[Samba] winbind bug?

Doug Tucker tuckerd at lyle.smu.edu
Wed Mar 26 15:31:11 MDT 2014


OK, I have isolated it.  And it is related to the unix id number.  I've 
googled and I can't find anything.  Is there a limitation in winbind or 
bug maybe?  Any unix user with a unix id greater than 11000 cannot map 
their own home directories on windows 7.  To verify it wasn't some 
anomaly, I took a user that could map their home that had a unix id of 
3033.  I then changed the id to 15367 (changed permissions on the unix 
side to match) and wallah, same issue.  The user could no longer map 
their home directory.  I have about 2000 or so unix id's that are 
affected (though many don't map drives).

Sincerely,

Doug Tucker

On 03/25/2014 04:44 PM, Doug Tucker wrote:
> No responses so far.  I'm really trying to find something that will 
> give someone a clue.  The *only* thing I can find common to the users 
> that don't work on windows 7 is their unix id is > 11000.  No idea why 
> or even what to look for but it is the only common thing I can find 
> with them.  Hoping this sets a light bulb off with someone or I'm 
> going to have to roll back to 3.033.
>
> Sincerely,
>
> Doug Tucker
>
> On 03/25/2014 10:11 AM, Doug Tucker wrote:
>> Follow up with more info that just confuses things for me more.  I 
>> chmod'd the user directory for one of the few getting the permission 
>> denied issue from the standard 700 to 777 just to create a file and 
>> see what it wrote as.  I was thinking maybe it was not mapping the 
>> user correctly somehow and the write would show up as a user other 
>> than who the person was. I was wrong.  The user can then map their 
>> home directory without getting the permission denied after passing 
>> authentication, but when they write a file to it, the file is written 
>> with the proper permissions.  Any ideas?  I don't even know where to 
>> go from here.
>>
>> Sincerely,
>>
>> Doug Tucker
>>
>> On 03/24/2014 05:34 PM, Doug Tucker wrote:
>>> Very odd issue.  Transitioning over to a new samba 3.6.9 (from 
>>> 3.0.33) server.  Majority of the users are ok, but a handful of 
>>> users cannot map their home directories from windows7 clients. 
>>> Logged into XP their homes map fine. They pass authentication:
>>>
>>> (log snippet)
>>>
>>> [2014/03/24 17:20:43.277337,  3] auth/auth.c:219(check_ntlm_password)
>>>   check_ntlm_password:  Checking password for unmapped user 
>>> [ourdomain]\[hisusername]@[WIN7-VM] with the new password interface
>>> [2014/03/24 17:20:43.277439,  3] auth/auth.c:222(check_ntlm_password)
>>>   check_ntlm_password:  mapped user is: 
>>> [ourdomain]\[hisusername]@[WIN7-VM]
>>> [2014/03/24 17:20:43.290082,  3] auth/user_util.c:402(map_username)
>>>   Mapped user ourdomain+hisusername to hisusername
>>> [2014/03/24 17:20:43.294187,  3] auth/auth.c:268(check_ntlm_password)
>>>   check_ntlm_password: winbind authentication for user [hisusername] 
>>> succeeded
>>> [2014/03/24 17:20:43.294226,  2] auth/auth.c:309(check_ntlm_password)
>>>   check_ntlm_password:  authentication for user [hisusername] -> 
>>> [hisusername] -> [hisusername] succeeded
>>> [2014/03/24 17:20:45.562177,  3] 
>>> ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init)
>>>   NTLMSSP Sign/Seal - Initialising with flags:
>>> [2014/03/24 17:20:45.562246,  3] 
>>> ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
>>>   Got NTLMSSP neg_flags=0xe2088215
>>> [2014/03/24 17:20:45.562296,  3] 
