[Samba] Samba 3.6.10 not reading groups

Benjamin Huntsman BHuntsman at mail2.cu-portland.edu
Mon Jan 21 11:06:29 MST 2013


Helpp! :)  We didn't catch this in testing and now it's killing me in production!
I'm getting stuck with my fresh build of Samba 3.6.10.  It isn't honoring groups specified in the valid users clause of the share configuration.
I'm running in security = SHARE mode, and user authentication is working just fine.  Even if I specify individual users on the valid users = line, it works.  Just not groups.
Here's my configuration:

# Samba config file created using SWAT
# from UNKNOWN (10.33.224.61)
# Date: 2013/01/21 10:00:00

[global]
	interfaces = 10.33.72.67/22, 127.0.0.1
	bind interfaces only = Yes
	security = SHARE
	encrypt passwords = No
	log level = 3
	os level = 8
	local master = No
	domain master = No
	idmap config * : range = 
	idmap config * : backend = tdb

[testshare]
	path = /testshare
	valid users = +titan, benhu
	read only = No



I'm in the group 'titan' also.  Here's the log I get at log level = 3:


[2013/01/21 10:03:05.928101,  3] param/loadparm.c:9572(lp_load_ex)
  lp_load_ex: refreshing parameters
[2013/01/21 10:03:05.928257,  3] param/loadparm.c:5192(init_globals)
  Initialising global parameters
[2013/01/21 10:03:05.928594,  3] ../lib/util/params.c:550(pm_process)
  params.c:pm_process() - Processing configuration file "/etc/samba-3.6.10/smb.conf"
[2013/01/21 10:03:05.928696,  3] param/loadparm.c:8310(do_section)
  Processing section "[global]"
[2013/01/21 10:03:05.929629,  2] param/loadparm.c:8327(do_section)
  Processing section "[testshare]"
[2013/01/21 10:03:05.929862,  3] param/loadparm.c:6630(lp_add_ipc)
  adding IPC service
[2013/01/21 10:03:05.929926,  1] param/loadparm.c:9670(lp_load_ex)
  WARNING: The security=share option is deprecated
[2013/01/21 10:03:05.930333,  2] lib/interface.c:479(interpret_interface)
  interpret_interface: Adding interface 10.33.72.67/22
[2013/01/21 10:03:05.930401,  2] lib/interface.c:341(add_interface)
  added interface 10.33.72.67/22 ip=10.33.72.67 bcast=10.33.75.255 netmask=255.255.252.0
[2013/01/21 10:03:05.930493,  2] lib/interface.c:341(add_interface)
  added interface lo0 ip=127.0.0.1 bcast=127.242.234.223 netmask=
[2013/01/21 10:03:05.930626,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.33.75.164 (10.33.75.164)
[2013/01/21 10:03:05.930715,  3] smbd/oplock.c:922(init_oplocks)
  init_oplocks: initializing messages.
[2013/01/21 10:03:05.930887,  3] smbd/process.c:1662(process_smb)
  Transaction 0 of length 159 (0 toread)
[2013/01/21 10:03:05.930970,  3] smbd/process.c:1467(switch_message)
  switch message SMBnegprot (pid 7864494) conn 0x0
[2013/01/21 10:03:05.931110,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2013/01/21 10:03:05.931178,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN1.0]
[2013/01/21 10:03:05.931245,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2013/01/21 10:03:05.931313,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LM1.2X002]
[2013/01/21 10:03:05.931379,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN2.1]
[2013/01/21 10:03:05.931445,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [NT LM 0.12]
[2013/01/21 10:03:05.931511,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [SMB 2.002]
[2013/01/21 10:03:05.931577,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [SMB 2.???]
[2013/01/21 10:03:05.931749,  3] smbd/negprot.c:401(reply_nt1)
  not using SPNEGO
[2013/01/21 10:03:05.931811,  3] smbd/negprot.c:704(reply_negprot)
  Selected protocol NT LM 0.12
[2013/01/21 10:03:05.933695,  3] smbd/process.c:1662(process_smb)
  Transaction 1 of length 176 (0 toread)
[2013/01/21 10:03:05.933776,  3] smbd/process.c:1467(switch_message)
  switch message SMBsesssetupX (pid 7864494) conn 0x0
[2013/01/21 10:03:05.933865,  3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
