[Samba] Change in behaviour for the "%U" substitution in 4.10.8?
L.P.H. van Belle
belle at bazuin.nl
Wed Sep 18 08:33:47 UTC 2019
Before i want level 10 logs..
Can you try this for [homes]
[homes]
readonly = no
That it, nothing more, nothing less..
Thanks Rowland for this part.
It might help to understand a few things better, at least it helped me. :-)
In theory %S, %u and %U should all be the same, the users name.
If you check what they mean, you will find this:
%S : the name of the current service, if any.
%u : username of the current service, if any.
%U : session username (the username that the client wanted, not
necessarily the same as the one they got).
Now, we are not sure yet about your problem.
You might have found something, and maybe not.
I do understand where you setting is coming from, or at least im thinking of
You took this part and added it in [homes]
Default: template homedir = /home/%D/%U <<
Which does work for [home] only, [homes] is different cookie..
man smb.conf the "[homes]" section
And keep in mind, less settings in samba is better,
its to easy to mix incompatible settings,
and these are sometimes hard to detect.
Personaly for a share path in user and profiles shares.
I really recommend to use something like this. :
[users]
path = /home/samba/users
read only = no
[profiles]
path = /home/samba/profiles
read only = no
Path's are changeable to you needs ofcourse here.
Why i recommend this.
If you creating windows users and your using RSAT.
You can set the profile path and usershares.
If you use \\server.fqdn\users\ ( per example from the [users] share.
Can you can set in RSAT \\server.fqdn\users\%username%
And now windows creates the homedir and this works the same for profiles.
Just saying..
Greetz,
Louis
________________________________
Van: gac [mailto:gac at tutanota.com]
Verzonden: dinsdag 17 september 2019 17:56
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Change in behaviour for the "%U" substitution in 4.10.8?
I found the same bug, and discounted it as irrelevant...I can't see the details of the bug related to the CVE which was the only 4.10.8 change, but I can't imagine that would have anything useful either.
Just to be clear, do you want information and logs from the working 4.10.7, the broken 4.10.8, or both?
Thanks
17 Sep 2019, 14:58 by samba at lists.samba.org:
Hai,
Well, i did go throught the bug reports, and i could only find one simular thing but in the printing functions.
https://bugzilla.samba.org/show_bug.cgi?id=13745
Can you run this debug script for me, that give me all i need to know about you system and setup.
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
Then set debug level 10 and try again.
if you can pm me the logs, compress them and attach them.
I'll have a look that is happening there.
Greetz,
Louis
Van: gac [mailto:gac at tutanota.com]
Verzonden: dinsdag 17 september 2019 15:41
Aan: gac
CC: L.P.H. van Belle; samba at lists.samba.org
Onderwerp: Re: [Samba] Change in behaviour for the "%U" substitution in 4.10.8?
I downgraded the packages to 4.10.7
The issue is fixed; the two shares I use which contain %U in their paths are now working correctly using the same Windows 7 client logged in as the same user that breaks on 4.10.8. I realise 4.10.7->4.10.8 was a very small changeset but it really seems like some behaviour has changed there...
I obviously don't have any error logs (since there is no longer an error) but if there are any debug level logs which I can turn on to help troubleshoot this by getting the correct "canonicalize_connect_path" output then please let me know and I can turn them on
Thanks
17 Sep 2019, 13:11 by samba at lists.samba.org:
Ah, thanks - I'll try with those this afternoon and check the behaviour with this version
17 Sep 2019, 12:56 by samba at lists.samba.org:
Hai,
Yes, the repo does not allow different versionnumbers, but i do have all my versions in backup.
I made a few tar.gz for you so you can test again with 4.10.7 on a local repo.
You can find them here. http://downloads.van-belle.nl/samba4/
The 4.10.7 for Stretch Buster and Bionic source and deb's are there to get.
Greetz,
Louis
-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces at lists.samba.org] Namens gac via samba
Verzonden: dinsdag 17 september 2019 12:49
Aan: Samba
Onderwerp: Re: [Samba] Change in behaviour for the "%U"
substitution in 4.10.8?
This is unfortunately still happening - anyone else have any
other ideas?
As a reminder/summary of the information from earlier in the thread;
- My [homes] share is "path = /shares/DOMAIN/%U"
- I am logging into a Windows 7 client as "DOMAIN\username"
- My log.smbd shows "canonicalize_connect_path failed for
service username, path /shares/DOMAIN/domain_username" (where
DOMAIN is the domain name with upper-case letters, domain is
the domain name with lower-case latters)
- this issue is affecting two shares in total which use the
%U substitution, both are showing the same error. Any shares
which use fixed paths are fine, as expected
- this only seemed to start happening when I upgraded to
4.10.8 from Louis van Belle's repo; I did not see the problem
with the 4.10.7 packages from the same repo. Unfortunately
the repo removes old versions of packages so I can't roll
back to 4.10.7 as a reproduction or workaround
I'd appreciate any more tips, thank you!
6 Sep 2019, 11:53 by samba at lists.samba.org:
I hadn't, but I did that just now; still the same behaviour.
6 Sep 2019, 11:49 by samba at lists.samba.org:
Have you tried running
net cache flush
after you have removed the SERVER lines from you config?
Regards
Am 06.09.19 um 12:33 schrieb gac via samba:
I've now changed the ownership to root, as you suggest.
I've removed the ACLs from /shares/DOMAIN - they don't
need to be there as anyone can enter this directory already
so there's no need for them.
The ACLs on my individual home directory:
root at server:/shares# getfacl /shares/DOMAIN/username
getfacl: Removing leading '/' from absolute path names
# file: shares/DOMAIN/username
# owner: username
# group: domain\040users
user::rwx
user:www-data:--x
group::---
mask::r-x
other::---
Still no joy, and the logs are still showing:
canonicalize_connect_path failed for service username,
path /shares/DOMAIN/domain_username
Thanks for all your advice so far but I still don't
believe this is a permissions problem, Samba is trying to
access a directory which simply does not exist, and never has
existed...
6 Sep 2019, 11:19 by samba at lists.samba.org:
On 06/09/2019 11:12, gac wrote:
I imagine the numeric UID is my old boss who left the
company a few years ago, and by this point his account has
been removed, not just disabled. The only thing contained by
the DOMAIN directory is a home directory for each user, which
is owned by them. So I don't _think_ this is the problem.
The command you suggested returns:
winbind_lookup_rids failed: WBC_ERR_DOMAIN_NOT_FOUND
The ACLs are to allow --x access for the 'www-data'
into users home directories for use with Apache+mod_userdir,
and then r-x access for their www directory
Try changing the ownership of /shares/DOMAIN to root
What about the getfacl commands ?
Rowland
--
To unsubscribe from this list go to the following URL
and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Dr. Christian Naumer
Unit Head Bioprocess Development
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
fon +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender,
Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list