[Samba] A strange file-ownership problem
Brother Railgun of Reason
alaric at caerllewys.net
Sun Feb 28 22:26:51 MST 2010
The scenario:
I have two Samba servers on my network. One, running v3.0.37, is on my
main server, a Solaris 10 x86 box. The other, just updated from 3.0.37
to 3.4.5 in the hope of solving this problem, is on my workstation, a
Gentoo Linux box. The Linux Samba server shares only [homes]. The
Solaris Samba server shares [homes] and four other shares. Unix UIDs
are synchromized betwene the two machines - i.e, my user account is UID
1000 on both.
The problem:
I have a user account (which does have administrator rights) on the XP
box. That account has the same username and password as my Unix user
accounts. If I copy a file from my XP desktop to the [export] share on
the Solaris box, it shows up from the Unix side correctly owned by my
user account. However, if I copy the exact same file to the [homes]
share on the Gentoo box or the [shares] share on the Solaris box, it
shows up owned by root. Out of constructive paranoia, I even went so
far as to explicitly map my user account name, Windows side, to the
identical user account name, Unix side, in /etc/samba/smbusers.map. It
didn't help. Looking at the log file on the Gentoo smbd, I see entries
like this:
[2010/02/04 13:56:53, 1] smbd/service.c:make_connection_snum(1042)
vorlon (10.24.32.20) connect to service alaric initially as user
alaric (uid=0, gid=100) (pid 13422)
which seems to be a major part of the issue: for some reason, it's
matching user alaric to uid 0 instead of uid 1000. What I can't figure
out is why. More oddly, the Solaris smbd seems to be getting different
uids at different times depending which share I connect to:
[2010/02/28 17:56:02, 1] smbd/service.c:(1042)
vorlon (10.24.32.20) connect to service export initially as user
alaric (uid=1000, gid=100) (pid 29828)
[2010/02/28 17:56:02, 1] smbd/service.c:(1042)
vorlon (10.24.32.20) connect to service shares initially as user
alaric (uid=0, gid=100) (pid 29828)
Does anyone have any pointers for solving this problem? I'm utterly
baffled at this point.
smb.conf on the Gentoo box:
# Samba config file created using SWAT
# from 10.24.32.10 (10.24.32.10)
# Date: 2010/02/10 14:00:24
[global]
workgroup = RUTHVEN
server string = Babylon5
security = user
local master = no
map to guest = Bad User
username map = /etc/samba/smbusers
lanman auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log file = /var/log/samba/log.%m
max log size = 50
disable netbios = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
dns proxy = No
idmap uid = 1000-20000
idmap gid = 1000-20000
hosts allow = 10.24.32., #, 192.168.1., 192.168.2., 127.
[homes]
comment = Home Directories
read only = No
create mask = 0644
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
printing = cups
print command = lpr -P'%p' %s; rm %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = disable '%p'
queueresume command = enable '%p'
browseable = No
[print$]
path = /var/lib/samba/printers
write list = @adm, root
guest ok = Yes
And on the Solaris box:
# Samba config file created using SWAT
# from 10.24.32.10 (10.24.32.10)
# Date: 2010/02/10 13:57:06
[global]
workgroup = RUTHVEN
server string = Babylon4
interfaces = bge0, 10.24.32.14/255.255.255.0
username map = /etc/sfw/smbusers.map
lanman auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log file = /var/samba/log/log.%m
max log size = 50
disable netbios = Yes
load printers = No
preferred master = Yes
domain master = Yes
dns proxy = No
idmap uid = 1000-20000
idmap gid = 1000-20000
template homedir = /home/%U
template shell = /usr/bin/bash
hosts allow = 10.24.32., 10.24.33., 127.
hide files = /.AppleDB/.AppleDesktop/.AppleDouble/.DS_Store
[homes]
comment = Home Directories
read only = No
create mask = 0644
browseable = No
[export]
comment = Network Storage
path = /netstore
valid users = alaric, cymru, administrator, goose, pirate, wen
read list = goose, pirate, wen
write list = alaric, cymru, administrator
read only = No
create mask = 0644
guest ok = Yes
[shares]
comment = Shared Folders
path = /shares
valid users = alaric, cymru, administrator, goose, pirate, wen
admin users = alaric, cymru, administrator
read list = alaric, cymru, administrator, goose, pirate, wen
write list = alaric, cymru, administrator, goose, pirate, wen
read only = No
create mask = 0644
guest ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
printing = cups
print command = lpr -P'%p' %s; rm %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = disable '%p'
queueresume command = enable '%p'
browseable = No
--
Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355
alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org
Renaissance Man, Unix ronin, Perl hacker, Free Stater
It's not the years, it's the mileage.
More information about the samba
mailing list