In a follow-up to a previous post a couple weeks back, we've implemented a Samba 3.0.20 (Suse packages on 10.0 - recompiled to include idmap_rid) server to replace the Windows 2000 file server in our Win2003 Active Directory. For the most part things have been going well, but occassionally people will get access denied errors to things that they were accessing just fine minutes before. With file shares, they can access the share via UNC and, if they unmap and remap the share, it works. The recommendation was to increase the log level to 10. I was finally able to capture a log while someone was having a problem. In this instance they were getting access denied to the printers.
To date, I've only seen these errors on Windows 2000 workstations and not our XP workstations, but since this is so intermittent and we have only a few XP boxes, I'm not sure that is signficant, but I figured I'd throw it out there anyway. Here's my config (with the names changed to protect the innocent) [global] unix charset = LOCALE workgroup = MYDOMAIN realm = MYDOMAIN.INT server string = Production File Server 03 security = ADS allow trusted domains = No enable privileges = Yes username map = /etc/samba/smbusers log level = 10 log file = /var/log/samba/%m max log size = 50 deadtime = 15 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups wins server = 10.0.0.10 ldap ssl = no idmap backend = idmap_rid:MYDOMAIN=10000-50000 idmap uid = 10000-50000 idmap gid = 10000-50000 template shell = /bin/bash winbind separator = + cups options = raw [Software] comment = Adheris Software path = /srv/public/software valid users = @MYDOMAIN+grpIT, @MYDOMAIN+grpDevelopers admin users = "@MYDOMAIN+Domain Admins" read only = No create mask = 0664 directory mask = 0775 dos filemode = Yes [Home$] path = /srv/private/home valid users = "@MYDOMAIN+Domain Users" admin users = "@MYDOMAIN+Domain Admins" read only = No create mask = 0660 directory mask = 0770 dos filemode = Yes [Users] comment = Adheris User Data path = /srv/public/users valid users = "@MYDOMAIN+Domain Users" admin users = "@MYDOMAIN+Domain Admins" read only = No create mask = 02664 directory mask = 02775 dos filemode = Yes [Printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = root, "@MYDOMAIN+Domain Admins" And here is the debug information. The thing that stands out to me is the request for spoolss that fails. We do not have the iptables firewall enabled, but we seem to be getting a pipe issue perhaps? I'm weak on the programming/debugging side but take directions well if anyone has some suggestions. Thanks [2006/09/26 16:19:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 49 [2006/09/26 16:19:51, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x31 [2006/09/26 16:19:51, 3] smbd/process.c:process_smb(1114) Transaction 1145 of length 53 [2006/09/26 16:19:51, 5] lib/util.c:show_msg(454) [2006/09/26 16:19:51, 5] lib/util.c:show_msg(464) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=49219 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2006/09/26 16:19:51, 10] lib/util.c:dump_data(2053) [000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2006/09/26 16:19:51, 3] smbd/process.c:switch_message(900) switch message SMBecho (pid 23178) conn 0x0 [2006/09/26 16:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/09/26 16:19:51, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/09/26 16:19:51, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/26 16:19:51, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/09/26 16:19:51, 5] lib/util.c:show_msg(454) [2006/09/26 16:19:51, 5] lib/util.c:show_msg(464) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2006/09/26 16:19:51, 10] lib/util.c:dump_data(2053) [000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2006/09/26 16:19:51, 3] smbd/reply.c:reply_echo(3499) echo 1 times [2006/09/26 16:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/09/26 16:19:51, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/09/26 16:19:51, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/26 16:19:51, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/09/26 16:19:51, 6] param/loadparm.c:lp_file_list_changed(2959) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Sep 20 10:13:30 2006 [2006/09/26 16:20:25, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 49 [2006/09/26 16:20:25, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x31 [2006/09/26 16:20:25, 3] smbd/process.c:process_smb(1114) Transaction 1146 of length 53 [2006/09/26 16:20:25, 5] lib/util.c:show_msg(454) [2006/09/26 16:20:25, 5] lib/util.c:show_msg(464) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=49219 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2006/09/26 16:20:25, 10] lib/util.c:dump_data(2053) [000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2006/09/26 16:20:25, 3] smbd/process.c:switch_message(900) switch message SMBecho (pid 23178) conn 0x0 [2006/09/26 16:20:25, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/09/26 16:20:25, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/09/26 16:20:25, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/26 16:20:25, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/09/26 16:20:25, 5] lib/util.c:show_msg(454) [2006/09/26 16:20:25, 5] lib/util.c:show_msg(464) size=49 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=65534 smt_wct=1 smb_vwv[ 0]= 1 (0x1) smb_bcc=12 [2006/09/26 16:20:25, 10] lib/util.c:dump_data(2053) [000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr. [2006/09/26 16:20:25, 3] smbd/reply.c:reply_echo(3499) echo 1 times [2006/09/26 16:20:25, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/09/26 16:20:25, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/09/26 16:20:25, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/26 16:20:25, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/09/26 16:20:44, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 102 [2006/09/26 16:20:44, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x66 [2006/09/26 16:20:44, 3] smbd/process.c:process_smb(1114) Transaction 1147 of length 106 [2006/09/26 16:20:44, 5] lib/util.c:show_msg(454) [2006/09/26 16:20:44, 5] lib/util.c:show_msg(464) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=452 smb_uid=101 smb_mid=48515 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2006/09/26 16:20:44, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [010] 00 00 00 ... [2006/09/26 16:20:44, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 23178) conn 0x803c0bf8 [2006/09/26 16:20:44, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (11999, 10513) - sec_ctx_stack_ndx = 0 [2006/09/26 16:20:44, 5] auth/auth_util.c:debug_nt_user_token(457) NT user token of user S-1-5-21-3400670868-1557003858-4011083039-24998 contains 19 SIDs SID[ 0]: S-1-5-21-3400670868-1557003858-4011083039-24998 SID[ 1]: S-1-5-21-3400670868-1557003858-4011083039-22027 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2065454515-1881373809-78262646-513 SID[ 6]: S-1-5-21-2065454515-1881373809-78262646-2964 SID[ 7]: S-1-5-21-2065454515-1881373809-78262646-2221 SID[ 8]: S-1-5-21-2065454515-1881373809-78262646-3461 SID[ 9]: S-1-5-21-2065454515-1881373809-78262646-5176 SID[ 10]: S-1-5-21-2065454515-1881373809-78262646-5147 SID[ 11]: S-1-5-21-2065454515-1881373809-78262646-5114 SID[ 12]: S-1-5-21-2065454515-1881373809-78262646-5179 SID[ 13]: S-1-5-21-2065454515-1881373809-78262646-2128 SID[ 14]: S-1-5-21-2065454515-1881373809-78262646-3025 SID[ 15]: S-1-5-21-2065454515-1881373809-78262646-2222 SID[ 16]: S-1-5-21-2065454515-1881373809-78262646-3021 SID[ 17]: S-1-5-21-2065454515-1881373809-78262646-2129 SID[ 18]: S-1-5-21-2065454515-1881373809-78262646-1879 SE_PRIV 0x0 0x0 0x0 0x0 [2006/09/26 16:20:44, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 11999 Primary group is 10513 and contains 14 supplementary groups Group[ 0]: 10513 Group[ 1]: 12964 Group[ 2]: 12221 Group[ 3]: 13461 Group[ 4]: 15176 Group[ 5]: 15147 Group[ 6]: 15114 Group[ 7]: 15179 Group[ 8]: 12128 Group[ 9]: 13025 Group[ 10]: 12222 Group[ 11]: 13021 Group[ 12]: 12129 Group[ 13]: 11879 [2006/09/26 16:20:44, 5] smbd/uid.c:change_to_user(304) change_to_user uid=(11999,11999) gid=(0,10513) [2006/09/26 16:20:44, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/09/26 16:20:44, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "spoolss" [2006/09/26 16:20:44, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [SPOOLSS] [2006/09/26 16:20:44, 5] smbd/filename.c:unix_convert(175) unix_convert begin: name = spoolss, dirpath = , start = spoolss [2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled spoolss ? [2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component spoolss (len 7) ? [2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled spoolss ? [2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component spoolss (len 7) ? [2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled spoolss ? [2006/09/26 16:20:44, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component spoolss (len 7) ? [2006/09/26 16:20:44, 5] smbd/filename.c:unix_convert(324) New file spoolss [2006/09/26 16:20:44, 3] smbd/dosmode.c:unix_mode(121) unix_mode(spoolss) returning 0664 [2006/09/26 16:20:44, 10] smbd/open.c:open_file_ntcreate(1236) open_file_ntcreate: fname=spoolss, dos_attrs=0x0 access_mask=0x2019f share_access=0x3 create_disposition = 0x1 create_options=0x400040 unix mode=0664 oplock_request=3 [2006/09/26 16:20:44, 5] smbd/open.c:open_file_ntcreate(1327) open_file_ntcreate: FILE_OPEN requested for file spoolss and file doesn't exist. [2006/09/26 16:20:44, 10] smbd/trans2.c:set_bad_path_error(2583) set_bad_path_error: err = 2 bad_path = 0 [2006/09/26 16:20:44, 3] smbd/error.c:error_packet(147) error packet at smbd/trans2.c(2589) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2006/09/26 16:20:44, 5] lib/util.c:show_msg(454) [2006/09/26 16:20:44, 5] lib/util.c:show_msg(464) size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=452 smb_uid=101 smb_mid=48515 smt_wct=0 smb_bcc=0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