  wct=13 flg2=0xc807
[2013/01/21 10:03:05.933953,  3] smbd/sesssetup.c:1536(reply_sesssetup_and_X)
  Domain=[10.33.72.67]  NativeOS=[] NativeLanMan=[] PrimaryDomain=[null]
[2013/01/21 10:03:05.934049,  2] smbd/sesssetup.c:1279(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/01/21 10:03:05.934111,  3] smbd/sesssetup.c:1552(reply_sesssetup_and_X)
  sesssetupX:name=[10.33.72.67]\[benhu]@[10.33.75.164]
[2013/01/21 10:03:05.934785,  3] smbd/sesssetup.c:151(check_guest_password)
  Got anonymous request
[2013/01/21 10:03:05.934884,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[] with the new password interface
[2013/01/21 10:03:05.934976,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: []\[]@[]
[2013/01/21 10:03:05.935069,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: guest authentication for user [] succeeded
[2013/01/21 10:03:05.935149,  3] smbd/process.c:1467(switch_message)
  switch message SMBtconX (pid 7864494) conn 0x0
[2013/01/21 10:03:05.935249,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.33.75.164 (10.33.75.164)
[2013/01/21 10:03:05.935974,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[benhu]@[10.33.75.164] with the new password interface
[2013/01/21 10:03:05.936047,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [SYSTST]\[benhu]@[10.33.75.164]
[2013/01/21 10:03:05.948794,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for benhu
[2013/01/21 10:03:05.951568,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: unix authentication for user [benhu] succeeded
[2013/01/21 10:03:05.951650,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [benhu] -> [benhu] -> [benhu] succeeded
[2013/01/21 10:03:05.951730,  3] smbd/password.c:651(authorise_login)
  authorise_login: ACCEPTED: session list username (benhu) and given password ok
[2013/01/21 10:03:05.952894,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for benhu
[2013/01/21 10:03:05.956892,  3] auth/token_util.c:438(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 10:03:05.957049,  3] auth/token_util.c:469(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 10:03:05.958295,  3] smbd/service.c:872(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2013/01/21 10:03:05.958395,  3] smbd/vfs.c:102(vfs_init_default)
  Initialising default vfs hooks
[2013/01/21 10:03:05.958465,  3] smbd/vfs.c:128(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2013/01/21 10:03:05.958716,  3] smbd/service.c:1114(make_connection_snum)
  10.33.75.164 (10.33.75.164) connect to service IPC$ initially as user benhu (uid=1565, gid=209) (pid 7864494)
[2013/01/21 10:03:05.958815,  3] smbd/reply.c:871(reply_tcon_and_X)
  tconX service=IPC$
[2013/01/21 10:03:05.959471,  3] smbd/process.c:1662(process_smb)
  Transaction 2 of length 120 (0 toread)
[2013/01/21 10:03:05.959542,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x1100e4e80
[2013/01/21 10:03:05.959670,  3] smbd/msdfs.c:891(get_referred_path)
  get_referred_path: |testshare| in dfs path \10.33.72.67\testshare is not a dfs root.
[2013/01/21 10:03:05.959741,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/trans2.c(8361) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2013/01/21 10:03:05.962326,  3] smbd/process.c:1662(process_smb)
  Transaction 3 of length 186 (0 toread)
[2013/01/21 10:03:05.962398,  3] smbd/process.c:1467(switch_message)
  switch message SMBsesssetupX (pid 7864494) conn 0x0
[2013/01/21 10:03:05.962483,  3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
  wct=13 flg2=0xc807
[2013/01/21 10:03:05.962545,  3] smbd/sesssetup.c:1536(reply_sesssetup_and_X)
  Domain=[10.33.72.67]  NativeOS=[] NativeLanMan=[] PrimaryDomain=[null]
[2013/01/21 10:03:05.962614,  3] smbd/sesssetup.c:1552(reply_sesssetup_and_X)
  sesssetupX:name=[10.33.72.67]\[benhu]@[10.33.75.164]
