[Samba] uid mismatch

Meike Stone meike.stone at googlemail.com
Wed Jan 15 14:19:01 UTC 2020 

Am Mi., 15. Jan. 2020 um 15:02 Uhr schrieb Rowland penny via samba
<samba at lists.samba.org>:
>
> On 15/01/2020 13:46, Meike Stone via samba wrote:
> > Hello dear list,
> >
> > I use samba and it is working fine.
> >
> > But I have two questions:
> >
> > 1) my logging configuration is:
> >
> >            vfs objects = extd_audit
> >            debug uid = yes
> >            debug pid = yes
> >            debug class = yes
> >            log level = 0 vfs:2
> >            syslog = 0
> >            max log size = 1024
> >            log file = /var/log/samba/users/%U.log
> >
> >
> > If I look in one users logfile, I see different UIDs in it, example:
> >
> > [2020/01/10 09:59:11.498881,  0, pid=37872, effective(50465, 100),
> > real(50465, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> >    vfs_extd_audit: unlink HOME/SWE/KA/B377F354.tmp
> > [2020/01/10 09:59:15.086266,  0, pid=37872, effective(50465, 100),
> > real(50465, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> >    vfs_extd_audit: unlink HOME/SWE/KA/~$20200106_excel-1.xlsx
> > [2020/01/10 10:25:54.226794,  0, pid=37872, effective(50251, 100),
> > real(50251, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> >    vfs_extd_audit: unlink KLW/CN/2019_11/~$excel-2.xlsx
> > [2020/01/10 10:26:21.292172,  0, pid=37872, effective(29321, 100),
> > real(29321, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> >    vfs_extd_audit: unlink HOME/privat/doc-1.docx
> > [2020/01/10 10:26:21.991164,  0, pid=37872, effective(29321, 100),
> > real(29321, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> >    vfs_extd_audit: unlink HOME/privat/677F2835.tmp
> >
> >
> > Only the UID "50465" belongs to the real user.
> > Shouldn't the other lines not be included in the user log files the
> > belongs to the uid that are shown (above in the example?)
> >
> > 2) One share configuration looks like:
> >
> > [KLW]
> >          path = /data/users_linkroot/%U
> >          writeable = yes
> >          browseable = no
> >          nt acl support = no
> >          inherit permissions = yes
> >          store dos attributes = yes
> >          csc policy = disable
> >
> > In this configuration (links inside of /data/users_linkroot/%U, and
> > file rights managed outiside from samba), the user who maps the share
> > KWL, is accessing the path /data/users_linkroot/<username>
> >
> > But if I look with smbstatus for one "Sharepath", so is seems, more
> > than one uid accessing there.
> >
> > smbstatus -L | awk '{print $1"\t"$2"\t"$7}' | egrep '(awisil|Pid)'
> >       Pid      Uid        SharePath
> >       45413   51520   /data/users_linkroot/awisil
> >       45413   51520   /data/users_linkroot/awisil
> >       39644   51365   /data/users_linkroot/awisil
> >       39644   51365   /data/users_linkroot/awisil
> >       45413   51520   /data/users_linkroot/awisil
> >
> > How can this be?
> >
> > In operation, until now we had no complaints from users. It seems,
> > everything is working fine.
> >
> > Can anybody help?
> >
> > Thanks Meike
> >
> Can you post your entire smb.conf.
>

[global]
          workgroup = Samba
          map to guest = Bad User
          security = user
          server string = Fileserver
          preferred master = no
          max protocol = NT1
          deadtime = 600
          kernel oplocks = Yes
          ntlm auth = yes
          smb encrypt = auto

        # Printspooler Config
          load printers = no
          printcap name = /dev/null
          disable spoolss = yes

        # Auth Config
          ldap admin dn = uid=samba_user,...
          passdb backend = ldapsam:"ldap://ldap01.domain.net
ldap://ldap01.domain.net"
          ldap suffix = cn=samba,cn=applications,o=...
          ldap user suffix = cn=accounts
          ldap group suffix = cn=groups
          ldap passwd sync = No

        # for symlinks under /data/users...
          unix extensions = no
          follow symlinks = yes
          wide links = yes


        # logging Config,
          vfs objects = extd_audit
          debug uid = yes
          debug pid = yes
          debug class = yes
          log level = 0 vfs:2
          syslog = 0
          max log size = 1024
          log file = /var/log/samba/users/%U.log

[KWL]
        path = /data/users_linkroot/%U
        writeable = yes
        browseable = no
        nt acl support = no
        inherit permissions = yes
        store dos attributes = yes
        csc policy = disable

(And sorry for "max protocol = NT1", I have to support w2k3 server
(from other department) and they are obviously can not negotiate the
protocol :-()

More information about the samba mailing list