[Samba] smb panic when adding printer with apw
Hi, I'm using samba 3.3.15 as domain member in an w2k8 ad. We're using the w2k3/xp add printer wizard to add a printer to the server. Since the update from 3.2.15 to 3.3.15 the apw fails when clicking on the finish button. At the same time a smb panic occurs and fills the smbd log with the lines below. [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/fault.c:fault_report(40) === [2011/06/24 07:47:56, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 18756 (3.3.15-SerNet-Debian) Please read the Trouble-Shooting section of the Samba3-HOWTO [2011/06/24 07:47:56, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2011/06/24 07:47:56, 0] lib/fault.c:fault_report(44) === [2011/06/24 07:47:56, 0] lib/util.c:smb_panic(1673) PANIC (pid 18756): internal error [2011/06/24 07:47:56, 0] lib/util.c:log_stack_trace(1777) BACKTRACE: 19 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x7fa7a05959dd] #1 /usr/sbin/smbd(smb_panic+0x5b) [0x7fa7a0595aeb] #2 /usr/sbin/smbd [0x7fa7a0582027] #3 /lib/libpthread.so.0 [0x7fa79ea36a80] #4 /usr/sbin/smbd(print_access_check+0x53) [0x7fa7a05b9852] #5 /usr/sbin/smbd [0x7fa7a04e87f1] #6 /usr/sbin/smbd(_spoolss_addprinterex+0x3a) [0x7fa7a04e899e] #7 /usr/sbin/smbd [0x7fa7a04d4685] #8 /usr/sbin/smbd(api_pipe_request+0x3a2) [0x7fa7a050f78d] #9 /usr/sbin/smbd(write_to_internal_pipe+0xe9a) [0x7fa7a05095ec] #10 /usr/sbin/smbd(write_to_pipe+0x115) [0x7fa7a0509db2] #11 /usr/sbin/smbd [0x7fa7a0374267] #12 /usr/sbin/smbd [0x7fa7a037491d] #13 /usr/sbin/smbd(reply_trans+0x73e) [0x7fa7a03755de] #14 /usr/sbin/smbd [0x7fa7a03cc21e] #15 /usr/sbin/smbd(smbd_process+0xdb7) [0x7fa7a03ce615] #16 /usr/sbin/smbd(main+0x2365) [0x7fa7a07ac499] #17 /lib/libc.so.6(__libc_start_main+0xe6) [0x7fa79cdc91a6] #18 /usr/sbin/smbd [0x7fa7a0359ef9] Here is our smb.conf [global] workgroup = SCHARRNET realm = SCHARRNET.DE interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY printcap name = /var/run/cups/printcap addprinter command = /usr/local/bin/smbaddprinter.pl deleteprinter command = /usr/local/bin/smbdelprinter.pl panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = SCHARRNET\Administrator force user = root force group = root guest ok = Yes [printers] comment = All Printers path = /var/tmp valid users = @SCHARRNET\Domänen-Benutzer create mask = 0700 printable = Yes browseable = No Does anybody know what's wrong? Thanks for your assistance. Thorsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb panic when adding printer with apw
Hi Dermot, here are the file permissions on /var/log/samba/log.smbd, -rw-r--r-- 1 root root 434340 24. Jun 10:41 log.smbd (all files in this directory have this permission) the parent directory ( /var/log/samba ) drwxr-x--- 3 rootadm 4096 24. Jun 08:07 samba the smbd is running as root user, but there are also some smbd childs running with user rights. --- snip root 18677 17385 0 07:36 ?00:00:01 /usr/sbin/smbd -D root 18678 17385 0 07:36 ?00:00:00 /usr/sbin/smbd -D m028u032 18683 17385 0 07:39 ?00:00:00 /usr/sbin/smbd -D root 18684 17385 0 07:39 ?00:00:01 /usr/sbin/smbd -D root 18685 17385 0 07:39 ?00:00:02 /usr/sbin/smbd -D --- snap I hope, this will help you. Regards Thorsten Am 24.06.2011 10:08, schrieb Dermot: On 24 June 2011 07:13, Thorsten Leisert.lei...@synchron-is.de wrote: Hi, [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/fault.c:fault_report(40) For completeness, perhaps you chould show the file permissions on these files, their parent directory, and who is running the smbd process. Thanks, Dermot. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb panic when adding printer with apw