[2013/01/21 10:03:05.962719,  3] smbd/sesssetup.c:151(check_guest_password)
  Got anonymous request
[2013/01/21 10:03:05.962780,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[] with the new password interface
[2013/01/21 10:03:05.962848,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: []\[]@[]
[2013/01/21 10:03:05.962940,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: guest authentication for user [] succeeded
[2013/01/21 10:03:05.963071,  3] smbd/process.c:1467(switch_message)
  switch message SMBtconX (pid 7864494) conn 0x0
[2013/01/21 10:03:05.963157,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.33.75.164 (10.33.75.164)
[2013/01/21 10:03:05.967502,  3] auth/token_util.c:438(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 10:03:05.967656,  3] auth/token_util.c:469(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 10:03:05.968310,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[benhu]@[10.33.75.164] with the new password interface
[2013/01/21 10:03:05.968379,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [SYSTST]\[benhu]@[10.33.75.164]
[2013/01/21 10:03:05.976557,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for benhu
[2013/01/21 10:03:05.977926,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: unix authentication for user [benhu] succeeded
[2013/01/21 10:03:05.978017,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [benhu] -> [benhu] -> [benhu] succeeded
[2013/01/21 10:03:05.978134,  3] smbd/password.c:651(authorise_login)
  authorise_login: ACCEPTED: session list username (benhu) and given password ok
[2013/01/21 10:03:05.981886,  3] auth/token_util.c:438(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 10:03:05.982053,  3] auth/token_util.c:469(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 10:03:05.983692,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for benhu
[2013/01/21 10:03:05.987681,  3] auth/token_util.c:438(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 10:03:05.987854,  3] auth/token_util.c:469(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 10:03:05.989120,  3] smbd/service.c:872(make_connection_snum)
  Connect path is '/testshare' for service [testshare]
[2013/01/21 10:03:05.989216,  3] smbd/vfs.c:102(vfs_init_default)
  Initialising default vfs hooks
[2013/01/21 10:03:05.989276,  3] smbd/vfs.c:128(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2013/01/21 10:03:05.989456,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID +titan is not in a valid format
[2013/01/21 10:03:05.991388,  1] smbd/service.c:1114(make_connection_snum)
  10.33.75.164 (10.33.75.164) connect to service testshare initially as user benhu (uid=1565, gid=209) (pid 7864494)
[2013/01/21 10:03:05.991490,  3] smbd/reply.c:871(reply_tcon_and_X)
  tconX service=TESTSHARE
[2013/01/21 10:03:06.032066,  3] smbd/process.c:1662(process_smb)
  Transaction 4 of length 80 (0 toread)
[2013/01/21 10:03:06.032151,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.032236,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID +titan is not in a valid format
[2013/01/21 10:03:06.034067,  3] smbd/trans2.c:5132(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2013/01/21 10:03:06.034151,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/testshare]
[2013/01/21 10:03:06.034298,  3] smbd/vfs.c:1039(check_reduced_name)
  check_reduced_name: . reduced to /testshare
[2013/01/21 10:03:06.034441,  3] smbd/trans2.c:5276(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0
[2013/01/21 10:03:06.034988,  3] smbd/process.c:1662(process_smb)
  Transaction 5 of length 80 (0 toread)
[2013/01/21 10:03:06.035067,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.035145,  3] smbd/trans2.c:5132(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005
[2013/01/21 10:03:06.035238,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/testshare]
