[Samba] Bug found in Samba 4 ?

Denis BUCHER dbucherml at hsolutions.ch
Sun Jan 4 07:55:03 MST 2015


 

Le 31.12.2014 17:19, Ricky Nance a écrit : 

> On Wed, Dec 31, 2014 at 3:02 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote:
> 
> Le 29.12.2014 20:46, Ricky Nance a écrit : 
> 
> On Sat, Dec 27, 2014 at 8:39 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote:
> 
> Dear Ricky, 
> 
> Yes, in my original post, below, I gave some details about smb.conf, but to summarize: 
> 
> * I am using Samba 4.1.11.
> * server role = classic primary domain controller
> * domain logons = yes
> * domain master = yes
> 
> * When I define a fixed-name as logon script in smb.conf, it works :
> * logon script = employee.bat
> * But if I try either %g.bat or %G.bat, or even "%G.bat", it doesn't work :
> 
> * logon script = %g.bat
> * logon script = %G.bat
> * logon script = "%G.bat"
> 
> I can give more details, now: 
> 
> * 
> 
> I tried this, which proves that while only %U is working, all others (%G, %g, %u) are broken :
> logon script = %G%g%U%u.bat
> And the associated logs :
> 
> [2014/12/26 10:58:44.958812, 5] ../source3/smbd/filename.c:258(unix_convert)
> unix_convert called on file "%G%gdbucher%u.bat"
> [2014/12/26 10:58:44.958863, 5] ../source3/smbd/filename.c:421(unix_convert)
> unix_convert begin: name = %G%gdbucher%u.bat, dirpath = , start = %G%gdbucher%u.bat
> [2014/12/26 10:58:44.958956, 5] ../source3/smbd/filename.c:816(unix_convert)
> New file %G%gdbucher%u.bat
> [2014/12/26 10:58:44.959002, 3] ../source3/smbd/vfs.c:1137(check_reduced_name)
> check_reduced_name [%G%gdbucher%u.bat] [/data/shares/netlogon]
> [2014/12/26 10:58:44.959052, 3] ../source3/smbd/vfs.c:1267(check_reduced_name)
> check_reduced_name: %G%gdbucher%u.bat reduced to /data/shares/netlogon/%G%gdbucher%u.bat
> [2014/12/26 10:58:44.959106, 5] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
> check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb
> [2014/12/26 10:58:44.959185, 5] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
> release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb
> [2014/12/26 10:58:44.959230, 5] ../source3/smbd/files.c:128(file_new)
> allocated file structure fnum 491426714 (5 used)
> [2014/12/26 10:58:44.959276, 3] ../source3/smbd/dosmode.c:163(unix_mode)
> unix_mode(%G%gdbucher%u.bat) returning 0744
> 
> Denis 
> 
> Le 26.12.2014 23:41, Ricky Nance a écrit : 
> 
> Sorry for not replying earlier Dennis, but its been a bit crazy the last week or two with the holidays. Can you explain more about your configuration setup (smb.conf would be handy)? 
> 
> Thanks, 
> Ricky
> 
> On Fri, Dec 26, 2014 at 3:13 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote:
> 
> Dear all,
> 
> As nobody seems to know what the problem could be, I think it must be an
> important bug in Samba 4 that "forget" to replace %G or %g with the
> group name.
> 
> Could someone confirm that it is a bug and that I should fill one, in
> samba bugzilla ?
> 
> Thank you very much,
> 
> Denis
> 
> -------- Message original --------
> 
> OBJET:
> Re: [Samba] Samba "%G" replacement not working in "Logon script" ?
> 
> DATE:
> 24.12.2014 00:33
> 
> DE:
> Denis BUCHER <dbucherml at hsolutions.ch>
> 
> À:
> samba at lists.samba.org
> 
> Dear all,
> 
> Do you think I should fill a bug report about this problem or does
> someone has experienced the same problem ?
> 
> Thanks a lot for any help :-)
> 
> Denis
> 
> Le 21.12.2014 02:06, Denis BUCHER a écrit :
> 
>> P. S. I tried to display %ACCOUNTNAME% and %WORKGROUP% in cmd.exe on a logged PC (User in domain, roaming profile) but both values were unset :
>>
>>> echo %ACCOUNTNAME% %ACCOUNTNAME%
>> Denis Le 21.12.2014 01:25, Denis BUCHER a écrit :
>>
>>> Dear Ricky, Thanks a lot for your answer. But I still have two problems: 1. I am not using samba as AD DC but as PDC. 2. What I would need is the primary group... Do you thinks %WORKGROUP% could work ? 3. And should I use %WORKGROUP% in smb.conf or in batch login script... Thanks a lot in advance for your help... Denis Le 18.12.2014 21:58, Ricky Nance a écrit : Dennis, if you are running samba as an AD DC, you will need to use the new variable names %ACCOUNTNAME% and %WORKGROUP%. Ricky On Tue, Dec 16, 2014 at 1:23 PM, Denis BUCHER <dbucherml at hsolutions.ch>wrote: Dear all, I experience now a strange bug with Samba 4.1.11 : When I define a fixed-name as logon script in smb.conf, it works : logon script = employee.bat But if I try either %g.bat or %G.bat, or even "%G.bat", it doesn't work : * logon script = %g.bat * logon script = %G.bat * logon script = "%G.bat" In the logs, there was a message showing that Samba was trying to open the "%G.bat" file and that the file was n
 o
> 
> t found
> on the disk. (Of course) Denis P.S. Logfiles: [2014/11/21
> 20:53:36.616573, 5] ../source3/smbd/filename.c:258(unix_convert)
> unix_convert called on file "%g.bat" [2014/11/21 20:53:36.616622, 5]
> ../source3/smbd/filename.c:421(unix_convert) unix_convert begin: name =
> %g.bat, dirpath = , start = %g.bat [2014/11/21 20:53:36.616705, 5]
> 
>> ../source3/smbd/filename.c:816(unix_convert) New file %g.bat [2014/11/21 20:53:36.616747, 3] ../source3/smbd/vfs.c:1137(check_reduced_name) check_reduced_name [%g.bat] [/data/shares/netlogon] [2014/11/21 20:53:36.616794, 3] ../source3/smbd/vfs.c:1267(check_reduced_name) check_reduced_name: %g.bat reduced to /data/shares/netlogon/%g.bat [2014/11/21 20:53:36.616838, 5] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 20:53:36.616906, 5] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 20:53:36.616950, 5] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 2158460712 (2 used) [2014/11/21 20:53:36.616995, 3] ../source3/smbd/dosmode.c:163(unix_mode) unix_mode(%g.bat) returning 0744 [2014/11/21 20:53:36.617034, 5] ../source3/smbd/open.c:2168(open_file_ntcreate) open_file_ntcreate: FILE_OPEN requeste
 d
> 
> f
> 
>> or file %g.bat and file doesn't exist. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [1] [1] [1] [1] [1] Links: ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] [1] [1] Links: ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] [1]
> 
> Links:
> ------
> [1] https://lists.samba.org/mailman/options/samba [1] [1]
> 
> Links:
> ------
> [1] https://lists.samba.org/mailman/options/samba [1]
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba [1]

 Denis, 

Can you provide us with either a full smb.conf or at a minimum the
[global] section, you can mask the names and ip's if you need to. I am
interested in the backend as well as a couple of other things. 

Ricky 

Dear Ricky, 

Yes of course ! 

I just replaced domainname, servername and ourdomain. 

[global]
log level = 2
workgroup = DOMAINNAME
netbios name = SERVERNAME
wins support = yes
dns proxy = no
interfaces = 127.0.0.0/8 [2] eth0
bind interfaces only = yes
allow insecure wide links = yes
wide links = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = classic primary domain controller
security = user
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 255
remote announce = 172.16.7.255/domainname [3]
passdb backend = ldapsam:ldap://172.16.1.232 [4]
ldap suffix = dc=ourdomain,dc=ch
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=ourdomain,dc=ch
ldap delete dn = no
ldap ssl = no
obey pam restrictions = yes
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn
*passwordsupdatedssuccessfully* .
pam password change = yes
map to guest = bad user
map acl inherit = yes
logon path = \servernameprofiles
logon home = \servernameprofiles
logon drive = Z:
logon script = employees.bat

[netlogon]
comment = Network Logon Service
path = /data/shares/netlogon
guest ok = no
read only = yes
writeable = no
browseable = no

Denis 

Ok, can you also show us your /etc/nsswitch.conf as well. 

Thanks, 
Ricky 

Yes of course, it's the standard/unchanged Debian file: 

# /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

Denis 

 

Links:
------
[1] https://lists.samba.org/mailman/options/samba
[2] http://127.0.0.0/8
[3] http://172.16.7.255/domainname
[4] http://172.16.1.232


More information about the samba mailing list