Am 24.06.2011 11:05, schrieb Dermot: On 24 June 2011 09:48, Thorsten Leisert.lei...@synchron-is.de wrote: Hi Dermot, here are the file permissions on /var/log/samba/log.smbd, -rw-r--r-- 1 root root 434340 24. Jun 10:41 log.smbd (all files in this directory have this permission) the parent directory ( /var/log/samba ) drwxr-x--- 3 rootadm 4096 24. Jun 08:07 samba the smbd is running as root user, but there are also some smbd childs running with user rights. --- snip root 18677 17385 0 07:36 ?00:00:01 /usr/sbin/smbd -D root 18678 17385 0 07:36 ?00:00:00 /usr/sbin/smbd -D m028u032 18683 17385 0 07:39 ?00:00:00 /usr/sbin/smbd -D root 18684 17385 0 07:39 ?00:00:01 /usr/sbin/smbd -D root 18685 17385 0 07:39 ?00:00:02 /usr/sbin/smbd -D --- snap Am 24.06.2011 10:08, schrieb Dermot: On 24 June 2011 07:13, Thorsten Leisert.lei...@synchron-is.dewrote: Hi, [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2011/06/24 07:47:56, 0] lib/fault.c:fault_report(40) Can you determine what the user process is? smbstatus perhaps? This error says that it wants to create a new log file. What does your smb.conf say about max log size? I am not very savy with smb printing but that message suggests that something wants to have write access either to the /var/log/samab directory or the log.smbd file and doesn't have it. There are a few tests you can do to see where the error lies. I would chmod the log.smbd file and see it that gets you round the error. Dp. Hi Dermot, Can you determine what the user process is? smbstatus perhaps? as long as the apw is opened, smbstatus says user administrator. I controlled the pid with ps -ef and it said uid 1001. Also, smbd seems to run with normal user priviliges. I would chmod the log.smbd file and see it that gets you round the error. I did so, but the smb panic occured again, but the error messages Unable to open new log file /var/log/samba/log.smbd: Permission denied disappeared. For a test i set the permissions for all files and subdirectories in /var/lib/samba to 777, but this didn't solve the error. When the panic occurs, samba was still able to create the queue in cups, but the smbd died before associating the queue with the uploaded printer driver. Regards Thorsten -- Thorsten Leiser IT Systeme, Netze und Dienstleistungen SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstraße 50 70565 Stuttgart Tel.: +49 (0) 711-7868-356 Fax: +49 (0) 711-7868-446 Unable to open new log file /var/log/samba/log.smbd: Permission denied www.synchron-is.de Ein Unternehmen der SCHARR-Gruppe www.scharr.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober Bitte denken Sie an unsere Umwelt, bevor Sie diese E-Mail ausdrucken. - - - - - - - - - Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Daten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged data. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the content in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
Hi Rob, thanks for your tip. I tried it, but it didn't help. The error still persists. Regards Thorsten Am 12.07.2010 17:46, schrieb Rob Moser: Hi Thorsten, I can't be sure that its exactly the same error, but I had a very similar problem that I solved like this: In the policy editor, for the group policy that you're using to control your print servers, explicitly disable the policy: Computer Configuration:Policies:Administrative Templates:Printers:Always render print jobs on the server Windows documentation says this defaults to disabled, but we have found this to be (at least partially) untrue for W2k8 - if you need it disabled then disable it explicitly. Hopefully that works for you... - rob. On 07/12/2010 08:09 AM, Thorsten Leiser wrote: Hello, I'm trying to connect my W2k8 (x64) Server farm to our new installed printserver based on debian lenny with sernet samba 3.5.4 installed. Everytime i try to connect to a printer share via point and print, it fails with error 0x03e6. When i do the same from Windows XP or from our old w2k3 (x64) server farm everything works excellent. Does anybody know a workaround. I installed nearly 80 printers on the samba server and i don't want to do this again. Regards Thorsten -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen Fon: 0711/7868-356 Fax: 0711/7868-446 www.synchron-is.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober - - - - - - - - - Diese E-Mail beinhaltet vertrauliche und/oder rechtlich geschuetzte Daten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged data. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the content in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
