[Samba] A strange file-ownership problem

Brother Railgun of Reason alaric at caerllewys.net
Sun Feb 28 22:26:51 MST 2010


The scenario:

I have two Samba servers on my network.  One, running v3.0.37, is on my 
main server, a Solaris 10 x86 box.  The other, just updated from 3.0.37 
to 3.4.5 in the hope of solving this problem, is on my workstation, a 
Gentoo Linux box.  The Linux Samba server shares only [homes].  The 
Solaris Samba server shares [homes] and four other shares.  Unix UIDs 
are synchromized betwene the two machines - i.e, my user account is UID 
1000 on both.

The problem:

I have a user account (which does have administrator rights) on the XP 
box.  That account has the same username and password as my Unix user 
accounts.  If I copy a file from my XP desktop to the [export] share on 
the Solaris box, it shows up from the Unix side correctly owned by my 
user account.  However, if I copy the exact same file to the [homes] 
share on the Gentoo box or the [shares] share on the Solaris box, it 
shows up owned by root.  Out of constructive paranoia, I even went so 
far as to explicitly map my user account name, Windows side, to the 
identical user account name, Unix side, in /etc/samba/smbusers.map.  It 
didn't help.  Looking at the log file on the Gentoo smbd, I see entries 
like this:

[2010/02/04 13:56:53, 1] smbd/service.c:make_connection_snum(1042)
  vorlon (10.24.32.20) connect to service alaric initially as user 
  alaric (uid=0, gid=100) (pid 13422)

which seems to be a major part of the issue:  for some reason, it's
matching user alaric to uid 0 instead of uid 1000.  What I can't figure 
out is why.  More oddly, the Solaris smbd seems to be getting different 
uids at different times depending which share I connect to:

[2010/02/28 17:56:02, 1] smbd/service.c:(1042)
  vorlon (10.24.32.20) connect to service export initially as user 
  alaric (uid=1000, gid=100) (pid 29828)
[2010/02/28 17:56:02, 1] smbd/service.c:(1042)
  vorlon (10.24.32.20) connect to service shares initially as user 
  alaric (uid=0, gid=100) (pid 29828)
    

Does anyone have any pointers for solving this problem?  I'm utterly 
baffled at this point.




smb.conf on the Gentoo box:

# Samba config file created using SWAT
# from 10.24.32.10 (10.24.32.10)
# Date: 2010/02/10 14:00:24

[global]
	workgroup = RUTHVEN
	server string = Babylon5
	security = user
	local master = no
	map to guest = Bad User
	username map = /etc/samba/smbusers
	lanman auth = No
	client NTLMv2 auth = Yes
	client lanman auth = No
	client plaintext auth = No
	log file = /var/log/samba/log.%m
	max log size = 50
	disable netbios = Yes
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	printcap name = cups
	dns proxy = No
	idmap uid = 1000-20000
	idmap gid = 1000-20000
	hosts allow = 10.24.32., #, 192.168.1., 192.168.2., 127.

[homes]
	comment = Home Directories
	read only = No
	create mask = 0644
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	printing = cups
	print command = lpr -P'%p' %s; rm %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	lppause command = lp -i '%p-%j' -H hold
	lpresume command = lp -i '%p-%j' -H resume
	queuepause command = disable '%p'
	queueresume command = enable '%p'
	browseable = No

[print$]
	path = /var/lib/samba/printers
	write list = @adm, root
	guest ok = Yes



And on the Solaris box:

# Samba config file created using SWAT
# from 10.24.32.10 (10.24.32.10)
# Date: 2010/02/10 13:57:06

[global]
	workgroup = RUTHVEN
	server string = Babylon4
	interfaces = bge0, 10.24.32.14/255.255.255.0
	username map = /etc/sfw/smbusers.map
	lanman auth = No
	client NTLMv2 auth = Yes
	client lanman auth = No
	client plaintext auth = No
	log file = /var/samba/log/log.%m
	max log size = 50
	disable netbios = Yes
	load printers = No
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	idmap uid = 1000-20000
	idmap gid = 1000-20000
	template homedir = /home/%U
	template shell = /usr/bin/bash
	hosts allow = 10.24.32., 10.24.33., 127.
	hide files = /.AppleDB/.AppleDesktop/.AppleDouble/.DS_Store

[homes]
	comment = Home Directories
	read only = No
	create mask = 0644
	browseable = No

[export]
	comment = Network Storage
	path = /netstore
	valid users = alaric, cymru, administrator, goose, pirate, wen
	read list = goose, pirate, wen
	write list = alaric, cymru, administrator
	read only = No
	create mask = 0644
	guest ok = Yes

[shares]
	comment = Shared Folders
	path = /shares
	valid users = alaric, cymru, administrator, goose, pirate, wen
	admin users = alaric, cymru, administrator
	read list = alaric, cymru, administrator, goose, pirate, wen
	write list = alaric, cymru, administrator, goose, pirate, wen
	read only = No
	create mask = 0644
	guest ok = Yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	printing = cups
	print command = lpr -P'%p' %s; rm %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	lppause command = lp -i '%p-%j' -H hold
	lpresume command = lp -i '%p-%j' -H resume
	queuepause command = disable '%p'
	queueresume command = enable '%p'
	browseable = No




--
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.


More information about the samba mailing list