[Samba] winbind bug?
Doug Tucker
tuckerd at lyle.smu.edu
Wed Mar 26 15:31:11 MDT 2014
OK, I have isolated it. And it is related to the unix id number. I've
googled and I can't find anything. Is there a limitation in winbind or
bug maybe? Any unix user with a unix id greater than 11000 cannot map
their own home directories on windows 7. To verify it wasn't some
anomaly, I took a user that could map their home that had a unix id of
3033. I then changed the id to 15367 (changed permissions on the unix
side to match) and wallah, same issue. The user could no longer map
their home directory. I have about 2000 or so unix id's that are
affected (though many don't map drives).
Sincerely,
Doug Tucker
On 03/25/2014 04:44 PM, Doug Tucker wrote:
> No responses so far. I'm really trying to find something that will
> give someone a clue. The *only* thing I can find common to the users
> that don't work on windows 7 is their unix id is > 11000. No idea why
> or even what to look for but it is the only common thing I can find
> with them. Hoping this sets a light bulb off with someone or I'm
> going to have to roll back to 3.033.
>
> Sincerely,
>
> Doug Tucker
>
> On 03/25/2014 10:11 AM, Doug Tucker wrote:
>> Follow up with more info that just confuses things for me more. I
>> chmod'd the user directory for one of the few getting the permission
>> denied issue from the standard 700 to 777 just to create a file and
>> see what it wrote as. I was thinking maybe it was not mapping the
>> user correctly somehow and the write would show up as a user other
>> than who the person was. I was wrong. The user can then map their
>> home directory without getting the permission denied after passing
>> authentication, but when they write a file to it, the file is written
>> with the proper permissions. Any ideas? I don't even know where to
>> go from here.
>>
>> Sincerely,
>>
>> Doug Tucker
>>
>> On 03/24/2014 05:34 PM, Doug Tucker wrote:
>>> Very odd issue. Transitioning over to a new samba 3.6.9 (from
>>> 3.0.33) server. Majority of the users are ok, but a handful of
>>> users cannot map their home directories from windows7 clients.
>>> Logged into XP their homes map fine. They pass authentication:
>>>
>>> (log snippet)
>>>
>>> [2014/03/24 17:20:43.277337, 3] auth/auth.c:219(check_ntlm_password)
>>> check_ntlm_password: Checking password for unmapped user
>>> [ourdomain]\[hisusername]@[WIN7-VM] with the new password interface
>>> [2014/03/24 17:20:43.277439, 3] auth/auth.c:222(check_ntlm_password)
>>> check_ntlm_password: mapped user is:
>>> [ourdomain]\[hisusername]@[WIN7-VM]
>>> [2014/03/24 17:20:43.290082, 3] auth/user_util.c:402(map_username)
>>> Mapped user ourdomain+hisusername to hisusername
>>> [2014/03/24 17:20:43.294187, 3] auth/auth.c:268(check_ntlm_password)
>>> check_ntlm_password: winbind authentication for user [hisusername]
>>> succeeded
>>> [2014/03/24 17:20:43.294226, 2] auth/auth.c:309(check_ntlm_password)
>>> check_ntlm_password: authentication for user [hisusername] ->
>>> [hisusername] -> [hisusername] succeeded
>>> [2014/03/24 17:20:45.562177, 3]
>>> ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init)
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> [2014/03/24 17:20:45.562246, 3]
>>> ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
>>> Got NTLMSSP neg_flags=0xe2088215
>>> [2014/03/24 17:20:45.562296, 3]