Am 13.07.2010 11:15, schrieb Sean Crosby: On 07/12/2010 08:09 AM, Thorsten Leiser wrote: Hello, I'm trying to connect my W2k8 (x64) Server farm to our new installed printserver based on debian lenny with sernet samba 3.5.4 installed. Everytime i try to connect to a printer share via point and print, it fails with error 0x03e6. When i do the same from Windows XP or from our old w2k3 (x64) server farm everything works excellent. Does anybody know a workaround. I installed nearly 80 printers on the samba server and i don't want to do this again. Regards Thorsten -- Hi Thorsten, I had the same problem as you with a 2k8R2 server, and I fixed it by changing the version of pscript5.dll (and the other ps* files) on my samba server (in /usr/share/cups/drivers/x64). I was using the Win7/Vista 64bit pscript5.dll file, but I had to change it to the version shipped with 2k8 64bit. Once I did that, the problems disappeared (and the driver still works win Win7 64bit and Vista 64bit). Sean Hi Sean, I replaced the drivers without success. I don't think it's a drivers problem in my case. The driver works perfect on our old samba 3.2.5 server. Thanks for your effort. Regards Thorsten -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen Fon: 0711/7868-356 Fax: 0711/7868-446 www.synchron-is.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober - - - - - - - - - Diese E-Mail beinhaltet vertrauliche und/oder rechtlich geschuetzte Daten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged data. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the content in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
Hello, I'm trying to connect my W2k8 (x64) Server farm to our new installed printserver based on debian lenny with sernet samba 3.5.4 installed. Everytime i try to connect to a printer share via point and print, it fails with error 0x03e6. When i do the same from Windows XP or from our old w2k3 (x64) server farm everything works excellent. Does anybody know a workaround. I installed nearly 80 printers on the samba server and i don't want to do this again. Regards Thorsten -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen Fon: 0711/7868-356 Fax: 0711/7868-446 www.synchron-is.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober - - - - - - - - - Diese E-Mail beinhaltet vertrauliche und/oder rechtlich geschuetzte Daten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged data. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the content in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 0x000006d1 while connecting with Windows Server 2008 to Samba server
Hi, we had the same problem. The problem occurred after adding the role terminal services to the w2k8 server. We solved the problem by disabling the policy Always render print jobs on the server inside the group policy object editor, Computer Configuration, Administrative Templates, Printers. Regards Thorsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BUILTIN-Groups break winbind_idmap
Hello, i want to migrate from samba 3.2.6-37 (sernet-built on sles9) to 3.3.12-25 (sernet-built on debian lenny). It's a domain member server in an w2k3 ad with all company files on it. I migrated the smb.conf and moved the winbindd_idmap.tdb to the lenny server. The winbind idmap options are still the same with tdb as idmap backend and don't conflict with entries of /etc/group and /etc/passwd. My gid range starts by 1 (1 was originally mapped by winbind to domain-users). Now on lenny it seems that samba overrides the winbindd_idmap of the domain-users to BUILTIN\administrators. A wbinfo -Y S-1-5-32-544 with a result of 1 confirmed my assumptions. I don't know why samba behaves like this. For further analysis i attach the global section of the smb.conf. Anyone an idea? Thanks Thorsten [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = SCHARRNET realm = SCHARRNET.DE server string = interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS password server = OMBRE DC1 log level = 