[Samba] [SOLVED] Re: What in samba 4.1 prevents a '/' share?
David C. Rankin
drankinatty at suddenlinkmail.com
Fri Jan 10 21:44:39 MST 2014
On 01/07/2014 09:50 PM, David C. Rankin wrote:
> On 01/07/2014 12:23 AM, David C. Rankin wrote:
>> I have captured tcpdump traffic during the mount attempts and they point to
>> smb issuing the error, but I'm not that great at reading packet contents, so I'm
>> not entirely sure. But basically, after successful AndX session setup (Tree
>> Connect AndX Request, Path: \\phoinix\config), the request for \\phoinix\config
>> is made and it is found successfully by the server, but then the server response
>> with (Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED) The full ASCII
>> dump of the packet dissection for the STATUS_ACCESS_DENIED packet is:
>>
>>
>> No. Time Source Destination Protocol Length Info
>> 25 3.487933 192.168.7.16 192.168.7.124 SMB 105
>> Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED
>
> smb gurus,
>
> I think I have made headway. I pulled another level 10 debug on the connection
> attempt and in summary when from any client machine, I try to connect to the '/'
> share, the share_access.c:237(user_ok_token) for (user david [me]) is ok for
> //phoinix/config, but when samba then attempts the check for user 'root' is
> fails with User root not in 'valid users'. Basically a terse summary of the
> entries on connect with:
>
> mount.cifs //phoinix/config /mnt/phx-cfg/ -v -o
> uid=1000,domain=rlfpllc,credentials=/root/cnf/mountcfile,noperm
>
> [2014/01/07 20:32:58.157111, 5, pid=5405, effective(0, 0), real(0, 0)]
> ../source3/lib/username.c:181(Get_Pwnam_alloc)
> Finding user david
>
> <snip>
>
> [2014/01/07 20:32:58.158932, 10, pid=5405, effective(0, 0), real(0, 0)]
> ../source3/smbd/share_access.c:237(user_ok_token)
> user_ok_token: share config is ok for unix user david
> [2014/01/07 20:32:58.159036, 5, pid=5405, effective(0, 0), real(0, 0)]
> ../source3/lib/username.c:181(Get_Pwnam_alloc)
> Finding user root
>
> <big snip>
>
> [2014/01/07 20:32:58.176304, 10, pid=5405, effective(0, 0), real(0, 0)]
> ../source3/smbd/share_access.c:215(user_ok_token)
> User root not in 'valid users'
>
> <snip>
>
> [2014/01/07 20:32:58.176620, 3, pid=5405, effective(0, 0), real(0, 0)]
> ../source3/smbd/error.c:82(error_packet_set)
> NT error packet at ../source3/smbd/reply.c(952) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
>
> I've put the full log here:
>
> http://www.rlfpllc.com/dl/srv/smb/phoinix-level-10.txt.bz2
>
> If anyone has any suggestions, I would appreciate them. Thanks.
>
I have tested the share incrementally trying without the 'force user' and then
'force group' but I had never removed both at the same time. I just tested that
and BINGO! it works.
Something in 4.1.3 changed such that 'force user = root' or 'force group =
root' causes the mount to fail. Removing those options allows the config share
to be mounted:
[config]
comment = Phoinix Config (Archlinux)
path = /
valid users = david
; force user = root
; force group = root
browseable = no
writeable = Yes
[22:34 providence:/home/david] # mount.cifs //phoinix/config /mnt/phx-cfg/ -v -o
username=david,uid=1000,credentials=/home/david/.dcr/mountcfile
mount.cifs kernel mount options:
ip=192.168.7.16,unc=\\phoinix\config,uid=1000,user=david,pass=********
[22:34 providence:/home/david] # l /mnt/phx-cfg
total 8
<snip>
drwxr-xr-x 4 david root 0 Dec 26 13:02 boot
drwxr-xr-x 58 david david 0 Jan 2 23:51 dat_e
drwxr-xr-x 11 david david 0 Aug 23 2012 dat_f
drwxr-xr-x 17 david root 0 Dec 26 13:05 dev
drwxr-xr-x 71 david root 0 Jan 10 21:01 etc
drwxr-xr-x 14 david root 0 Dec 9 12:17 home
<snip>
[22:34 providence:/home/david] # mount
//phoinix/config on /mnt/phx-cfg type cifs
(rw,relatime,vers=1.0,sec=ntlm,cache=loose,unc=\\phoinix\config,username=david,uid=1000,forceuid,gid=0,noforcegid,addr=192.168.7.16,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1)
Thanks to all that helped, that's what keeps the debug process going. We may
want to drop a note in
http://www.samba.org/samba/docs/using_samba/ch09.html#samba2-CHP-9-SECT-2 (or
somewhere) letting folks know that force user/group = root will cause the mount
to fail in 4.1.3 even though 'invalid users' is not set.
--
David C. Rankin, J.D.,P.E.
More information about the samba
mailing list