>>> smbd/password.c:298(register_existing_vuid)
>>>   register_existing_vuid: User name: hisusername    Real name:
>>> [2014/03/24 17:20:45.562328,  3] 
>>> smbd/password.c:308(register_existing_vuid)
>>>   register_existing_vuid: UNIX uid 11333 is UNIX user hisusername, 
>>> and will be vuid 100
>>> [2014/03/24 17:20:45.562441,  3] 
>>> smbd/password.c:238(register_homes_share)
>>>   Adding homes service for user 'hisusername' using home directory: 
>>> '/users5/volume1/hisusername'
>>> [2014/03/24 17:20:45.562497,  3] param/loadparm.c:6582(lp_add_home)
>>>   adding home's share [hisusername] for user 'hisusername' at 
>>> '/users5/volume1/hisusername'
>>> [2014/03/24 17:20:45.564318,  3] smbd/process.c:1662(process_smb)
>>>   Transaction 3 of length 118 (0 toread)
>>> [2014/03/24 17:20:45.564453,  3] smbd/process.c:1467(switch_message)
>>>   switch message SMBtconX (pid 18333) conn 0x0
>>> [2014/03/24 17:20:45.564494,  3] lib/access.c:338(allow_access)
>>>   Allowed connection from 129.119.103.59 (129.119.103.59)
>>> [2014/03/24 17:20:45.564527,  3] 
>>> ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
>>>   string_to_sid: SID root is not in a valid format
>>> [2014/03/24 17:20:45.565103,  3] 
>>> smbd/service.c:872(make_connection_snum)
>>>   Connect path is '/users5/volume1/hisusername' for service 
>>> [hisusername]
>>> [2014/03/24 17:20:45.565243,  3] smbd/vfs.c:102(vfs_init_default)
>>>   Initialising default vfs hooks
>>> [2014/03/24 17:20:45.565295,  3] smbd/vfs.c:128(vfs_init_custom)
>>>   Initialising custom vfs hooks from [/[Default VFS]/]
>>> [2014/03/24 17:20:45.566128,  3] 
>>> ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
>>>   string_to_sid: SID root is not in a valid format
>>>
>>> But then as it tries to display the folder in windows explorer it 
>>> shows "access denied" and then this in the logs:
>>>
>>> [2014/03/24 17:20:45.740588,  3] smbd/process.c:1467(switch_message)
>>>   switch message SMBntcreateX (pid 18333) conn 0x7f14235b5490
>>> [2014/03/24 17:20:45.740715,  3] smbd/error.c:81(error_packet_set)
>>>   error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) 
>>> NT_STATUS_ACCESS_DENIED
>>> [2014/03/24 17:20:45.747582,  3] smbd/process.c:1662(process_smb)
>>>   Transaction 7 of length 114 (0 toread)
>>> [2014/03/24 17:20:45.747659,  3] smbd/process.c:1467(switch_message)
>>>   switch message SMBntcreateX (pid 18333) conn 0x7f14235b5490
>>> [2014/03/24 17:20:45.747758,  3] smbd/dosmode.c:159(unix_mode)
>>>   unix_mode(desktop.ini) returning 0744
>>> [2014/03/24 17:20:45.747790,  3] smbd/error.c:81(error_packet_set)
>>>   error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) 
>>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>>> [2014/03/24 17:20:45.748707,  3] smbd/process.c:1662(process_smb)
>>>   Transaction 8 of length 92 (0 toread)
>>> [2014/03/24 17:20:45.748781,  3] smbd/process.c:1467(switch_message)
>>>   switch message SMBntcreateX (pid 18333) conn 0x7f14235b5490
>>> [2014/03/24 17:20:45.748848,  3] smbd/dosmode.c:159(unix_mode)
>>>   unix_mode(.) returning 0744
>>> [2014/03/24 17:20:45.748918,  3] smbd/error.c:81(error_packet_set)
>>>   error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) 
>>> NT_STATUS_ACCESS_DENIED
>>>
>>> Yet on the same machine, other users can map their home directories 
>>> just fine.  I have checked all I can think of, I'm hoping the 
>>> community has some ideas.
>>>
>>
>



More information about the samba mailing list