2 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY load printers = No printcap name = cups add share command = /usr/local/bin/modify_samba_config.pl change share command = /usr/local/bin/modify_samba_config.pl delete share command = /usr/local/bin/modify_samba_config.pl panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind cache time = 900 winbind enum users = Yes winbind enum groups = Yes ea support = Yes map acl inherit = Yes hide unreadable = Yes veto oplock files = /*.mdb/*.MDB/ store dos attributes = Yes dos filemode = Yes dos filetime resolution = Yes -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] oplock behavior of samba 3.2.6 causes corruption of netscape mailbox files, mails seem to be received doubly or triply
Hi guys, we're running a samba server on a sles 9 with sp2. The server hosts the netscape mailbox files for our users in our terminal server environment. There were never problems with these files. After upgrading from samba 3.0.21 to 3.2.6 (sernet-built) the mailbox files of nearly all users got corrupt while working with netscape. We got the following symptoms. The users seem to receive their emails doubly or triply. After closing netscape, deleting the mailboxes index files an restarting netscape the mails were shown normally again. Preventing oplocks on the mailboxes index files (*.msf) didn't solve the problem. Because the mailbox files have no file extensions, we had to disable oplocks on the whole share. Now netscape runs stable again. But this seems not to be a normal samba behaviour and i don't think it's a good idea to disable oplocks on a share on which 300 users have access to. Is this a bug or a misconfiguration of our fileserver? I'm sorry, i found no abnormalities in the samba logs. to your support, an extract of our smb.conf: [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = SCHARRNET server string = security = DOMAIN password server = MAIRE socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY load printers = No os level = 2 local master = No domain master = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /data/home/%U winbind separator = + winbind cache time = 900 veto oplock files = /*.mdb/*.MDB/ include = /etc/samba/include/smb-.conf [tshome] comment = Home-Laufwerke auf %L path = /data/home/ valid users = @SCHARRNET+Dom?nen-Benutzer admin users = SCHARRNET+Administrator, SCHARRNET+service read only = No create mask = 0600 directory mask = 0700 map acl inherit = Yes hide unreadable = Yes map archive = No browseable = No oplocks = No volume = DATA dos filemode = Yes dos filetime resolution = Yes Thanks for your support. Regards Thorsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind is loosing domain prefix
Hi, we're using the SerNet-release of samba 3.0.7 running on SLES8. Our samba server is running as domain member server (security=ADS) in our w2k domain. On monday we migrated from 3.0.4 to 3.0.7. Since then winbind is trying to relsolve usernames without the domain-prefex and fails. See below: log.winbindd: ... [2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'm019u026' does not exist [2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'm019u026' does not exist [2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'M019U026' does not exist ... It should be SCHARRNET+m019u026. And in addition i get the following errors in log.winbind. ... [2004/09/22 06:17:12, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain SCHARRNET failed: Invalid credentials ... [2004/09/21 21:56:01, 1] libsmb/clikrb5.c:ads_krb5_mk_req(321) krb5_get_credentials failed for [EMAIL PROTECTED] (Unknown error -1765328347) [2004/09/21 21:56:01, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544) spnego_gen_negTokenTarg failed: Unknown error -1765328347 ... If we restart winbindd, nmbd and smbd samba runs normal again (until next restart). Can anybody give us a hint what the problem is and how we can fix it? Regards Thorsten smb.conf: [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = SCHARRNET realm = SCHARRNET.DE server string = security = ADS