[Samba] Bug found in Samba 4 ?

Ricky Nance ricky.nance at gmail.com
Wed Dec 31 09:19:46 MST 2014 

On Wed, Dec 31, 2014 at 3:02 AM, Denis BUCHER <dbucherml at hsolutions.ch>
wrote:

>  Le 29.12.2014 20:46, Ricky Nance a écrit :
>
>
> On Sat, Dec 27, 2014 at 8:39 AM, Denis BUCHER <dbucherml at hsolutions.ch>
> wrote:
>
>>  Dear Ricky,
>>
>> Yes, in my original post, below, I gave some details about smb.conf, but
>> to summarize:
>>
>>     - I am using Samba 4.1.11.
>>       -  server role = classic primary domain controller
>>       -  domain logons = yes
>>       -  domain master = yes
>>
>>
>>    - When I define a fixed-name as logon script in smb.conf, it works :
>>    -  logon script = employee.bat
>>    - But if I try either %g.bat or %G.bat, or even "%G.bat", it doesn't
>>    work :
>>
>>
>>    -  logon script = %g.bat
>>    -  logon script = %G.bat
>>    -  logon script = "%G.bat"
>>
>> I can give more details, now:
>>
>>    -
>>
>>    I tried this, which proves that while only %U is working, all others (%G, %g, %u) are broken :
>>    logon script = %G%g%U%u.bat
>>    And the associated logs :
>>
>>    [2014/12/26 10:58:44.958812,  5] ../source3/smbd/filename.c:258(unix_convert)
>>      unix_convert called on file "%G%gdbucher%u.bat"
>>    [2014/12/26 10:58:44.958863,  5] ../source3/smbd/filename.c:421(unix_convert)
>>      unix_convert begin: name = %G%gdbucher%u.bat, dirpath = , start = %G%gdbucher%u.bat
>>    [2014/12/26 10:58:44.958956,  5] ../source3/smbd/filename.c:816(unix_convert)
>>      New file %G%gdbucher%u.bat
>>    [2014/12/26 10:58:44.959002,  3] ../source3/smbd/vfs.c:1137(check_reduced_name)
>>      check_reduced_name [%G%gdbucher%u.bat] [/data/shares/netlogon]
>>    [2014/12/26 10:58:44.959052,  3] ../source3/smbd/vfs.c:1267(check_reduced_name)
>>      check_reduced_name: %G%gdbucher%u.bat reduced to /data/shares/netlogon/%G%gdbucher%u.bat
>>    [2014/12/26 10:58:44.959106,  5] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
>>      check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb
>>    [2014/12/26 10:58:44.959185,  5] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
>>      release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb
>>    [2014/12/26 10:58:44.959230,  5] ../source3/smbd/files.c:128(file_new)
>>      allocated file structure fnum 491426714 (5 used)
>>    [2014/12/26 10:58:44.959276,  3] ../source3/smbd/dosmode.c:163(unix_mode)
>>      unix_mode(%G%gdbucher%u.bat) returning 0744
>>
>>
>> Denis
>>
>> Le 26.12.2014 23:41, Ricky Nance a écrit :
>>
>> Sorry for not replying earlier Dennis, but its been a bit crazy the last
>> week or two with the holidays. Can you explain more about your
>> configuration setup (smb.conf would be handy)?
>>
>> Thanks,
>> Ricky
>>
>>
>> On Fri, Dec 26, 2014 at 3:13 AM, Denis BUCHER <dbucherml at hsolutions.ch>
>> wrote:
>>
>>>
>>>
>>> Dear all,
>>>
>>> As nobody seems to know what the problem could be, I think it must be an
>>> important bug in Samba 4 that "forget" to replace %G or %g with the
>>> group name.
>>>
>>> Could someone confirm that it is a bug and that I should fill one, in
>>> samba bugzilla ?
>>>
>>> Thank you very much,
>>>
>>> Denis
>>>
>>> -------- Message original --------
>>>
>>>                 OBJET:
>>>                 Re: [Samba] Samba "%G" replacement not working in "Logon
>>> script" ?
>>>
>>>                 DATE:
>>>                 24.12.2014 00:33
>>>
>>>                 DE:
>>>                 Denis BUCHER <dbucherml at hsolutions.ch>
>>>
>>>                 À:
>>>                 samba at lists.samba.org
>>>
>>> Dear all,
>>>
>>> Do you think I should fill a bug report about this problem or does
>>> someone has experienced the same problem ?
>>>
>>> Thanks a lot for any help :-)
>>>
>>> Denis
>>>
>>> Le 21.12.2014 02:06, Denis BUCHER a écrit :
>>>
>>> > P. S. I tried to display %ACCOUNTNAME% and %WORKGROUP% in cmd.exe on a
>>> logged PC (User in domain, roaming profile) but both values were unset :
>>> >
>>> >> echo %ACCOUNTNAME% %ACCOUNTNAME%
>>> > Denis Le 21.12.2014 01:25, Denis BUCHER a écrit :
>>> >
>>> >> Dear Ricky, Thanks a lot for your answer. But I still have two
>>> problems: 1. I am not using samba as AD DC but as PDC. 2. What I would need
>>> is the primary group... Do you thinks %WORKGROUP% could work ? 3. And
>>> should I use %WORKGROUP% in smb.conf or in batch login script... Thanks a
