[Samba] Word/Excel documents cannot be saved after Samba Upgrade

Karsten Hoffmann khoffmann at adventos.de
Tue Aug 24 09:07:41 MDT 2010


Thanks for your advice, but no change ...

I actually noticed some strange in net groupmap
To me it looks like we have two different sambaSID,
Could the problem be a false mapping of unix group "users"?

fileserver:~# net getlocalsid WORKGROUP
SID for domain WORKGROUP is: S-1-5-21-2486266552-4179740748-4022069874

fileserver:~# net groupmap list
Domain Admins (S-1-5-21-2486266552-4179740748-4022069874-512) -> Domain
Admins
Domain Users (S-1-5-21-2486266552-4179740748-4022069874-513) -> Domain
Users
Domain Guests (S-1-5-21-2486266552-4179740748-4022069874-514) -> Domain
Guests
Domain Computers (S-1-5-21-2486266552-4179740748-4022069874-515) ->
Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
users (S-1-5-21-3588677525-3898198964-4119851206-1201) -> users
ak (S-1-5-21-2486266552-4179740748-4022069874-3001) -> ak
fa (S-1-5-21-3588677525-3898198964-4119851206-3003) -> fa
im (S-1-5-21-3588677525-3898198964-4119851206-3005) -> im
am (S-1-5-21-3588677525-3898198964-4119851206-3011) -> am
friend (S-1-5-21-3588677525-3898198964-4119851206-3013) -> friend
tg (S-1-5-21-3588677525-3898198964-4119851206-3015) -> tg
hn (S-1-5-21-3588677525-3898198964-4119851206-3017) -> hn
kontakt (S-1-5-21-3588677525-3898198964-4119851206-3021) -> kontakt
ct (S-1-5-21-3588677525-3898198964-4119851206-3023) -> ct
mm (S-1-5-21-3588677525-3898198964-4119851206-3019) -> mm
sso (S-1-5-21-3588677525-3898198964-4119851206-3025) -> sso
nk (S-1-5-21-3588677525-3898198964-4119851206-3007) -> nk
sp (S-1-5-21-3588677525-3898198964-4119851206-3009) -> sp
ck (S-1-5-21-3588677525-3898198964-4119851206-3049) -> ck
gs (S-1-5-21-3588677525-3898198964-4119851206-3051) -> gs
sr (S-1-5-21-3588677525-3898198964-4119851206-3053) -> sr
friend2 (S-1-5-21-3588677525-3898198964-4119851206-3055) -> friend2
cv (S-1-5-21-3588677525-3898198964-4119851206-3057) -> cv
ts (S-1-5-21-3588677525-3898198964-4119851206-3059) -> ts
om (S-1-5-21-3588677525-3898198964-4119851206-3065) -> om
mg (S-1-5-21-3588677525-3898198964-4119851206-3067) -> mg
dw (S-1-5-21-2486266552-4179740748-4022069874-3069) -> dw
vm (S-1-5-21-3588677525-3898198964-4119851206-3071) -> vm
GF (S-1-5-21-2486266552-4179740748-4022069874-3027) -> jb
Berater (S-1-5-21-2486266552-4179740748-4022069874-3029) -> Berater
Team1 (S-1-5-21-2486266552-4179740748-4022069874-3031) -> Team1
Team2 (S-1-5-21-2486266552-4179740748-4022069874-3033) -> Team2
Team3 (S-1-5-21-2486266552-4179740748-4022069874-3035) -> Team3
Officemanagement (S-1-5-21-2486266552-4179740748-4022069874-3037) ->
Officemanagement
vw (S-1-5-21-2486266552-4179740748-4022069874-3039) -> vw
jo (S-1-5-21-2486266552-4179740748-4022069874-3041) -> jo