[2013/01/21 10:03:06.035361,  3] smbd/vfs.c:1039(check_reduced_name)
  check_reduced_name: . reduced to /testshare
[2013/01/21 10:03:06.035464,  3] smbd/trans2.c:5276(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo . (fnum = -1) level=1005 call=5 total_data=0
[2013/01/21 10:03:06.093940,  3] smbd/process.c:1662(process_smb)
  Transaction 6 of length 92 (0 toread)
[2013/01/21 10:03:06.094021,  3] smbd/process.c:1467(switch_message)
  switch message SMBntcreateX (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.094107,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/testshare]
[2013/01/21 10:03:06.094230,  3] smbd/vfs.c:1039(check_reduced_name)
  check_reduced_name: . reduced to /testshare
[2013/01/21 10:03:06.095384,  3] smbd/process.c:1662(process_smb)
  Transaction 7 of length 88 (0 toread)
[2013/01/21 10:03:06.095465,  3] smbd/process.c:1467(switch_message)
  switch message SMBnttrans (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.095546,  3] smbd/nttrans.c:1745(call_nt_transact_notify_change)
  call_nt_transact_notify_change
[2013/01/21 10:03:06.095614,  3] smbd/nttrans.c:1762(call_nt_transact_notify_change)
  call_nt_transact_notify_change: notify change called on ., filter = FILE_NAME|DIR_NAME|ATTRIBUTES|LAST_WRITE, recursive = 0
[2013/01/21 10:03:06.109695,  3] smbd/process.c:1662(process_smb)
  Transaction 8 of length 114 (0 toread)
[2013/01/21 10:03:06.109766,  3] smbd/process.c:1467(switch_message)
  switch message SMBntcreateX (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.109883,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [desktop.ini] [/testshare]
[2013/01/21 10:03:06.110011,  3] smbd/vfs.c:1039(check_reduced_name)
  check_reduced_name: desktop.ini reduced to /testshare/desktop.ini
[2013/01/21 10:03:06.110095,  3] smbd/dosmode.c:159(unix_mode)
  unix_mode(desktop.ini) returning 0744
[2013/01/21 10:03:06.110166,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND
[2013/01/21 10:03:06.110960,  3] smbd/process.c:1662(process_smb)
  Transaction 9 of length 92 (0 toread)
[2013/01/21 10:03:06.111030,  3] smbd/process.c:1467(switch_message)
  switch message SMBntcreateX (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.111105,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/testshare]
[2013/01/21 10:03:06.111218,  3] smbd/vfs.c:1039(check_reduced_name)
  check_reduced_name: . reduced to /testshare
[2013/01/21 10:03:06.111310,  3] smbd/dosmode.c:159(unix_mode)
  unix_mode(.) returning 0744
[2013/01/21 10:03:06.112283,  3] smbd/process.c:1662(process_smb)
  Transaction 10 of length 90 (0 toread)
[2013/01/21 10:03:06.112354,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.112441,  3] smbd/trans2.c:2286(call_trans2findfirst)
  call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384
[2013/01/21 10:03:06.112539,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [*] [/testshare]
[2013/01/21 10:03:06.112692,  3] smbd/vfs.c:1039(check_reduced_name)
  check_reduced_name: * reduced to /testshare/*
[2013/01/21 10:03:06.112758,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/testshare]
[2013/01/21 10:03:06.112869,  3] smbd/vfs.c:1039(check_reduced_name)
  check_reduced_name: . reduced to /testshare
[2013/01/21 10:03:06.112947,  3] smbd/dir.c:578(dptr_create)
  creating new dirptr 256 for path ., expect_close = 1
[2013/01/21 10:03:06.113060,  3] smbd/dir.c:1041(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry mask=[*] found ./. fname=. (.)
[2013/01/21 10:03:06.113152,  3] smbd/dir.c:1041(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry mask=[*] found ./.. fname=.. (..)
[2013/01/21 10:03:06.113256,  3] smbd/dir.c:1041(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry mask=[*] found ./test.txt.txt fname=test.txt.txt (test.txt.txt)
