[Samba] Samba 4.1 DFS Share only access by administrator
Daniel Müller
mueller at tropenklinik.de
Thu Dec 5 00:24:54 MST 2013
How do I start trace?
Here is the output when I try to connect to the dfs on the samba localhost with smbclient.
First administrator:
[root at linux2 ~]# smbclient //localhost/dfs -U 'administrator'
Enter administrator's password:
Domain=[DIFAEM] OS=[Unix] Server=[Samba 4.1.1]
smb: \>
smb: \> ls
. D 0 Mon Dec 2 09:30:01 2013
.. D 0 Wed Dec 4 13:19:59 2013
difaem D 0 Mon Dec 2 09:29:15 2013
leitung D 0 Mon Dec 2 09:29:38 2013
programmassistenz D 0 Mon Dec 2 09:30:01 2013
58585 blocks of size 33553920. 51596 blocks available
smb: \>
smb: \> cd difaem
smb: \difaem\> ls
. D 0 Wed Dec 4 15:16:51 2013
.. D 0 Wed Dec 4 13:19:59 2013
5_Teambesprechungen Difaem D 0 Tue Dec 3 13:42:42 2013
Gapminder_HIV_presentation_v1.exe A 21821912 Wed Jul 14 13:18:32 2010
Jakob D 0 Wed Sep 11 13:08:00 2013
Medien D 0 Wed Dec 4 08:07:17 2013
Sara D 0 Wed Dec 4 08:01:26 201
AS YOU SEE NO PROBLEM AT ALL!!
Now a user:
[root at linux2 ~]# smbclient //localhost/dfs -U 'harter'
Enter harter's password:
Domain=[DIFAEM] OS=[Unix] Server=[Samba 4.1.1]
smb: \>
smb: \> ls
. D 0 Mon Dec 2 09:30:01 2013
.. D 0 Wed Dec 4 13:19:59 2013
difaem D 0 Mon Dec 2 09:29:15 2013
leitung D 0 Mon Dec 2 09:29:38 2013
programmassistenz D 0 Mon Dec 2 09:30:01 2013
58585 blocks of size 33553920. 51596 blocks available
smb: \>
smb: \> cd difaem
cd \difaem\: NT_STATUS_UNSUCCESSFUL
smb: \>
YOU SEE CANNOT CHANGE AND ENTER?????
The same User and the same share without dfs!!!
[root at linux2 ~]# smbclient //localhost/difaem -U 'harter'
Enter harter's password:
Domain=[DIFAEM] OS=[Unix] Server=[Samba 4.1.1]
smb: \>
smb: \> ls
. D 0 Wed Dec 4 15:16:51 2013
.. D 0 Wed Dec 4 13:19:59 2013
5_Teambesprechungen Difaem D 0 Tue Dec 3 13:42:42 2013
Gapminder_HIV_presentation_v1.exe A 21821912 Wed Jul 14 13:18:32 2010
Jakob D 0 Wed Sep 11 13:08:00 2013
Medien D 0 Wed Dec 4 08:07:17 2013
Absolutly strange!!!
This is in /var/log/messages:
Dec 5 08:10:58 linux2 smbd[5859]: ldb: Unable to load modules for /usr/local/samba/private/sam.ldb: Unable to open tdb '/usr/local/samba/private/sam.ldb.d/DC=DIFAEM,DC=LOC.ldb'
Dec 5 08:10:58 linux2 smbd[5859]: [2013/12/05 08:10:58.777538, 0] ../source3/modules/vfs_dfs_samba4.c:81(dfs_samba4_connect)
Dec 5 08:10:58 linux2 smbd[5859]: samdb_connect failed
Dec 5 08:10:58 linux2 smbd[5859]: [2013/12/05 08:10:58.777630, 0] ../source3/smbd/msdfs.c:338(create_conn_struct)
Dec 5 08:10:58 linux2 smbd[5859]: VFS connect failed!
[root at linux2 sam.ldb.d]# ls -la
insgesamt 37008
drwxr-x--- 2 root named 4096 19. Nov 07:34 .
drwxr-xr-x 7 root root 4096 5. Dez 08:12 ..
-rw------- 1 root root 14319616 2. Dez 09:39 CN=CONFIGURATION,DC=DIFAEM,DC=LOC.ldb
-rw------- 1 root root 10391552 19. Nov 07:34 CN=SCHEMA,CN=CONFIGURATION,DC=DIFAEM,DC=LOC.ldb
-rw------- 1 root root 4251648 5. Dez 07:43 DC=DIFAEM,DC=LOC.ldb
-rw-rw---- 2 root named 4251648 4. Dez 12:23 DC=DOMAINDNSZONES,DC=DIFAEM,DC=LOC.ldb
-rw-rw---- 2 root named 4251648 19. Nov 07:34 DC=FORESTDNSZONES,DC=DIFAEM,DC=LOC.ldb
-rw-rw---- 2 root named 421888 5. Dez 07:43 metadata.tdb
Steps I did undertake to establish the dfs share:
Mkdir /windows/dfs
Ln -s msdfs inside /windows/dfs
Wrote the share in /usr/local/samba/etc/smb.conf. Restarted samba. That’s all
No further steps as I would have done with samba 3
Greetings
Daniel
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: Garming Sam [mailto:garming at catalyst.net.nz]
Gesendet: Mittwoch, 4. Dezember 2013 22:39
An: mueller at tropenklinik.de; samba at lists.samba.org
Cc: 'Andrew Bartlett'
Betreff: Re: [Samba] Samba 4.1 DFS Share only access by administrator
On 04/12/13 22:30, Daniel Müller wrote:
> The Error logs when a user try to connect a share linked in dfs:
>
> [2013/12/04 11:12:11.804551, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module samba_dsdb initialization failed : Operations error
> [2013/12/04 11:12:11.804626, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: Unable to load modules for /usr/local/samba/private/sam.ldb:
> Unable to open tdb '/usr/local/samba/private/sam.ldb.d/DC=DIFAEM,DC=LOC.ldb'
> [2013/12/04 11:12:11.804733, 0]
> ../source3/modules/vfs_dfs_samba4.c:81(dfs_samba4_connect)
> samdb_connect failed
> [2013/12/04 11:12:11.804817, 0]
> ../source3/smbd/msdfs.c:338(create_conn_struct)
> VFS connect failed!
> [2013/12/04 11:12:11.806657, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module partition initialization failed : Operations error
> [2013/12/04 11:12:11.806748, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module show_deleted initialization failed : Operations error
> [2013/12/04 11:12:11.806826, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module extended_dn_out_ldb initialization failed : Operations
> error
> [2013/12/04 11:12:11.806900, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module linked_attributes initialization failed : Operations
> error
> [2013/12/04 11:12:11.806982, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module repl_meta_data initialization failed : Operations error
> [2013/12/04 11:12:11.807057, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module subtree_delete initialization failed : Operations error
> [2013/12/04 11:12:11.807133, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module operational initialization failed : Operations error
> [2013/12/04 11:12:11.807205, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module aclread initialization failed : Operations error
> [2013/12/04 11:12:11.807298, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module acl initialization failed : Operations error
> [2013/12/04 11:12:11.807377, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module descriptor initialization failed : Operations error
> [2013/12/04 11:12:11.807448, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module objectclass initialization failed : Operations error
> [2013/12/04 11:12:11.807518, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module asq initialization failed : Operations error
> [2013/12/04 11:12:11.807588, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module server_sort initialization failed : Operations error
> [2013/12/04 11:12:11.807660, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module paged_results initialization failed : Operations error
> [2013/12/04 11:12:11.807730, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module dirsync initialization failed : Operations error
> [2013/12/04 11:12:11.807801, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module schema_load initialization failed : Operations error
> [2013/12/04 11:12:11.807871, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module rootdse initialization failed : Operations error
> [2013/12/04 11:12:11.807941, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: module samba_dsdb initialization failed : Operations error
> [2013/12/04 11:12:11.808031, 0]
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> ldb: Unable to load modules for /usr/local/samba/private/sam.ldb:
> Unable to open tdb '/usr/local/samba/private/sam.ldb.d/DC=DIFAEM,DC=LOC.ldb'
> [2013/12/04 11:12:11.808198, 0]
> ../source3/modules/vfs_dfs_samba4.c:81(dfs_samba4_connect)
> samdb_connect failed
> [2013/12/04 11:12:11.808335, 0]
> ../source3/smbd/msdfs.c:338(create_conn_struct)
> VFS connect failed!
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] Im Auftrag von Daniel Müller
> Gesendet: Mittwoch, 4. Dezember 2013 10:30
> An: samba at lists.samba.org
> Betreff: [Samba] Samba 4.1 DFS Share only access by administrator
>
> Dear all,
>
> I am testeing the dfs functions with Samba4.
> In my global section: host msdfs=yes
> vfs objects = dfs_samba4
> Later on setting a dfs root:
>
> [dfs]
> path = /windows/dfs
> read only = No
> msdfs root = Yes
>
> ls -s the shares in this root.
>
> lrwxrwxrwx 1 root root 19 2. Dez 09:29 difaem -> msdfs:linux2\difaem
> lrwxrwxrwx 1 root root 20 2. Dez 09:29 leitung -> msdfs:linux2\leitung
> lrwxrwxrwx 1 root root 30 2. Dez 09:30 programmassistenz ->
> msdfs:linux2\programmassistenz
>
>
> [root at linux2 windows]# getfacl dfs
> # file: dfs
> # owner: root
> # group: root
> user::rwx
> user:root:rwx
> group::r-x
> group:root:r-x
> group:users:r-x
> group:3000002:rwx
> group:DIFAEM\134Domain\040Admins:rwx
> mask::rwx
> other::r-x
> default:user::rwx
> default:user:root:rwx
> default:group::r-x
> default:group:root:r-x
> default:group:users:r-x
> default:group:3000002:rwx
> default:group:DIFAEM\134Domain\040Admins:rwx
> default:mask::rwx
> default:other::r-x
>
>
> On the single shares the users can login without any issue.
> When trying to connect over [dfs] access is denied. Only administrator
> can login the shares!?
>
> What has changed since samba3?
>
> Greetings
> Daniel
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Hi there,
I just tested the issue myself. I didn't have any luck replicating it unfortunately.
Would it be possible to get a network trace of the isssue? A clear list of reproducible steps would be good, just making sure that you haven't done anything additional which could be different to what I've done.
We think it may have to do with code in rpc_server/srvsvc/srv_srvsvc_nt.c but it would be good to have a trace to confirm this.
Cheers,
Garming Sam
More information about the samba
mailing list