[Samba] Samba 4.1 DFS Share only access by administrator

Garming Sam garming at catalyst.net.nz
Wed Dec 4 14:39:28 MST 2013 

On 04/12/13 22:30, Daniel Müller wrote:
> The Error logs when a user try to connect a share linked in dfs:
>
> [2013/12/04 11:12:11.804551,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module samba_dsdb initialization failed : Operations error
> [2013/12/04 11:12:11.804626,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: Unable to load modules for /usr/local/samba/private/sam.ldb: Unable
> to open tdb '/usr/local/samba/private/sam.ldb.d/DC=DIFAEM,DC=LOC.ldb'
> [2013/12/04 11:12:11.804733,  0]
> ../source3/modules/vfs_dfs_samba4.c:81(dfs_samba4_connect)
>    samdb_connect failed
> [2013/12/04 11:12:11.804817,  0]
> ../source3/smbd/msdfs.c:338(create_conn_struct)
>    VFS connect failed!
> [2013/12/04 11:12:11.806657,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module partition initialization failed : Operations error
> [2013/12/04 11:12:11.806748,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module show_deleted initialization failed : Operations error
> [2013/12/04 11:12:11.806826,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module extended_dn_out_ldb initialization failed : Operations error
> [2013/12/04 11:12:11.806900,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module linked_attributes initialization failed : Operations error
> [2013/12/04 11:12:11.806982,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module repl_meta_data initialization failed : Operations error
> [2013/12/04 11:12:11.807057,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module subtree_delete initialization failed : Operations error
> [2013/12/04 11:12:11.807133,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module operational initialization failed : Operations error
> [2013/12/04 11:12:11.807205,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module aclread initialization failed : Operations error
> [2013/12/04 11:12:11.807298,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module acl initialization failed : Operations error
> [2013/12/04 11:12:11.807377,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module descriptor initialization failed : Operations error
> [2013/12/04 11:12:11.807448,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module objectclass initialization failed : Operations error
> [2013/12/04 11:12:11.807518,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module asq initialization failed : Operations error
> [2013/12/04 11:12:11.807588,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module server_sort initialization failed : Operations error
> [2013/12/04 11:12:11.807660,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module paged_results initialization failed : Operations error
> [2013/12/04 11:12:11.807730,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module dirsync initialization failed : Operations error
> [2013/12/04 11:12:11.807801,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module schema_load initialization failed : Operations error
> [2013/12/04 11:12:11.807871,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module rootdse initialization failed : Operations error
> [2013/12/04 11:12:11.807941,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: module samba_dsdb initialization failed : Operations error
> [2013/12/04 11:12:11.808031,  0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>    ldb: Unable to load modules for /usr/local/samba/private/sam.ldb: Unable
> to open tdb '/usr/local/samba/private/sam.ldb.d/DC=DIFAEM,DC=LOC.ldb'
> [2013/12/04 11:12:11.808198,  0]
> ../source3/modules/vfs_dfs_samba4.c:81(dfs_samba4_connect)
>    samdb_connect failed
> [2013/12/04 11:12:11.808335,  0]
> ../source3/smbd/msdfs.c:338(create_conn_struct)
>    VFS connect failed!
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Daniel Müller
> Gesendet: Mittwoch, 4. Dezember 2013 10:30
> An: samba at lists.samba.org
> Betreff: [Samba] Samba 4.1 DFS Share only access by administrator
>
> Dear all,
>
> I am testeing the dfs functions with Samba4.
> In my global section: host msdfs=yes
> vfs objects = dfs_samba4
> Later on setting a dfs root:
>
> [dfs]
>          path = /windows/dfs
>          read only = No
>          msdfs root = Yes
>
> ls -s  the shares in this root.
>
> lrwxrwxrwx  1 root root   19  2. Dez 09:29 difaem -> msdfs:linux2\difaem
> lrwxrwxrwx  1 root root   20  2. Dez 09:29 leitung -> msdfs:linux2\leitung
> lrwxrwxrwx  1 root root   30  2. Dez 09:30 programmassistenz ->
> msdfs:linux2\programmassistenz
>
>
> [root at linux2 windows]# getfacl dfs
> # file: dfs
> # owner: root
> # group: root
> user::rwx
> user:root:rwx
> group::r-x
> group:root:r-x
> group:users:r-x
> group:3000002:rwx
> group:DIFAEM\134Domain\040Admins:rwx
> mask::rwx
> other::r-x
> default:user::rwx
> default:user:root:rwx
> default:group::r-x
> default:group:root:r-x
> default:group:users:r-x
> default:group:3000002:rwx
> default:group:DIFAEM\134Domain\040Admins:rwx
> default:mask::rwx
> default:other::r-x
>
>
> On the single shares the users can login without any issue.
> When trying to connect over [dfs] access is denied. Only administrator can
> login the shares!?
>
> What has changed since samba3?
>
> Greetings
> Daniel
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hi there,

I just tested the issue myself. I didn't have any luck replicating it 
unfortunately.

Would it be possible to get a network trace of the isssue? A clear list 
of reproducible steps would be good, just making sure that you haven't 
done anything additional which could be different to what I've done.

We think it may have to do with code in 
rpc_server/srvsvc/srv_srvsvc_nt.c but it would be good to have a trace 
to confirm this.



Cheers,

Garming Sam

More information about the samba mailing list