[2013/01/21 10:03:06.143574,  3] smbd/process.c:1662(process_smb)
  Transaction 11 of length 45 (0 toread)
[2013/01/21 10:03:06.143648,  3] smbd/process.c:1467(switch_message)
  switch message SMBclose (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.143723,  3] smbd/reply.c:4838(reply_close)
  close directory fnum=4727
[2013/01/21 10:03:06.150454,  3] smbd/process.c:1662(process_smb)
  Transaction 12 of length 74 (0 toread)
[2013/01/21 10:03:06.150526,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.150600,  3] smbd/trans2.c:3507(call_trans2qfsinfo)
  call_trans2qfsinfo: level = 258
[2013/01/21 10:03:06.150664,  3] smbd/trans2.c:2945(smbd_do_qfsinfo)
  smbd_do_qfsinfo: level = 258
[2013/01/21 10:03:06.153361,  3] smbd/process.c:1662(process_smb)
  Transaction 13 of length 74 (0 toread)
[2013/01/21 10:03:06.153434,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.153507,  3] smbd/trans2.c:3507(call_trans2qfsinfo)
  call_trans2qfsinfo: level = 261
[2013/01/21 10:03:06.153569,  3] smbd/trans2.c:2945(smbd_do_qfsinfo)
  smbd_do_qfsinfo: level = 261
[2013/01/21 10:03:06.157939,  3] smbd/process.c:1662(process_smb)
  Transaction 14 of length 120 (0 toread)
[2013/01/21 10:03:06.158011,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x1100e4e80
[2013/01/21 10:03:06.158149,  3] smbd/msdfs.c:891(get_referred_path)
  get_referred_path: |testshare| in dfs path \10.33.72.67\testshare is not a dfs root.
[2013/01/21 10:03:06.158216,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/trans2.c(8361) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2013/01/21 10:03:06.370869,  3] smbd/process.c:1662(process_smb)
  Transaction 15 of length 76 (0 toread)
[2013/01/21 10:03:06.370947,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x1100e4e80
[2013/01/21 10:03:06.371024,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/trans2.c(4163) cmd=50 (SMBtrans2) NT_STATUS_INVALID_HANDLE
[2013/01/21 10:03:06.372007,  3] smbd/process.c:1662(process_smb)
  Transaction 16 of length 76 (0 toread)
[2013/01/21 10:03:06.372078,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x1100e4e80
[2013/01/21 10:03:06.372157,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/trans2.c(4163) cmd=50 (SMBtrans2) NT_STATUS_INVALID_HANDLE
[2013/01/21 10:03:06.373679,  3] smbd/process.c:1662(process_smb)
  Transaction 17 of length 104 (0 toread)
[2013/01/21 10:03:06.373751,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans (pid 7864494) conn 0x1100e4e80
[2013/01/21 10:03:06.373827,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\MsFteWds> data=0 params=0 setup=2
[2013/01/21 10:03:06.373904,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <MsFteWds> name
[2013/01/21 10:03:06.373960,  3] smbd/ipc.c:546(named_pipe)
  unknown named pipe: setup 0x53 setup1=0
[2013/01/21 10:03:06.374019,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/ipc.c(548) cmd=37 (SMBtrans) NT_STATUS_NOT_SUPPORTED
[2013/01/21 10:03:06.592788,  3] smbd/process.c:1662(process_smb)
  Transaction 18 of length 74 (0 toread)
[2013/01/21 10:03:06.592863,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.592942,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID +titan is not in a valid format
[2013/01/21 10:03:06.594859,  3] smbd/trans2.c:3507(call_trans2qfsinfo)
  call_trans2qfsinfo: level = 1007
[2013/01/21 10:03:06.594927,  3] smbd/trans2.c:2945(smbd_do_qfsinfo)
  smbd_do_qfsinfo: level = 1007
[2013/01/21 10:03:06.600923,  3] smbd/process.c:1662(process_smb)
  Transaction 19 of length 74 (0 toread)
[2013/01/21 10:03:06.600998,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 7864494) conn 0x110141960
[2013/01/21 10:03:06.601072,  3] smbd/trans2.c:3507(call_trans2qfsinfo)
  call_trans2qfsinfo: level = 1007
[2013/01/21 10:03:06.601155,  3] smbd/trans2.c:2945(smbd_do_qfsinfo)
  smbd_do_qfsinfo: level = 1007