password server = maire.scharrnet.de, maitre.scharrnet.de socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY os level = 2 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /data/home/%U winbind separator = + veto oplock files = /*.mdb/*.doc/*.xls/ strict locking = No [data] path = /data valid users = SCHARRNET+Administrator admin users = SCHARRNET+Administrator read only = No create mask = 0660 directory mask = 0770 browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes [tsshare] comment = Share-Laufwerk auf %L path = /data/share valid users = @SCHARRNET+Domänen-Benutzer, SCHARRNET+Administrator read only = No create mask = 0660 directory mask = 0770 hide unreadable = Yes browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes [tssymbole] comment = Iconen-Laufwerk auf %L path = /data/symbole valid users = @SCHARRNET+Domänen-Benutzer, SCHARRNET+Administrator read only = No create mask = 0600 directory mask = 0700 browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes [tsvorlagen] comment = Vorlagen-Laufwerk auf %L path = /data/vorlagen valid users = @SCHARRNET+Domänen-Benutzer, SCHARRNET+Administrator read only = No create mask = 0600 directory mask = 0700 browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes [tshome] comment = Home-Laufwerke auf %L path = /data/home/ valid users = @SCHARRNET+Domänen-Benutzer admin users = SCHARRNET+Administrator read only = No create mask = 0600 directory mask = 0700 browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes [tsprofile] comment = Terminalserver-Profile auf %L path = /data/profile valid users = @SCHARRNET+Domänen-Benutzer admin users = SCHARRNET+Administrator read only = No create mask = 0600 directory mask = 0700 nt acl support = No browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes [magic] comment = Programmdateien V_Olga auf %L path = /data/magic valid users = @SCHARRNET+Domänen-Benutzer write list = @SCHARRNET+Mandant Synchron 006 Users create mask = 0666 directory mask = 0777 browseable = No volume = DATA [klett] comment = Abteilungslaufwerk KLETT auf %L path = /data/abt/Klett valid users = @SCHARRNET+Mandant 010 Klett_Boeblingen_HEEH, SCHARRNET+Administrator read only = No create mask = 0660 directory mask = 0770 browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes ... -- Thorsten Leiser IT-Systembetreuung FRIEDRICH SCHARR KG
[Samba] incorrect behavior: hide unreadable option in conjunction with user ACLs
Hi guys, we are using samba 3.0.4 as domain member server (security=ADS) in our Active Directory Domain. In order not to compromise social peace, we use POSIX ACLs in conjunction with the hide unreadable option to hide folders/files from users. I'll show you an example to explain the problem: I'm the user SCHARRNET+M006U122 (SCHARRNET=domain suffix). I'm connecting to a share (in our example Rechnungswesen) which contains 2 folders: Buchhaltung and Controlling Here are the ACLs of these two folders: # file: Controlling # owner: root # group: SCHARRNET+Domänen-Benutzer user::rwx user:SCHARRNET+Administrator:rwx group::--- group:SCHARRNET+Mandant 001 Scharr_Stuttgart_Controlling:rwx mask::rwx other::--- default:user::rwx default:user:SCHARRNET+Administrator:rwx default:group::--- default:group:SCHARRNET+Mandant 001 Scharr_Stuttgart_Controlling:rwx default:mask::rwx default:other::--- # file: Buchhaltung # owner: root # group: SCHARRNET+Domänen-Benutzer user::rwx user:SCHARRNET+Administrator:rwx user:SCHARRNET+m006u122:rwx group::--- group:SCHARRNET+Mandant 001 Scharr_Stuttgart_Buchhaltung:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:SCHARRNET+Administrator:rwx default:user:SCHARRNET+m006u122:rwx default:group::--- default:group:SCHARRNET+Mandant 001 Scharr_Stuttgart_Buchhaltung:rwx default:mask::rwx default:other::--- Because I'm member of the group SCHARRNET+Mandant 001 Scharr_Stuttgart_Controlling i can see the folder Controlling. But i can't see the folder Buchhaltung although i have an entry in the ACL of this folder. If i disable hide unreadable, i can see and access the folder. Only domain member PCs are affected by this problem. We've designed some workarounds to this problem: 1. Downgrade the domain membership from security=ADS to security=DOMAIN, then the ACLs work perfectly with the hide unreadable option. 