Regards 
Karsten




> Try your: nt acl support = Yes
> IN nt acl support = NO
> 
> -----------------------------------------------
> EDV Daniel Müller
> 
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> 
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> 
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Karsten Hoffmann
> Gesendet: Dienstag, 24. August 2010 14:16
> An: samba
> Betreff: [Samba] Word/Excel documents cannot be saved after Samba Upgrade
> 
> Hi, 
> 
> after upgrading Samba 3.0.24 to Samba 3.5.4 a strange problem occurs:
> 
> Users cannot anymore save files in MS Office (Word/Excel) on Samba
> shares. More precisely: 
> Save as Office 2007 documents or RTF-Files works fine, but *.doc ist
> avoided with Error Message "Not enough memory". 
> Of course there are lots of memory/space and ACL/Permissions should be
> ok since other file operations are working as expected. 
> 
> I found some posts reporting this problem before, but nothing really
> solved the issue. 
> 
> As I understand that this problem is well known, and should be solved. 
> I would appreciate any hint. 
> 
> testparam -vvv
> [global]
> dos charset = CP850
> unix charset = UTF-8
> display charset = LOCALE
> workgroup = WORKGROUP
> realm = 
> netbios name = FILESERVER
> netbios aliases = 
> netbios scope = 
> server string = %h (Samba %v)
> interfaces = 
> bind interfaces only = Yes
> security = USER
> auth methods = 
> encrypt passwords = Yes
> update encrypted = No
> client schannel = Auto
> server schannel = Auto
> allow trusted domains = Yes
> map to guest = Never
> null passwords = No
> obey pam restrictions = Yes
> password server = *
> smb passwd file = /etc/samba/smbpasswd
> private dir = /etc/samba
> passdb backend = ldapsam
> algorithmic rid base = 1000
> root directory = 
> guest account = nobody
> enable privileges = Yes
> pam password change = No
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX
> \spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd chat debug = No
> passwd chat timeout = 2
> check password script = 
> username map = 
> password level = 0
> username level = 0
> unix password sync = No
> restrict anonymous = 0
> lanman auth = No
> ntlm auth = Yes
> client NTLMv2 auth = No
> client lanman auth = No
> client plaintext auth = No
> preload modules = 
> dedicated keytab file = 
> kerberos method = default
> map untrusted to domain = No
> log level = 3
> syslog = 0
> syslog only = No
> log file = /var/log/samba/log.%m
> max log size = 1000
> debug timestamp = Yes
> debug prefix timestamp = No
> debug hires timestamp = Yes
> debug pid = No
> debug uid = No
> debug class = No
> enable core files = Yes
> smb ports = 445 139
> large readwrite = Yes
> max protocol = NT1
> min protocol = CORE
> min receivefile size = 0
> read raw = Yes
> write raw = Yes
> disable netbios = No
> reset on zero vc = No
> acl compatibility = auto
> defer sharing violations = Yes
> nt pipe support = Yes
> nt status support = Yes
> announce version = 4.9
> announce as = NT
> max mux = 50
> max xmit = 16644
> name resolve order = lmhosts wins host bcast
> max ttl = 259200
> max wins ttl = 518400
> min wins ttl = 21600
> time server = No
> unix extensions = Yes
> use spnego = Yes
> client signing = auto
> server signing = No
> client use spnego = Yes
> client ldap sasl wrapping = plain
> enable asu support = No
> svcctl list = 
> deadtime = 0
> getwd cache = Yes
> keepalive = 300
> lpq cache time = 30
> max smbd processes = 0
> paranoid server security = Yes
> max disk size = 0
> max open files = 16384
> socket options = TCP_NODELAY
> use mmap = Yes
> hostname lookups = No
> name cache timeout = 660
> ctdbd socket = 
> cluster addresses = 
> clustering = No
> ctdb timeout = 0
> load printers = Yes
> printcap cache time = 750
> printcap name = 
> cups server = 
> cups encrypt = No
> cups connection timeout = 30
> iprint server = 
> disable spoolss = No
> addport command = 
> enumports command = 
> addprinter command = 
> deleteprinter command = 
> show add printer wizard = Yes
> os2 driver map = 
> mangling method = hash2
> mangle prefix = 1
> max stat cache size = 256
> stat cache = Yes
> machine password timeout = 604800
> add user script = 
> rename user script = 
> delete user script = 
> add group script = 
> delete group script = 
> add user to group script = 
> delete user from group script = 
> set primary group script = 
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> shutdown script = 
> abort shutdown script = 
> username map script = 
> logon script = logon.cmd
> logon path = \\%L\profiles\%U
> logon drive = 
> logon home = \\%N\%U
> domain logons = Yes
> init logon delayed hosts = 
> init logon delay = 100
> os level = 20
> lm announce = Auto
> lm interval = 60
> preferred master = No
> local master = Yes
> domain master = Auto
> browse list = Yes
> enhanced browsing = Yes
> dns proxy = No
> wins proxy = No
> wins server = 
> wins support = Yes
> wins hook = 
> kernel oplocks = Yes
> lock spin time = 200
> oplock break wait time = 0
> ldap admin dn = "cn=admin,dc=menyesch,dc=de"
> ldap delete dn = No
> ldap group suffix = ou=Groups
> ldap idmap suffix = 
> ldap machine suffix = ou=Computers
> ldap passwd sync = no
> ldap replication sleep = 1000
> ldap suffix = dc=menyesch,dc=de
> ldap ssl = no
> ldap ssl ads = No
> ldap deref = auto
> ldap follow referral = Auto
> ldap timeout = 15
> ldap connection timeout = 2
> ldap page size = 1024
> ldap user suffix = ou=People
> ldap debug level = 0
> ldap debug threshold = 10
> eventlog list = 
> add share command = 
> change share command = 
> delete share command = 
> preload = 
> lock directory = /var/lib/samba
> state directory = /var/lib/samba
> cache directory = /var/lib/samba
> pid directory = /var/run/samba
> utmp directory = 
> wtmp directory = 
> utmp = No
> default service = 
> message command = 
> get quota command = 
> set quota command = 
> remote announce = 
> remote browse sync = 
> socket address = 0.0.0.0
> nmbd bind explicit broadcast = Yes
> homedir map = auto.home
> afs username map = 
> afs token lifetime = 604800
> log nt token command = 
> time offset = 0
> NIS homedir = No
> registry shares = No
> usershare allow guests = No
> usershare max shares = 0
> usershare owner only = Yes
> usershare path = /var/lib/samba/usershares
> usershare prefix allow list = 
> usershare prefix deny list = 
> usershare template share = 
> panic action = /usr/share/samba/panic-action %d
> perfcount module = 
> host msdfs = Yes
> passdb expand explicit = No
> idmap backend = tdb
> idmap alloc backend = 
> idmap cache time = 604800
> idmap negative cache time = 120
> idmap uid = 
> idmap gid = 
> template homedir = /home/%D/%U
> template shell = /bin/false
> winbind separator = \
> winbind cache time = 300
> winbind reconnect delay = 30
> winbind enum users = No
> winbind enum groups = No
> winbind use default domain = No
> winbind trusted domains only = No
> winbind nested groups = Yes
> winbind expand groups = 1
> winbind nss info = template
> winbind refresh tickets = No
> winbind offline logon = No
> winbind normalize names = No
> winbind rpc only = No
> create krb5 conf = Yes
> comment = 
> path = 
> username = 
> invalid users = 
> valid users = 
> admin users = 
> read list = 
> write list = 
> printer admin = 
> force user = 
> force group = 
> read only = Yes
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> create mask = 0744
> force create mode = 00
> security mask = 0777
> force security mode = 00
> directory mask = 0755
> force directory mode = 00
> directory security mask = 0777
> force directory security mode = 00
> force unknown acl user = No
> inherit permissions = No
> inherit acls = No
> inherit owner = No
> guest only = No
> administrative share = No
> guest ok = No
> only user = No
> hosts allow = 
> hosts deny = 
> allocation roundup size = 1048576
> aio read size = 0
> aio write size = 0
> aio write behind = 
> ea support = No
> nt acl support = Yes
> profile acls = No
> map acl inherit = No
> afs share = No
> smb encrypt = auto
> block size = 1024
> change notify = Yes
> directory name cache size = 100
> kernel change notify = Yes
> max connections = 0
> min print space = 0
> strict allocate = No
> strict sync = No
> sync always = No
> use sendfile = No
> write cache size = 0
> max reported print jobs = 0
> max print jobs = 1000
> printable = No
> printing = cups
> cups options = 
> print command = 
> lpq command = %p
> lprm command = 
> lppause command = 
> lpresume command = 
> queuepause command = 
> queueresume command = 
> printer name = 
> use client driver = No
> default devmode = Yes
> force printername = No
> printjob username = %U
> default case = lower
> case sensitive = Auto
> preserve case = Yes
> short preserve case = Yes
> mangling char = ~
> hide dot files = Yes
> hide special files = No
> hide unreadable = No
> hide unwriteable files = No
> delete veto files = No
> veto files = 
> hide files = 
> veto oplock files = 
> map archive = Yes
> map hidden = No
> map system = No
> map readonly = yes
> mangled names = Yes
> store dos attributes = No
> dmapi support = No
> browseable = Yes
> access based share enum = No
> blocking locks = Yes
> csc policy = manual
> fake oplocks = No
> locking = Yes
> oplocks = Yes
> level2 oplocks = Yes
> oplock contention limit = 2
> posix locking = Yes
> strict locking = Auto
> share modes = Yes
> dfree cache time = 0
> dfree command = 
> copy = 
> preexec = 
> preexec close = No
> postexec = 
> root preexec = 
> root preexec close = No
> root postexec = 
> available = Yes
> volume = 
> fstype = NTFS
> set directory = No
> wide links = No
> follow symlinks = Yes
> dont descend = 
> magic script = 
> magic output = 
> delete readonly = No
> dos filemode = No
> dos filetimes = Yes
> dos filetime resolution = No
> fake directory create times = No
> vfs objects = 
> msdfs root = No
> msdfs proxy = 
> 
> 
> [Public]
> comment = Die Freigabe fuer alle
> path = /srv/public
> read only = No
> create mask = 0777
> force create mode = 0777
> directory mask = 0777
> force directory mode = 0777
> 
> Thanks 
> Karsten


More information about the samba mailing list