The part that really stands out to me is:

[2013/01/21 09:48:54.517801,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID +titan is not in a valid format


Why isn't it honoring group membership?  


If I remove the username, and just leave '+titan', here's the log output when I connect, and it fails to mount:

[2013/01/21 09:53:26.955993,  3] param/loadparm.c:9572(lp_load_ex)
  lp_load_ex: refreshing parameters
[2013/01/21 09:53:26.956152,  3] param/loadparm.c:5192(init_globals)
  Initialising global parameters
[2013/01/21 09:53:26.956493,  3] ../lib/util/params.c:550(pm_process)
  params.c:pm_process() - Processing configuration file "/etc/samba-3.6.10/smb.conf"
[2013/01/21 09:53:26.956592,  3] param/loadparm.c:8310(do_section)
  Processing section "[global]"
[2013/01/21 09:53:26.957512,  2] param/loadparm.c:8327(do_section)
  Processing section "[testshare]"
[2013/01/21 09:53:26.957744,  3] param/loadparm.c:6630(lp_add_ipc)
  adding IPC service
[2013/01/21 09:53:26.957809,  1] param/loadparm.c:9670(lp_load_ex)
  WARNING: The security=share option is deprecated
[2013/01/21 09:53:26.958227,  2] lib/interface.c:479(interpret_interface)
  interpret_interface: Adding interface 10.33.72.67/22
[2013/01/21 09:53:26.958297,  2] lib/interface.c:341(add_interface)
  added interface 10.33.72.67/22 ip=10.33.72.67 bcast=10.33.75.255 netmask=255.255.252.0
[2013/01/21 09:53:26.958389,  2] lib/interface.c:341(add_interface)
  added interface lo0 ip=127.0.0.1 bcast=127.242.234.223 netmask=
[2013/01/21 09:53:26.958520,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.33.75.164 (10.33.75.164)
[2013/01/21 09:53:26.958610,  3] smbd/oplock.c:922(init_oplocks)
  init_oplocks: initializing messages.
[2013/01/21 09:53:26.958798,  3] smbd/process.c:1662(process_smb)
  Transaction 0 of length 159 (0 toread)
[2013/01/21 09:53:26.958881,  3] smbd/process.c:1467(switch_message)
  switch message SMBnegprot (pid 13041834) conn 0x0
[2013/01/21 09:53:26.959025,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2013/01/21 09:53:26.959104,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN1.0]
[2013/01/21 09:53:26.959171,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2013/01/21 09:53:26.959239,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LM1.2X002]
[2013/01/21 09:53:26.959325,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN2.1]
[2013/01/21 09:53:26.959392,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [NT LM 0.12]
[2013/01/21 09:53:26.959458,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [SMB 2.002]
[2013/01/21 09:53:26.959524,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [SMB 2.???]
[2013/01/21 09:53:26.959700,  3] smbd/negprot.c:401(reply_nt1)
  not using SPNEGO
[2013/01/21 09:53:26.959762,  3] smbd/negprot.c:704(reply_negprot)
  Selected protocol NT LM 0.12
[2013/01/21 09:53:26.961380,  3] smbd/process.c:1662(process_smb)
  Transaction 1 of length 186 (0 toread)
[2013/01/21 09:53:26.961462,  3] smbd/process.c:1467(switch_message)
  switch message SMBsesssetupX (pid 13041834) conn 0x0
[2013/01/21 09:53:26.961553,  3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
  wct=13 flg2=0xc807
[2013/01/21 09:53:26.961643,  3] smbd/sesssetup.c:1536(reply_sesssetup_and_X)
  Domain=[10.33.72.67]  NativeOS=[] NativeLanMan=[] PrimaryDomain=[null]
[2013/01/21 09:53:26.961727,  2] smbd/sesssetup.c:1279(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/01/21 09:53:26.961788,  3] smbd/sesssetup.c:1552(reply_sesssetup_and_X)
  sesssetupX:name=[10.33.72.67]\[benhu]@[10.33.75.164]
[2013/01/21 09:53:26.962499,  3] smbd/sesssetup.c:151(check_guest_password)
  Got anonymous request
[2013/01/21 09:53:26.962599,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[] with the new password interface
[2013/01/21 09:53:26.962671,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: []\[]@[]
[2013/01/21 09:53:26.962761,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: guest authentication for user [] succeeded
[2013/01/21 09:53:26.962842,  3] smbd/process.c:1467(switch_message)
  switch message SMBtconX (pid 13041834) conn 0x0
[2013/01/21 09:53:26.962939,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.33.75.164 (10.33.75.164)
[2013/01/21 09:53:26.970553,  3] auth/token_util.c:438(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 09:53:26.970713,  3] auth/token_util.c:469(finalize_local_nt_token)
  Failed to fetch domain sid for WORKGROUP
[2013/01/21 09:53:26.971217,  2] smbd/service.c:655(create_connection_session_info)
  Invalid username/password for [testshare]
[2013/01/21 09:53:26.971278,  1] smbd/service.c:805(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_WRONG_PASSWORD
[2013/01/21 09:53:26.971359,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_WRONG_PASSWORD



I really need it to be able to secure shares by local OS groups.  This worked on our older version of Samba 3.0
Many thanks in advance...

-Ben



More information about the samba mailing list