2. Use the ip-address of the samba server instead of the hostname to connect from a domain member PC to the share (\\192.168.239.143\Rechnungswesen). Here some information about our samba server: OS: SuSE Linux Standard Server 8 (based on SLES8) / Kernel 2.4.21-138 Version samba: 3.0.4 (3.0.6 is affected too, we tested it) Filesystem for data storage: XFS smb.conf: [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = SCHARRNET realm = SCHARRNET.DE server string = security = ADS password server = maire.scharrnet.de, maitre.scharrnet.de log level = 2 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY os level = 2 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /data/home/%U winbind separator = + [Rechnungswesen] comment = Abteilungslaufwerk Rechnungswesen auf %L path = /data/abt/Rechnungswesen read only = No create mask = 0660 directory mask = 0770 hide unreadable = Yes browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes This seems to be a real bug, isn't it? Regards Thorsten -- Thorsten Leiser IT-Systembetreuung FRIEDRICH SCHARR KG Liebknechtstrasse 50 70565 Stuttgart-Vaihingen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with invisible folders by using posix ACLs the hide unreadable parameter (Samba-3.0.4/Linux)
Hi, today i continued to examine the problem described before. When a user connects a share by using either the NetBIOS- or DNS-Name of the samba server, the posix acls on the directory(ies) aren't interpreted correctly. A user, who normally has necessary rights to access the directories doesn't see them. The directory(ies) keep invisible. This error seems to affect only Win2k/XP-Clients which run as Domain-Member Computers. Here are the logs i took from smbd (loglevel 2), when i connected to the share: [2004/05/26 19:25:43, 2] lib/interface.c:add_interface(79) added interface ip=192.168.239.43 bcast=192.168.239.255 nmask=255.255.255.0 [2004/05/26 19:26:37, 1] smbd/service.c:close_cnum(801) garcon08 (192.168.239.57) closed connection to service Rechnungswesen [2004/05/26 19:27:14, 1] smbd/service.c:make_connection_snum(619) garcon08 (192.168.239.57) connect to service Rechnungswesen initially as user SCHARRNET+m001u083 (uid=10206, gid=1) (pid 19586) [2004/05/26 19:27:15, 1] smbd/service.c:make_connection_snum(619) garcon08 (192.168.239.57) connect to service Rechnungswesen initially as user SCHARRNET+m001u083 (uid=10206, gid=1) (pid 19586) [2004/05/26 19:27:15, 1] smbd/service.c:close_cnum(801) garcon08 (192.168.239.57) closed connection to service Rechnungswesen [2004/05/26 19:27:15, 1] smbd/service.c:make_connection_snum(619) garcon08 (192.168.239.57) connect to service Rechnungswesen initially as user SCHARRNET+m001u083 (uid=10206, gid=1) (pid 19586) [2004/05/26 19:27:26, 1] smbd/service.c:close_cnum(801) garcon08 (192.168.239.57) closed connection to service Rechnungswesen [2004/05/26 19:28:08, 1] smbd/service.c:close_cnum(801) garcon08 (192.168.239.57) closed connection to service Rechnungswesen The only workaround is to connect the share, by using the ip address of the samba server instead of the server name. Then the appearance of the folders match exactly as they did under s.2.2.8a. These are the logs i took from smbd (loglevel 2): [2004/05/26 19:28:49, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [m001u083] - [m001u083] - [SCHARRNET+m001u083] succeeded [2004/05/26 19:28:49, 1] smbd/service.c:make_connection_snum(619) garcon08 (192.168.239.57) connect to service Rechnungswesen initially as user SCHARRNET+m001u083 (uid=10206, gid=1) (pid 26004) [2004/05/26 19:28:49, 1] smbd/service.c:make_connection_snum(619) garcon08 (192.168.239.57) connect to service Rechnungswesen initially as user SCHARRNET+m001u083 (uid=10206, gid=1) (pid 26004) [2004/05/26 19:28:49, 1] smbd/service.c:make_connection_snum(619) garcon08 (192.168.239.57) connect to service Rechnungswesen