[Samba] uid mismatch
Meike Stone
meike.stone at googlemail.com
Wed Jan 15 14:19:01 UTC 2020
Am Mi., 15. Jan. 2020 um 15:02 Uhr schrieb Rowland penny via samba
<samba at lists.samba.org>:
>
> On 15/01/2020 13:46, Meike Stone via samba wrote:
> > Hello dear list,
> >
> > I use samba and it is working fine.
> >
> > But I have two questions:
> >
> > 1) my logging configuration is:
> >
> > vfs objects = extd_audit
> > debug uid = yes
> > debug pid = yes
> > debug class = yes
> > log level = 0 vfs:2
> > syslog = 0
> > max log size = 1024
> > log file = /var/log/samba/users/%U.log
> >
> >
> > If I look in one users logfile, I see different UIDs in it, example:
> >
> > [2020/01/10 09:59:11.498881, 0, pid=37872, effective(50465, 100),
> > real(50465, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> > vfs_extd_audit: unlink HOME/SWE/KA/B377F354.tmp
> > [2020/01/10 09:59:15.086266, 0, pid=37872, effective(50465, 100),
> > real(50465, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> > vfs_extd_audit: unlink HOME/SWE/KA/~$20200106_excel-1.xlsx
> > [2020/01/10 10:25:54.226794, 0, pid=37872, effective(50251, 100),
> > real(50251, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> > vfs_extd_audit: unlink KLW/CN/2019_11/~$excel-2.xlsx
> > [2020/01/10 10:26:21.292172, 0, pid=37872, effective(29321, 100),
> > real(29321, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> > vfs_extd_audit: unlink HOME/privat/doc-1.docx
> > [2020/01/10 10:26:21.991164, 0, pid=37872, effective(29321, 100),
> > real(29321, 0), class=extd_audit]
> > ../source3/modules/vfs_extd_audit.c:268(audit_unlink)
> > vfs_extd_audit: unlink HOME/privat/677F2835.tmp
> >
> >
> > Only the UID "50465" belongs to the real user.
> > Shouldn't the other lines not be included in the user log files the
> > belongs to the uid that are shown (above in the example?)
> >
> > 2) One share configuration looks like:
> >
> > [KLW]
> > path = /data/users_linkroot/%U
> > writeable = yes
> > browseable = no
> > nt acl support = no
> > inherit permissions = yes
> > store dos attributes = yes
> > csc policy = disable
> >
> > In this configuration (links inside of /data/users_linkroot/%U, and
> > file rights managed outiside from samba), the user who maps the share
> > KWL, is accessing the path /data/users_linkroot/<username>
> >
> > But if I look with smbstatus for one "Sharepath", so is seems, more
> > than one uid accessing there.
> >
> > smbstatus -L | awk '{print $1"\t"$2"\t"$7}' | egrep '(awisil|Pid)'
> > Pid Uid SharePath
> > 45413 51520 /data/users_linkroot/awisil
> > 45413 51520 /data/users_linkroot/awisil
> > 39644 51365 /data/users_linkroot/awisil
> > 39644 51365 /data/users_linkroot/awisil
> > 45413 51520 /data/users_linkroot/awisil
> >
> > How can this be?
> >
> > In operation, until now we had no complaints from users. It seems,
> > everything is working fine.
> >
> > Can anybody help?
> >
> > Thanks Meike
> >
> Can you post your entire smb.conf.
>
[global]
workgroup = Samba
map to guest = Bad User
security = user
server string = Fileserver
preferred master = no
max protocol = NT1
deadtime = 600
kernel oplocks = Yes
ntlm auth = yes
smb encrypt = auto
# Printspooler Config
load printers = no
printcap name = /dev/null
disable spoolss = yes
# Auth Config
ldap admin dn = uid=samba_user,...
passdb backend = ldapsam:"ldap://ldap01.domain.net
ldap://ldap01.domain.net"
ldap suffix = cn=samba,cn=applications,o=...
ldap user suffix = cn=accounts
ldap group suffix = cn=groups
ldap passwd sync = No
# for symlinks under /data/users...
unix extensions = no
follow symlinks = yes
wide links = yes
# logging Config,
vfs objects = extd_audit
debug uid = yes
debug pid = yes
debug class = yes
log level = 0 vfs:2
syslog = 0
max log size = 1024
log file = /var/log/samba/users/%U.log
[KWL]
path = /data/users_linkroot/%U
writeable = yes
browseable = no
nt acl support = no
inherit permissions = yes
store dos attributes = yes
csc policy = disable
(And sorry for "max protocol = NT1", I have to support w2k3 server
(from other department) and they are obviously can not negotiate the
protocol :-()
More information about the samba
mailing list