>>> lot in advance for your help... Denis Le 18.12.2014 21:58, Ricky Nance a
>>> écrit : Dennis, if you are running samba as an AD DC, you will need to use
>>> the new variable names %ACCOUNTNAME% and %WORKGROUP%. Ricky On Tue, Dec 16,
>>> 2014 at 1:23 PM, Denis BUCHER <dbucherml at hsolutions.ch>wrote: Dear all,
>>> I experience now a strange bug with Samba 4.1.11 : When I define a
>>> fixed-name as logon script in smb.conf, it works : logon script =
>>> employee.bat But if I try either %g.bat or %G.bat, or even "%G.bat", it
>>> doesn't work : * logon script = %g.bat * logon script = %G.bat * logon
>>> script = "%G.bat" In the logs, there was a message showing that Samba was
>>> trying to open the "%G.bat" file and that the file was no
>>>
>>> t found
>>> on the disk. (Of course) Denis P.S. Logfiles: [2014/11/21
>>> 20:53:36.616573, 5] ../source3/smbd/filename.c:258(unix_convert)
>>> unix_convert called on file "%g.bat" [2014/11/21 20:53:36.616622, 5]
>>> ../source3/smbd/filename.c:421(unix_convert) unix_convert begin: name =
>>> %g.bat, dirpath = , start = %g.bat [2014/11/21 20:53:36.616705, 5]
>>>
>>> > ../source3/smbd/filename.c:816(unix_convert) New file %g.bat
>>> [2014/11/21 20:53:36.616747, 3]
>>> ../source3/smbd/vfs.c:1137(check_reduced_name) check_reduced_name [%g.bat]
>>> [/data/shares/netlogon] [2014/11/21 20:53:36.616794, 3]
>>> ../source3/smbd/vfs.c:1267(check_reduced_name) check_reduced_name: %g.bat
>>> reduced to /data/shares/netlogon/%g.bat [2014/11/21 20:53:36.616838, 5]
>>> ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for
>>> /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 20:53:36.616906, 5]
>>> ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock
>>> order 1 for /var/run/samba/smbXsrv_open_global.tdb [2014/11/21
>>> 20:53:36.616950, 5] ../source3/smbd/files.c:128(file_new) allocated file
>>> structure fnum 2158460712 (2 used) [2014/11/21 20:53:36.616995, 3]
>>> ../source3/smbd/dosmode.c:163(unix_mode) unix_mode(%g.bat) returning 0744
>>> [2014/11/21 20:53:36.617034, 5]
>>> ../source3/smbd/open.c:2168(open_file_ntcreate) open_file_ntcreate:
>>> FILE_OPEN requested
>>>
>>> f
>>>
>>> > or file %g.bat and file doesn't exist. -- To unsubscribe from this
>>> list go to the following URL and read the instructions:
>>> https://lists.samba.org/mailman/options/samba [1] [1] [1] [1] Links:
>>> ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] [1]
>>> Links: ------ [1] https://lists.samba.org/mailman/options/samba [1] [1]
>>>
>>> Links:
>>> ------
>>> [1] https://lists.samba.org/mailman/options/samba [1]
>>>
>>>
>>>
>>> Links:
>>> ------
>>> [1] https://lists.samba.org/mailman/options/samba
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>>
>>
>
>
> Denis,
>
> Can you provide us with either a full smb.conf or at a minimum the
> [global] section, you can mask the names and ip's if you need to. I am
> interested in the backend as well as a couple of other things.
>
> Ricky
>
>
>
> Dear Ricky,
>
> Yes of course !
>
> I just replaced domainname, servername and ourdomain.
>
> [global]
> log level = 2
> workgroup = DOMAINNAME
> netbios name = SERVERNAME
> wins support = yes
> dns proxy = no
> interfaces = 127.0.0.0/8 eth0
> bind interfaces only = yes
> allow insecure wide links = yes
> wide links = yes
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> server role = classic primary domain controller
> security = user
> domain logons = yes
> domain master = yes
> local master = yes
> preferred master = yes
> os level = 255
> remote announce = 172.16.7.255/domainname
> passdb backend = ldapsam:ldap://172.16.1.232
> ldap suffix = dc=ourdomain,dc=ch
> ldap machine suffix = ou=machines
> ldap user suffix = ou=users
> ldap group suffix = ou=groups
> ldap admin dn = cn=admin,dc=ourdomain,dc=ch
> ldap delete dn = no
> ldap ssl = no
> obey pam restrictions = yes
> unix password sync = no
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
> %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
> map to guest = bad user
> map acl inherit = yes
> logon path = \\servername\profiles
> logon home = \\servername\profiles
> logon drive = Z:
> logon script = employees.bat
>
> [netlogon]
> comment = Network Logon Service
> path = /data/shares/netlogon
> guest ok = no
> read only = yes
> writeable = no
> browseable = no
>
> Denis
>
>
>
>


Ok, can you also show us your /etc/nsswitch.conf as well.

Thanks,
Ricky

More information about the samba mailing list