initially as user SCHARRNET+m001u083 (uid=10206, gid=1) (pid 26004) [2004/05/26 19:28:49, 1] smbd/service.c:close_cnum(801) garcon08 (192.168.239.57) closed connection to service Rechnungswesen [2004/05/26 19:29:00, 1] smbd/service.c:close_cnum(801) garcon08 (192.168.239.57) closed connection to service Rechnungswesen I get the same logs, if a none Domain-Member Computer connects to this share, by using the hostname of the samba server. In both cases everything works fine. If someone has an idea, what the cause of the problem is, i would be overhappy. Regards Thorsten -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with invisible folders by using posix ACLs the hide unreadable parameter (Samba-3.0.4/Linux)
Hi, we've got a worse problem with our s.3.0.4 file server. The server is configured as a domain member server and is running in security=ADS mode. We use the hide unreadable parameter in conjunction with posix ACLs to ensure, that our users only see those folders, on which they have been authorized. With s.2.2.8a everything worked fine. Yesterday we migrated to s.3.0.4 and have now the following problem: When a user connects a share by using either the NetBIOS- or DNS-Name of the samba server, the posix acls on the directory(ies) aren't interpreted correctly. A user, who normally has necessary rights to access the directories doesn't see them. The directory(ies) keep invisible. Enabling or disabling NetBIOS on the Win2k/XP-Clients didn't help. The only workaround is to connect the share, by using the ip address of the samba server instead of the server name. Then the appearance of the folders match exactly as they did under s.2.2.8a. As far as i could examine (i'm not shure) its seems that only user-acls, set on the directories, get badly interpreted. If a user is member of the domain-group, which has positive acls on the directory, he's able to see and access the directory. Sorry, but the logs didn't help to isolate the problem. Our system is a SuSE Linux Standard Server (UnitedLinux 1.0/Kernel 2.4.21-138) running s.3.0.4 built from the s.3.0.4-6 source rpm provided by sernet. The filesystem for the user data is XFS. By now, i attach the global-section and the definition of a affected share. Thank you all for your effort! [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = SCHARRNET realm = SCHARRNET.DE server string = security = ADS password server = maire.scharrnet.de, maitre.scharrnet.de socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY os level = 2 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /data/home/%U winbind separator = + strict locking = No [Rechnungswesen] comment = Abteilungslaufwerk Rechnungswesen auf %L path = /data/abt/Rechnungswesen valid users = 'SCHARRNET+Mandant 001 Scharr_Stuttgart_Buchhaltung', 'SCHARRNET+Mandant 001 Scharr_Stuttgart_Controlling', SCHARRNET+Ad ministrator read only = No create mask = 0660 directory mask = 0770 hide unreadable = Yes browseable = No volume = DATA dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating winbindd_idmap.tdb to ldap idmap backend
We're using s. 2.2.8a in conjunction with a win2k dc. For uid/gid-mapping we use winbindd. Now we plan the migration to samba 3. We have about 100 Users and i don't want to rebuild the idmaps by hand. Is it possible to move the winbindd_idmap.tdb to the ldap idmap backend? -- +++ GMX - die erste Adresse für Mail, Message, More +++ Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 and Windows 2000 (SP4) Terminal Server
Hello, at this time we're using s. 2.2.8a (running on SuSE-Linux StandardServer 8 - Kernel 2.4.21) as fileserver for our terminal server environment. We ran into the 128 connections per client limitation and had to modify the MAX_CONNECTIONS-parameter in smbd/conn.c. Now we're planning the migration from s. 2.2.8a to s. 3.0.1. Is the modification in smbd/conn.c still necessary, when using s. 3.0.1 in a Windows 2000 (SP4) terminal server environment? Thanks Thorsten. -- +++ GMX - die erste Adresse für Mail, Message, More +++ Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba