[Samba] Change in behaviour for the "%U" substitution in 4.10.8?

gac gac at tutanota.com
Tue Sep 17 15:55:56 UTC 2019


I found the same bug, and discounted it as irrelevant...I can't see the details of the bug related to the CVE which was the only 4.10.8 change, but I can't imagine that would have anything useful either.

Just to be clear, do you want information and logs from the working 4.10.7, the broken 4.10.8, or both?

Thanks

17 Sep 2019, 14:58 by samba at lists.samba.org:

> Hai, 
>  
> Well, i did go throught the bug reports, and i could only find one simular thing but in the printing functions. 
> https://bugzilla.samba.org/show_bug.cgi?id=13745 
>  
> Can you run this debug script for me, that give me all i need to know about you system and setup.
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
>  
> Then set debug level 10 and try again. 
> if you can pm me the logs, compress them and attach them. 
>  
> I'll have a look that is happening there. 
>  
>  
> Greetz, 
>  
> Louis
>  
>  
>  
>  
>  
>
> Van: gac [mailto:gac at tutanota.com] 
> Verzonden: dinsdag 17 september 2019 15:41
> Aan: gac
> CC: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: Re: [Samba] Change in behaviour for the "%U" substitution in 4.10.8?
>
>
>
> I downgraded the packages to 4.10.7
>
>
>
> The issue is fixed; the two shares I use which contain %U in their paths are now working correctly using the same Windows 7 client logged in as the same user that breaks on 4.10.8. I realise 4.10.7->4.10.8 was a very small changeset but it really seems like some behaviour has changed there...
>
>
>
> I obviously don't have any error logs (since there is no longer an error) but if there are any debug level logs which I can turn on to help troubleshoot this by getting the correct "canonicalize_connect_path" output then please let me know and I can turn them on
>
>
>
> Thanks
>
>
> 17 Sep 2019, 13:11 by samba at lists.samba.org:
>
> Ah, thanks - I'll try with those this afternoon and check the behaviour with this version
>
>
>
> 17 Sep 2019, 12:56 by samba at lists.samba.org:
>
> Hai, 
>
>
>
> Yes, the repo does not allow different versionnumbers, but i do have all my versions in backup. 
>
>
>
> I made a few tar.gz for you so you can test again with 4.10.7 on a local repo.
>
> You can find them here. http://downloads.van-belle.nl/samba4/ 
>
> The 4.10.7 for Stretch Buster and Bionic source and deb's are there to get. 
>
>
>
>
>
> Greetz, 
>
>
>
> Louis
>
>
>
>
>
> -----Oorspronkelijk bericht-----
>
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens gac via samba
>
> Verzonden: dinsdag 17 september 2019 12:49
>
> Aan: Samba
>
> Onderwerp: Re: [Samba] Change in behaviour for the "%U" 
>
> substitution in 4.10.8?
>
>
>
> This is unfortunately still happening - anyone else have any 
>
> other ideas?
>
>
>
> As a reminder/summary of the information from earlier in the thread;
>
>
>
> - My [homes] share is "path = /shares/DOMAIN/%U"
>
> - I am logging into a Windows 7 client as "DOMAIN\username"
>
> - My log.smbd shows "canonicalize_connect_path failed for 
>
> service username, path /shares/DOMAIN/domain_username" (where 
>
> DOMAIN is the domain name with upper-case letters, domain is 
>
> the domain name with lower-case latters)
>
> - this issue is affecting two shares in total which use the 
>
> %U substitution, both are showing the same error. Any shares 
>
> which use fixed paths are fine, as expected
>
> - this only seemed to start happening when I upgraded to 
>
> 4.10.8 from Louis van Belle's repo; I did not see the problem 
>
> with the 4.10.7 packages from the same repo. Unfortunately 
>
> the repo removes old versions of packages so I can't roll 
>
> back to 4.10.7 as a reproduction or workaround
>
>
>
> I'd appreciate any more tips, thank you!
>
>
>
> 6 Sep 2019, 11:53 by samba at lists.samba.org:
>
>
>
>> I hadn't, but I did that just now; still the same behaviour.
>>
>>
>>
>> 6 Sep 2019, 11:49 by samba at lists.samba.org:
>>
>>
>>
>>> Have you tried running
>>>
>>>
>>>
>>> net cache flush
>>>
>>>
>>>
>>> after you have removed the SERVER lines from you config?
>>>
>>>
>>>
>>> Regards
>>>
>>>
>>>
>>>
>>>
>>> Am 06.09.19 um 12:33 schrieb gac via samba:
>>>
>>>
>>>
>>>> I've now changed the ownership to root, as you suggest.
>>>>
>>>>
>>>>
>>>> I've removed the ACLs from /shares/DOMAIN - they don't
>>>>
>
> need to be there as anyone can enter this directory already 
>
> so there's no need for them.
>
>>>>
>>>>
>>>> The ACLs on my individual home directory:
>>>>
>>>>
>>>>
>>>> root at server:/shares# getfacl /shares/DOMAIN/username
>>>>
>>>> getfacl: Removing leading '/' from absolute path names
>>>>
>>>> # file: shares/DOMAIN/username
>>>>
>>>> # owner: username
>>>>
>>>> # group: domain\040users
>>>>
>>>> user::rwx
>>>>
>>>> user:www-data:--x
>>>>
>>>> group::---
>>>>
>>>> mask::r-x
>>>>
>>>> other::---
>>>>
>>>>
>>>>
>>>> Still no joy, and the logs are still showing:
>>>>
>>>>
>>>>
>>>> canonicalize_connect_path failed for service username,
>>>>
>
> path /shares/DOMAIN/domain_username
>
>>>>
>>>>
>>>> Thanks for all your advice so far but I still don't
>>>>
>
> believe this is a permissions problem, Samba is trying to 
>
> access a directory which simply does not exist, and never has 
>
> existed...
>
>>>> 6 Sep 2019, 11:19 by samba at lists.samba.org:
>>>>
>>>>
>>>>
>>>>> On 06/09/2019 11:12, gac wrote:
>>>>>
>>>>>
>>>>>
>>>>>> I imagine the numeric UID is my old boss who left the
>>>>>>
>
> company a few years ago, and by this point his account has 
>
> been removed, not just disabled. The only thing contained by 
>
> the DOMAIN directory is a home directory for each user, which 
>
> is owned by them. So I don't _think_ this is the problem.
>
>>>>>>
>>>>>>
>>>>>> The command you suggested returns:
>>>>>>
>>>>>>
>>>>>>
>>>>>> winbind_lookup_rids failed: WBC_ERR_DOMAIN_NOT_FOUND
>>>>>>
>>>>>>
>>>>>>
>>>>>> The ACLs are to allow --x access for the 'www-data'
>>>>>>
>
> into users home directories for use with Apache+mod_userdir, 
>
> and then r-x access for their www directory
>
>>>>>>
>>>>>>
>>>>> Try changing the ownership of /shares/DOMAIN to root
>>>>>
>>>>>
>>>>>
>>>>> What about the getfacl commands ?
>>>>>
>>>>>
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> To unsubscribe from this list go to the following URL
>>>>>
>
> and read the
>
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>>
>>>
>>>
>>> --
>>>
>>> Dr. Christian Naumer
>>>
>>> Unit Head Bioprocess Development
>>>
>>> B.R.A.I.N Aktiengesellschaft
>>>
>>> Darmstaedter Str. 34-36, D-64673 Zwingenberg
>>>
>>> e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
>>>
>>> fon +49-6251-9331-30 / fax +49-6251-9331-11
>>>
>>>
>>>
>>> Sitz der Gesellschaft: Zwingenberg/Bergstrasse
>>>
>>> Registergericht AG Darmstadt, HRB 24758
>>>
>>> Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender,
>>>
>>> Ludger Roedder
>>>
>>> Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
>>>
>>>
>>>
>>> --
>>>
>>> To unsubscribe from this list go to the following URL and read the
>>>
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>>
>>
>> --
>>
>> To unsubscribe from this list go to the following URL and read the
>>
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
>
>
>
> -- 
>
> To unsubscribe from this list go to the following URL and read the
>
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>
>
> -- 
>
> To unsubscribe from this list go to the following URL and read the
>
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> -- 
>
> To unsubscribe from this list go to the following URL and read the
>
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



More information about the samba mailing list