an openvpn tunnel.

(1) objective

have a share, have SECURITY USERS (to control access rights), but NULL
PASSWORDS (authentication is fine enough by vpn). Find config files
below.

This is samba 3.3.2. Openvpn 2.1_rc11.

(2) issue

I connect via vpn from winXP ... fine
I access some shares ... fine
I access some directories and files ... fine (btw: access rights work
perfectly)
I create a file or a folder ... sometimes works, sometimes not
THEN: If it works I try to rename the file or folder. It does not
*ALWAYS* work. Sometimes it does. More often it does not. WinXP throws
"access denied". I played around with the parameters "nt acl support =
no", "directory mask", "create mask", "force directory mask". Nothing
really works out (latest version attached below). The logfiles are
very busy and I cannot figure out what is really going on.

=> did anybody ever observe this?
=> this does not occur, when I do *not* access the share through VPN!
Or is this coincidence?
=> real issue is, that sometimes it works. In this successful case,
the renamed folder appears only after various F5 in winXP (refresh).

(3) config file smb.conf

[global]
       log file = /var/log/samba/log.%m
       passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*
\spassword:* %n\n *password\supdated\ssuccessfully* .
       obey pam restrictions = yes
       null passwords = yes
       encrypt passwords = yes
       passwd program = /usr/bin/passwd %u
       passdb backend = tdbsam
       dns proxy = no
       server string = %h server (Samba, Ubuntu)
       unix password sync = yes
       workgroup = DALL-ARMI
       security = user
       syslog = 0
       usershare allow guests = yes
       panic action = /usr/share/samba/panic-action %d
       unix charset = UTF8
       max log size = 1000
       pam password change = yes
       log level = 0
       nt acl support = no
[share]
   path=/mnt/workspace/share
   comment = share-workspace
   browsable = yes
   read only = no
   create mask = 777
   directory mask = 777
   force directory mode = 0770
   #guest ok = true

All other options of smb.conf are (or should be :-) "default".

(4) samba log files with a "log level 3"

Here are some snippets which seem strange to me:

<snip>

[2009/09/10 01:50:00,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID
[S-1-5-21-3561405685-2395757788-2122654243-501]
[2009/09/10 01:50:00,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-5-2]
[2009/09/10 01:50:00,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-5-32-546]

<snip>
[2009/09/10 01:50:00,  3] smbd/password.c:register_existing_vuid(289)
 register_existing_vuid: User name: nobody     Real name: nobody
[2009/09/10 01:50:00,  3] smbd/password.c:register_existing_vuid(299)
 register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will
be vuid 100
<snip>

[2009/09/10 01:50:01,  3] smbd/msdfs.c:get_referred_path(813)
 get_referred_path: |piazza| in dfs path \10.8.0.1\piazza is not a
dfs root.
[2009/09/10 01:50:01,  3] smbd/error.c:error_packet_set(61)
 error packet at smbd/trans2.c(7299) cmd=50 (SMBtrans2)
NT_STATUS_NOT_FOUND
<snip>

[2009/09/10 01:50:01,  3] auth/auth.c:check_ntlm_password(220)
 check_ntlm_password:  Checking password for unmapped user [MB-LAPTOP]
\[mra]@[MB-LAPTOP] with the new password interface
[2009/09/10 01:50:01,  3] auth/auth.c:check_ntlm_password(223)
 check_ntlm_password:  mapped user is: [MASTER]\[mra]@[MB-LAPTOP]

<snip>

[2009/09/10 01:50:01,  3] auth/auth_sam.c:sam_password_ok(47)
 Account for user 'mra' has no password and null passwords are
allowed.

<snip>

[2009/09/10 01:50:01,  2] auth/auth.c:check_ntlm_password(308)
 check_ntlm_password:  authentication for user [mra] -> [mra] ->
[mra] succeeded

<snip>

[2009/09/10 01:50:01,  3] auth/token_util.c:create_local_nt_token(433)
 Failed to fetch domain sid for DALL-ARMI

<snip>

[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID
[S-1-5-21-3561405685-2395757788-2122654243-1014]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-22-2-1000]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-5-2]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-5-11]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-22-2-4]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-22-2-110]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-22-2-112]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-22-2-1002]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-22-2-1010]
[2009/09/10 01:50:01,  3] lib/privileges.c:get_privileges(63)
 get_privileges: No privileges assigned to SID [S-1-22-2-1009]

[2009/09/10 01:50:01,  3] smbd/password.c:register_existing_vuid(289)
 register_existing_vuid: User name: mra        Real name: Michael Rau
[2009/09/10 01:50:01,  3] smbd/password.c:register_existing_vuid(299)
 register_existing_vuid: UNIX uid 1000 is UNIX user mra, and will be
vuid 101
[2009/09/10 01:50:01,  3] smbd/password.c:register_homes_share(231)
 Adding homes service for user 'mra' using home directory: '/home/
mra'