>>> smbd/password.c:298(register_existing_vuid)
>>> register_existing_vuid: User name: hisusername Real name:
>>> [2014/03/24 17:20:45.562328, 3]
>>> smbd/password.c:308(register_existing_vuid)
>>> register_existing_vuid: UNIX uid 11333 is UNIX user hisusername,
>>> and will be vuid 100
>>> [2014/03/24 17:20:45.562441, 3]
>>> smbd/password.c:238(register_homes_share)
>>> Adding homes service for user 'hisusername' using home directory:
>>> '/users5/volume1/hisusername'
>>> [2014/03/24 17:20:45.562497, 3] param/loadparm.c:6582(lp_add_home)
>>> adding home's share [hisusername] for user 'hisusername' at
>>> '/users5/volume1/hisusername'
>>> [2014/03/24 17:20:45.564318, 3] smbd/process.c:1662(process_smb)
>>> Transaction 3 of length 118 (0 toread)
>>> [2014/03/24 17:20:45.564453, 3] smbd/process.c:1467(switch_message)
>>> switch message SMBtconX (pid 18333) conn 0x0
>>> [2014/03/24 17:20:45.564494, 3] lib/access.c:338(allow_access)
>>> Allowed connection from 129.119.103.59 (129.119.103.59)
>>> [2014/03/24 17:20:45.564527, 3]
>>> ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
>>> string_to_sid: SID root is not in a valid format
>>> [2014/03/24 17:20:45.565103, 3]
>>> smbd/service.c:872(make_connection_snum)
>>> Connect path is '/users5/volume1/hisusername' for service
>>> [hisusername]
>>> [2014/03/24 17:20:45.565243, 3] smbd/vfs.c:102(vfs_init_default)
>>> Initialising default vfs hooks
>>> [2014/03/24 17:20:45.565295, 3] smbd/vfs.c:128(vfs_init_custom)
>>> Initialising custom vfs hooks from [/[Default VFS]/]
>>> [2014/03/24 17:20:45.566128, 3]
>>> ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
>>> string_to_sid: SID root is not in a valid format
>>>
>>> But then as it tries to display the folder in windows explorer it
>>> shows "access denied" and then this in the logs:
>>>
>>> [2014/03/24 17:20:45.740588, 3] smbd/process.c:1467(switch_message)
>>> switch message SMBntcreateX (pid 18333) conn 0x7f14235b5490
>>> [2014/03/24 17:20:45.740715, 3] smbd/error.c:81(error_packet_set)
>>> error packet at smbd/error.c(161) cmd=162 (SMBntcreateX)
>>> NT_STATUS_ACCESS_DENIED
>>> [2014/03/24 17:20:45.747582, 3] smbd/process.c:1662(process_smb)
>>> Transaction 7 of length 114 (0 toread)
>>> [2014/03/24 17:20:45.747659, 3] smbd/process.c:1467(switch_message)
>>> switch message SMBntcreateX (pid 18333) conn 0x7f14235b5490
>>> [2014/03/24 17:20:45.747758, 3] smbd/dosmode.c:159(unix_mode)
>>> unix_mode(desktop.ini) returning 0744
>>> [2014/03/24 17:20:45.747790, 3] smbd/error.c:81(error_packet_set)
>>> error packet at smbd/error.c(161) cmd=162 (SMBntcreateX)
>>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>>> [2014/03/24 17:20:45.748707, 3] smbd/process.c:1662(process_smb)
>>> Transaction 8 of length 92 (0 toread)
>>> [2014/03/24 17:20:45.748781, 3] smbd/process.c:1467(switch_message)
>>> switch message SMBntcreateX (pid 18333) conn 0x7f14235b5490
>>> [2014/03/24 17:20:45.748848, 3] smbd/dosmode.c:159(unix_mode)
>>> unix_mode(.) returning 0744
>>> [2014/03/24 17:20:45.748918, 3] smbd/error.c:81(error_packet_set)
>>> error packet at smbd/error.c(161) cmd=162 (SMBntcreateX)
>>> NT_STATUS_ACCESS_DENIED
>>>
>>> Yet on the same machine, other users can map their home directories
>>> just fine. I have checked all I can think of, I'm hoping the
>>> community has some ideas.
>>>
>>
>
More information about the samba
mailing list