[Samba] Intermittent permission denied when accessing share

Lorenzo Milesi maxxer at yetopen.it
Wed May 27 18:18:58 UTC 2020


Again on the intermittent inaccessible shares. I got another case today, it seems to be happening mostly in the evening...
Anyway I collected this log about the client machine.
Can the "Cannot get attribute from EA on file" be the reason of the negated access?

I found this[1] RH bug report which seems to describe my issue, unfortunately it's against sss and I'm not using it.

Again, restarting solves the problem.



[2020/05/27 18:24:35.793520,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2020/05/27 18:24:35.793567,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
  pop_sec_ctx (3000066, 100) - sec_ctx_stack_ndx = 0
[2020/05/27 18:24:35.793637,  5] ../../lib/dbwrap/dbwrap.c:143(dbwrap_lock_order_lock)
  dbwrap_lock_order_lock: check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb
[2020/05/27 18:24:35.793659,  5] ../../lib/dbwrap/dbwrap.c:172(dbwrap_lock_order_unlock)
  dbwrap_lock_order_unlock: release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb
[2020/05/27 18:24:35.793683,  5] ../../libcli/smb/smb2_signing.c:174(smb2_signing_sign_pdu)
  signed SMB2 message
[2020/05/27 18:24:35.795292,  5] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/05/27 18:24:35.795320,  5] ../../source3/smbd/uid.c:298(print_impersonation_info)
  print_impersonation_info: Impersonated user: uid=(3000066,3000066), gid=(0,100), cwd=[/home/CONDIVISI/SHARE01]
[2020/05/27 18:24:35.795346,  5] ../../source3/smbd/dir.c:220(dptr_create)
  dptr_create: dir=2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio
[2020/05/27 18:24:35.795365,  5] ../../source3/smbd/dir.c:322(dptr_create)
  dptr_create: creating new dirptr [0] for path [2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio], expect_close = 0
[2020/05/27 18:24:35.795379,  8] ../../source3/smbd/smb2_query_directory.c:493(smbd_smb2_query_directory_send)
  smbd_smb2_query_directory_send: dirpath=<2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio> dontdescend=<>, in_output_buffer_length = 65528
[2020/05/27 18:24:35.795404,  6] ../../source3/smbd/dir.c:820(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry: dirptr 0x55f3ceabc250 now at offset 0
[2020/05/27 18:24:35.795423,  8] ../../source3/smbd/dosmode.c:779(dos_mode)
  dos_mode: 2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio/.
[2020/05/27 18:24:35.795439,  5] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute)
  get_ea_dos_attribute: Cannot get attribute from EA on file 2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio/.: Error = No data available
[2020/05/27 18:24:35.795455,  5] ../../source3/smbd/dosmode.c:72(dos_mode_debug_print)
  dos_mode_debug_print: dos_mode returning (0x10): "d"
[2020/05/27 18:24:35.795467,  3] ../../source3/smbd/dir.c:911(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry mask=[*] found 2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio/. fname=. (.)
[2020/05/27 18:24:35.795494,  6] ../../source3/smbd/dir.c:820(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry: dirptr 0x55f3ceabc250 now at offset 2147483648
[2020/05/27 18:24:35.795511,  8] ../../source3/smbd/dosmode.c:779(dos_mode)
  dos_mode: 2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio/..
[2020/05/27 18:24:35.795527,  5] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute)
  get_ea_dos_attribute: Cannot get attribute from EA on file 2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio/..: Error = No data available
[2020/05/27 18:24:35.795542,  5] ../../source3/smbd/dosmode.c:72(dos_mode_debug_print)
  dos_mode_debug_print: dos_mode returning (0x10): "d"
[2020/05/27 18:24:35.795553,  3] ../../source3/smbd/dir.c:911(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry mask=[*] found 2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio/.. fname=.. (..)
[2020/05/27 18:24:35.795595,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  push_sec_ctx(3000066, 100) : sec_ctx_stack_ndx = 1
[2020/05/27 18:24:35.795611,  4] ../../source3/smbd/uid.c:566(push_conn_ctx)
  push_conn_ctx(3735803670) : conn_ctx_stack_ndx = 0
[2020/05/27 18:24:35.795622,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2020/05/27 18:24:35.795633,  5] ../../libcli/security/security_token.c:52(security_token_debug)
  Security token: (NULL)
[2020/05/27 18:24:35.795643,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2020/05/27 18:24:35.795685,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
  pop_sec_ctx (3000066, 100) - sec_ctx_stack_ndx = 0
[2020/05/27 18:24:35.795738,  6] ../../source3/smbd/dir.c:820(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry: dirptr 0x55f3ceabc250 now at offset 996093369490470357
[2020/05/27 18:24:35.795755,  8] ../../source3/smbd/dosmode.c:779(dos_mode)
  dos_mode: 2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio/2017.07.03 Tizio Caio.pdf
[2020/05/27 18:24:35.795772,  5] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute)
  get_ea_dos_attribute: Cannot get attribute from EA on file 2017 PAE/2 secondo-terzo trimestre 2017 inviati/2 Asdrubale 2/Tizio Caio/2017.07.03 Tizio Caio.pdf: Error = No data available


After restarting:

[2020/05/27 18:33:22.847436,  8] ../../source3/smbd/dosmode.c:779(dos_mode)
  dos_mode: 2019_2020_aggiornamenti_2-aggiornato.xlsx
[2020/05/27 18:33:22.847458,  5] ../../source3/smbd/dosmode.c:72(dos_mode_debug_print)
  dos_mode_debug_print: parse_dos_attribute_blob returning (0x20): "a"
[2020/05/27 18:33:22.847472,  5] ../../source3/smbd/dosmode.c:72(dos_mode_debug_print)
  dos_mode_debug_print: dos_mode returning (0x20): "a"
[2020/05/27 18:33:22.847488,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  push_sec_ctx(3000066, 100) : sec_ctx_stack_ndx = 1
[2020/05/27 18:33:22.847502,  4] ../../source3/smbd/uid.c:566(push_conn_ctx)
  push_conn_ctx(3547027380) : conn_ctx_stack_ndx = 0
[2020/05/27 18:33:22.847513,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2020/05/27 18:33:22.847524,  5] ../../libcli/security/security_token.c:52(security_token_debug)
  Security token: (NULL)
[2020/05/27 18:33:22.847534,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
  UNIX token of user 0


Thanks again.


> About the root problem of the thread, it seems a permission problem, but again I
> need some help on how to investigate further. I've just been reported a share
> wasn't accessible, I checked on another client and I was able to enter the
> folder but NOT to see the content, looked like empty. I have "hide unreadable"
> enabled, and while entering the share several times I noticed the file list
> gets populated but then disappears, so it's like when samba realizes the user
> doesn't have access to the files it hides them. But... Why is it happening?
> Restarting samba-ad-dc and refreshing the folder shows all the files. No
> filesystem change, no permission change.
> The problem usually happens before entering the share, but it seems to me the
> cause could be the same.
> 
> I double checked the filesystem has acl support.
> 
> Side note: as I enabled recycle I have
> vfs objects = dfs_samba4 acl_xattr recycle
> on every share, as indicated in the wiki.



[1] https://bugzilla.redhat.com/show_bug.cgi?id=1657665
-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.it

YetOpen S.r.l. - https://www.yetopen.it/
Via Salerno 18 - 23900 Lecco - ITALY -
Tel +39 0341 220 205 - Fax +39 178 6070 222

Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary

-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.
Grazie.

Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
Thank you.




More information about the samba mailing list