<snip>


[2009/09/10 01:50:11,  3] lib/sysquotas.c:sys_get_quota(453)
 sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[2] id[1000]: Invalid argument
[2009/09/10 01:50:11,  3] lib/sysquotas.c:sys_get_quota(453)
 sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[4] id[1000]: Invalid argument
[2009/09/10 01:50:11,  3] smbd/process.c:process_smb(1554)
 Transaction 23 of length 74 (0 toread)
[2009/09/10 01:50:11,  3] smbd/process.c:switch_message(1378)
 switch message SMBtrans2 (pid 13672) conn 0x7f17e59acfa0
[2009/09/10 01:50:11,  3] smbd/trans2.c:call_trans2qfsinfo(2592)
 call_trans2qfsinfo: level = 1007
[2009/09/10 01:50:11,  3] lib/sysquotas.c:sys_get_quota(453)
 sys_get_vfs_quota() failed for mntpath[/mnt/wo<snip>

rkspace] bdev[/dev/sdb5] qtype[2] id[1000]: Invalid argument
[2009/09/10 01:50:11,  3] lib/sysquotas.c:sys_get_quota(453)
 sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[4] id[1000]: Invalid argument

<snip>

[2009/09/10 01:50:11,  3] smbd/error.c:error_packet_set(61)
 error packet at smbd/trans2.c(4038) cmd=50 (SMBtrans2)
NT_STATUS_OBJECT_NAME_NOT_FOUND

<snip>

[2009/09/10 01:50:11,  3] lib/sysquotas.c:sys_get_quota(453)
 sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[2] id[1000]: Invalid argument
[2009/09/10 01:50:11,  3] lib/sysquotas.c:sys_get_quota(453)
 sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[4] id[1000]: Invalid argument

<snip>
 get_referred_path: |piazza| in dfs path \10.8.0.1\piazza is not a
dfs root.

<snip>

[[2009/09/10 01:50:32,  3] smbd/trans2.c:call_trans2qfilepathinfo
(4057)
 call_trans2qfilepathinfo piazza_doc/09-07-03.Business_Plan/Neuer
Ordner (fnum = 10831) level=1007 call=7 total_data=0
[2009/09/10 01:50:32,  3] smbd/process.c:process_smb(1554)
 Transaction 269 of length 45 (0 toread)
[2009/09/10 01:50:32,  3] smbd/process.c:switch_message(1378)
 switch message SMBclose (pid 13672) conn 0x7f17e59acfa0
[2009/09/10 01:50:32,  3] smbd/reply.c:reply_close(4338)
 close directory fnum=10829
[2009/09/10 01:50:32,  3] smbd/process.c:process_smb(1554)
 Transaction 270 of length 220 (0 toread)
[2009/09/10 01:50:32,  3] smbd/process.c:switch_message(1378)
 switch message SMBmv (pid 13672) conn 0x7f17e59acfa0
[2009/09/10 01:50:32,  3] smbd/reply.c:reply_mv(6104)
 reply_mv : piazza_doc/09-07-03.Business_Plan/Neuer Ordner ->
piazza_doc/09-07-03.Business_Plan/test
[2009/09/10 01:50:32,  3] smbd/reply.c:rename_internals(5832)
 rename_internals: case_sensitive = 0, case_preserve = 1, short case
preserve = 1, directory = piazza_doc/09-07-03.Business_Plan/Neuer
Ordner, newname = piazza_doc/09-07-03.Business_Plan/test,
last_component_dest = test, is_8_3 = 0
[2009/09/10 01:50:32,  3] smbd/reply.c:rename_internals_fsp(5642)
 rename_internals_fsp: Error NT_STATUS_ACCESS_DENIED rename
piazza_doc/09-07-03.Business_Plan/Neuer Ordner -> piazza_doc/
09-07-03.Business_Plan/test
[2009/09/10 01:50:32,  3] smbd/reply.c:rename_internals(5887)
 rename_internals: Error NT_STATUS_ACCESS_DENIED rename piazza_doc/
09-07-03.Business_Plan/Neuer Ordner -> piazza_doc/
09-07-03.Business_Plan/test
[2009/09/10 01:50:32,  3] smbd/error.c:error_packet_set(61)
 error packet at smbd/reply.c(6114) cmd=7 (SMBmv)
NT_STATUS_ACCESS_DENIED

But acutally, with level 3 the log file is very busy (attached in this
email). And with level 2
nothing really happens.

Help is very much appreciated. If no help possible, then any advice
for alternative groups is welcome.

Michael.


More information about the samba mailing list