Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: > Any headway on incorporating the patches into a 3.0.23c release that > will help all of us that are running stand-along, no-winbind, simple > smbpasswd setups?? I was never able to get the patches to apply properly > and my manual compile messed up my ability to print with cups. (yes I > compiled with --enable-cups) I have dropped back to the 3.0.20-SuSE rpms > and it is working, but I would like to help get 3.0.23b fixed. Any word?? Early next week ? Linuxworld has been going on at San Francisco so that has eaten some time. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFE5UqxIR7qMdg1EfYRAif0AKDvZlujYsARkZTcKES5Aao39V4fJwCfbY9t LN0pvExJi9+c+a0zBMOcQkM= =bTO/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> This is to be expected. All unmapped users will possess a SID in the S-1-22-1 domain and all unmapped groups will be in the S-1-22-2 domain. HOSTNAME\users would work for a mapped group. BUILTIN\users would work if you have local builtin group called users (e.g. "net sam createbuiltin Users") And it's not that I expect all of these to work, it's more that I tried about any combo that I saw in the logs :-). Though I believe that the +"Unix Group\users" is nice to have in case I switch to PDC, cause personally I like to be explicit in configuration files. There problem is that if you create a group map entry for HOSTNAME\users, "unix Group\users" will resolve to a different SID and hence anyone actually in the users group from /etc/group will have the HOSTNAME\users SID in their token. At this time we are *not* recommending that anyone qualify names with HOSTNAME or "Unix XXX". Samba will handle the steps necessary to resolve the name, giving precedence to mapped users and groups over unmapped ones. You only have to qualify domain names and groups in the BUILTIN domain. I've got a long mail that explains we made this change and we had a hard time with 3.0.23. I'll try to send it out next week. Jerry, Any headway on incorporating the patches into a 3.0.23c release that will help all of us that are running stand-along, no-winbind, simple smbpasswd setups?? I was never able to get the patches to apply properly and my manual compile messed up my ability to print with cups. (yes I compiled with --enable-cups) I have dropped back to the 3.0.20-SuSE rpms and it is working, but I would like to help get 3.0.23b fixed. Any word?? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
I've got a long mail that explains we made this change and we had a hard time with 3.0.23. I'll try to send it out next week. that's very good news! i was about to ask the list about these changes because they horribly confused me :) thx! micha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: > v2 of the patch still works fine, but the list > of working syntaxes changed. These work: > > valid users = +users > valid users = +"Unix Group\users" > valid users = S-1-22-2-100 > > These didn't work: > > valid users = +HOSTNAME\users > valid users = +BUILTIN\users > valid users = S-1-5-21-1540046517-542637695-1028676802-1201 This is to be expected. All unmapped users will possess a SID in the S-1-22-1 domain and all unmapped groups will be in the S-1-22-2 domain. HOSTNAME\users would work for a mapped group. BUILTIN\users would work if you have local builtin group called users (e.g. "net sam createbuiltin Users") > And it's not that I expect all of these to work, it's > more that I tried about any combo that I saw in the > logs :-). Though I believe that the +"Unix Group\users" > is nice to have in case I switch to PDC, cause > personally I like to be explicit in configuration files. There problem is that if you create a group map entry for HOSTNAME\users, "unix Group\users" will resolve to a different SID and hence anyone actually in the users group from /etc/group will have the HOSTNAME\users SID in their token. At this time we are *not* recommending that anyone qualify names with HOSTNAME or "Unix XXX". Samba will handle the steps necessary to resolve the name, giving precedence to mapped users and groups over unmapped ones. You only have to qualify domain names and groups in the BUILTIN domain. I've got a long mail that explains we made this change and we had a hard time with 3.0.23. I'll try to send it out next week. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3iKpIR7qMdg1EfYRAtvGAKCCdblzwxS5qv2iL4Dplt9HTEwq6QCgsm6l jVl0lWeAB0JQtsUreRW0xzs= =63O3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +"Unix Group\users" valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Please test the patch. Supersedes the previous one. Also available from http://www.samba.org/~jerry/patches/ It's semi-ok that syntax you list doesn't work. You should really only worry about +users for local group names. Hi Jerry, v2 of the patch still works fine, but the list of working syntaxes changed. These work: valid users = +users valid users = +"Unix Group\users" valid users = S-1-22-2-100 These didn't work: valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 And it's not that I expect all of these to work, it's more that I tried about any combo that I saw in the logs :-). Though I believe that the +"Unix Group\users" is nice to have in case I switch to PDC, cause personally I like to be explicit in configuration files. Thanks, Franz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
On Friday 11 August 2006 18:04, david rankin wrote: > >From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> > > > > david rankin wrote: > >> OK, Help, what am I doing wrong with the patch?? How do is > >> get the patch installed? Here is what I did that didn't work. > > > > run the following commands > > > > $ wget \ > > http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2. > >patch $ tar zxvf samba-3.0.23b.tar.gz > > $ cd samba-3.0.23b > > All done, that's how I compiled it from source the first time. > > > $ patch -p1 < ../samba-3.0.23b-lookup_name_smbconf_v1.patch > > $ cd source > > $ make proto > > $ make > > I must be having a really really bad day > > [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 < > ../samba-3.0.23b-lookup_name_smbconf_v1.patch Notice you are still using v1: the patch ends in v2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: > [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 < > ../samba-3.0.23b-lookup_name_smbconf_v1.patch > patching file source/auth/auth_util.c > Hunk #1 FAILED at 1052. > 1 out of 1 hunk FAILED -- saving rejects to file No idea. I double checked the patch to make sure it applies cleanly. jerry6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3P1SIR7qMdg1EfYRAuSqAKCbPOl9kpvZQp7l9QBHKmRwAk/sTwCgzrHX yaRNb4QimA/JAxbNpI5Ayfc= =vkbr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> david rankin wrote: OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. run the following commands $ wget \ http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.patch $ tar zxvf samba-3.0.23b.tar.gz $ cd samba-3.0.23b All done, that's how I compiled it from source the first time. $ patch -p1 < ../samba-3.0.23b-lookup_name_smbconf_v1.patch $ cd source $ make proto $ make I must be having a really really bad day [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 < ../samba-3.0.23b-lookup_name_smbconf_v1.patch patching file source/auth/auth_util.c Hunk #1 FAILED at 1052. 1 out of 1 hunk FAILED -- saving rejects to file source/auth/auth_util.c.rej patching file source/include/smb.h Hunk #1 FAILED at 272. 1 out of 1 hunk FAILED -- saving rejects to file source/include/smb.h.rej patching file source/passdb/lookup_sid.c Hunk #1 FAILED at 120. Hunk #2 FAILED at 300. 2 out of 2 hunks FAILED -- saving rejects to file source/passdb/lookup_sid.c.rej patching file source/passdb/pdb_interface.c Hunk #1 FAILED at 1532. 1 out of 1 hunk FAILED -- saving rejects to file source/passdb/pdb_interface.c.rej patching file source/smbd/service.c Hunk #1 FAILED at 443. 1 out of 1 hunk FAILED -- saving rejects to file source/smbd/service.c.rej patching file source/smbd/share_access.c Hunk #1 FAILED at 94. Hunk #2 FAILED at 108. 2 out of 2 hunks FAILED -- saving rejects to file source/smbd/share_access.c.rej Go Figure??? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: > OK, Help, what am I doing wrong with the patch?? How do is > get the patch installed? Here is what I did that didn't work. > > [EMAIL PROTECTED] src]# ll > total 36072 > drwxr-xr-x 9 david david 4096 Jul 21 11:26 samba-3.0.23a/ > -rw-rw-r-- 1 david david 17683518 Jul 21 11:30 samba-3.0.23a.tar.gz > drwxr-xr-x 9 david david 4096 Aug 11 15:08 samba-3.0.23b/ > -rwxr--r-- 1 david david11033 Aug 11 12:11 > samba-3.0.23b-lookup_name_smbconf_v1.patch* > -rw-r--r-- 1 root root 17686227 Aug 8 07:50 samba-3.0.23b.tar.gz run the following commands $ wget \ http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.patch $ tar zxvf samba-3.0.23b.tar.gz $ cd samba-3.0.23b $ patch -p1 < ../samba-3.0.23b-lookup_name_smbconf_v1.patch $ cd source $ make proto $ make cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3On1IR7qMdg1EfYRAs4OAKDHBqGBULjGY+FgcumMniQfDQpBRwCfaOKq UHEnR8Nz3CACkxbGsPkotOc= =HJuv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> Please test the patch. Supersedes the previous one. Also available from http://www.samba.org/~jerry/patches/ It's semi-ok that syntax you list doesn't work. You should really only worry about +users for local group names. OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. [EMAIL PROTECTED] src]# ll total 36072 drwxr-xr-x 9 david david 4096 Jul 21 11:26 samba-3.0.23a/ -rw-rw-r-- 1 david david 17683518 Jul 21 11:30 samba-3.0.23a.tar.gz drwxr-xr-x 9 david david 4096 Aug 11 15:08 samba-3.0.23b/ -rwxr--r-- 1 david david11033 Aug 11 12:11 samba-3.0.23b-lookup_name_smbconf_v1.patch* -rw-r--r-- 1 root root 17686227 Aug 8 07:50 samba-3.0.23b.tar.gz [EMAIL PROTECTED] src]# patch -p0 < samba-3.0.23b-lookup_name_smbconf_v1.patch patching file samba-3.0.23b/source/auth/auth_util.c Hunk #1 FAILED at 1052. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/auth/auth_util.c.rej patching file samba-3.0.23b/source/include/smb.h Hunk #1 FAILED at 272. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/include/smb.h.rej patching file samba-3.0.23b/source/passdb/lookup_sid.c Hunk #1 FAILED at 120. Hunk #2 FAILED at 300. 2 out of 2 hunks FAILED -- saving rejects to file samba-3.0.23b/source/passdb/lookup_sid.c.rej patching file samba-3.0.23b/source/passdb/pdb_interface.c Hunk #1 FAILED at 1532. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/passdb/pdb_interface.c.rej patching file samba-3.0.23b/source/smbd/service.c Hunk #1 FAILED at 443. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/smbd/service.c.rej patching file samba-3.0.23b/source/smbd/share_access.c Hunk #1 FAILED at 94. Hunk #2 FAILED at 108. 2 out of 2 hunks FAILED -- saving rejects to file samba-3.0.23b/source/smbd/share_access.c.rej I know this is basic, but I haven't done it before and 'man patch' is not that helpful. -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: > the patch fixes the valid users problem for me. Or, > to come back to the list of different syntaxes, > these work: > >valid users = +users >valid users = S-1-5-21-1540046517-542637695-1028676802-1201 > > These didn't work: > >valid users = +"Unix Group\users" >valid users = +HOSTNAME\users >valid users = +BUILTIN\users >valid users = S-1-22-2-100 Please test the patch. Supersedes the previous one. Also available from http://www.samba.org/~jerry/patches/ It's semi-ok that syntax you list doesn't work. You should really only worry about +users for local group names. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3NHbIR7qMdg1EfYRAj3nAJ4wtGGV5gZdfPex6VoqV0oR56U5jQCfenpt nngKKBmiJcVOXVi60MoQk4w= =e+/6 -END PGP SIGNATURE- Index: groupdb/mapping.c === --- groupdb/mapping.c (revision 17493) +++ groupdb/mapping.c (working copy) @@ -195,7 +195,7 @@ fstrcpy(map.nt_name, grpname); if (pdb_rid_algorithm()) { - rid = pdb_gid_to_group_rid( grp->gr_gid ); + rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); } else { if (!pdb_new_rid(&rid)) { DEBUG(3, ("Could not get a new RID for %s\n", Index: passdb/util_unixsids.c === --- passdb/util_unixsids.c (revision 17493) +++ passdb/util_unixsids.c (working copy) @@ -42,6 +42,12 @@ return sid_append_rid(sid, uid); } +BOOL uid_to_unix_groups_sid(gid_t gid, DOM_SID *sid) +{ + sid_copy(sid, &global_sid_Unix_Groups); + return sid_append_rid(sid, gid); +} + const char *unix_users_domain_name(void) { return "Unix User"; Index: passdb/lookup_sid.c === --- passdb/lookup_sid.c (revision 17493) +++ passdb/lookup_sid.c (working copy) @@ -43,7 +43,6 @@ DOM_SID sid; enum SID_NAME_USE type; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - struct group *grp; if (tmp_ctx == NULL) { DEBUG(0, ("talloc_new failed\n")); @@ -120,63 +119,6 @@ goto failed; } - /* -* Nasty hack necessary for too common scenarios: -* -* For 'valid users = +users' we know "users" is most probably not -* BUILTIN\users but the unix group users. This hack requires the -* admin to explicitly qualify BUILTIN if BUILTIN\users is meant. -* -* Please note that LOOKUP_NAME_GROUP can not be requested via for -* example lsa_lookupnames, it only comes into this routine via -* the expansion of group names coming in from smb.conf -*/ - - if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) { - - GROUP_MAP map; - - if (pdb_getgrgid(&map, grp->gr_gid)) { - /* The hack gets worse. Handle the case where we have -* 'force group = +unixgroup' but "unixgroup" has a -* group mapping */ - - if (sid_check_is_in_builtin(&map.sid)) { - domain = talloc_strdup( - tmp_ctx, builtin_domain_name()); - } else { - domain = talloc_strdup( - tmp_ctx, get_global_sam_name()); - } - - sid_copy(&sid, &map.sid); - type = map.sid_name_use; - goto ok; - } - - /* If we are using the smbpasswd backend, we need to use the -* algorithmic mapping for the unix group we find. This is -* necessary because when creating the NT token from the unix -* gid list we got from initgroups() we use gid_to_sid() that -* uses algorithmic mapping if pdb_rid_algorithm() is true. */ - - if (pdb_rid_algorithm() && - (grp->gr_gid < max_algorithmic_gid())) { - domain = talloc_strdup(tmp_ctx, get_global_sam_name()); - sid_compose(&sid, get_global_sam_sid(), - pdb_gid_to_group_rid(grp->gr_gid)); - type = SID_NAME_DOM_GRP; - goto ok; - } - -
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: > the patch fixes the valid users problem for me. Or, to > come back to the list of different syntaxes, these work: > >valid users = +users >valid users = S-1-5-21-1540046517-542637695-1028676802-1201 > > These didn't work: > >valid users = +"Unix Group\users" >valid users = +HOSTNAME\users >valid users = +BUILTIN\users >valid users = S-1-22-2-100 > > Thanks for the patch! I understand why now these don't work now. Second round of patches on the way. > On a side note, 3.0.23 series fixed the "long delay/hang > when accessing a samba share in explorer after a long > pause" nuisance for me, thanks for this as well! Good news :-) Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3M4BIR7qMdg1EfYRAks4AJ9V0AWVUzuGwmGaPsWVo8QjIGTXJQCeLu+D 51IPyqOeK1dQIkUJqTVIf4k= =IhPQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
At 17:08 11.08.2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Rankin wrote: >> From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> >> >> ok. Found the problem. It's smbpasswd. If you use tdbsam >> everything is fine. Patch forthcoming shortly. Sorry. >> > > Aahah! > > I knew the coffee would help ; - ) Hey folks, Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). It passes very basic testing for standalone servers using smbpasswd. And still has some discussion to go through before it will go into the tree for 3.0.23c. Also available at http://www.samba.org/~jerry/patches/ if the attachment gets messed up. Hi Jerry, the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +"Unix Group\users" valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Thanks for the patch! On a side note, 3.0.23 series fixed the "long delay/hang when accessing a samba share in explorer after a long pause" nuisance for me, thanks for this as well! bye, Franz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: > Hey folks, > > Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). Once more with feeling (and the attachment) jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3J3XIR7qMdg1EfYRAr/7AKDdjS+QHraNnUoT5pG/viQsFwcRbgCeNuBy H0ug4P2fgBPHZYDG3dgh9WI= =XCBZ -END PGP SIGNATURE- diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/auth/auth_util.c samba-3.0.23b-patched/source/auth/auth_util.c --- samba-3.0.23b/source/auth/auth_util.c 2006-08-07 11:46:33.0 -0500 +++ samba-3.0.23b-patched/source/auth/auth_util.c 2006-08-11 10:03:44.0 -0500 @@ -1052,9 +1052,8 @@ return NT_STATUS_NO_MEMORY; } - if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL, -NULL, NULL, &user_sid, &type)) { - DEBUG(1, ("lookup_name_smbconf for %s failed\n", username)); + if (!lookup_user_smbconf(tmp_ctx, username, &user_sid, &type)) { + DEBUG(1, ("lookup_user_smbconf(%s) failed\n", username)); goto done; } diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/include/smb.h samba-3.0.23b-patched/source/include/smb.h --- samba-3.0.23b/source/include/smb.h 2006-07-10 11:27:52.0 -0500 +++ samba-3.0.23b-patched/source/include/smb.h 2006-08-11 10:03:44.0 -0500 @@ -272,7 +272,7 @@ #define LOOKUP_NAME_REMOTE 2 /* Ask others */ #define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED|LOOKUP_NAME_REMOTE) -#define LOOKUP_NAME_GROUP4 /* This is a NASTY hack for valid users = @foo +#define LOOKUP_NAME_GROUP4 /* (unused) This is a NASTY hack for valid users = @foo * where foo also exists in as user. */ /** diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/passdb/lookup_sid.c samba-3.0.23b-patched/source/passdb/lookup_sid.c --- samba-3.0.23b/source/passdb/lookup_sid.c2006-08-07 11:46:33.0 -0500 +++ samba-3.0.23b-patched/source/passdb/lookup_sid.c2006-08-11 10:03:44.0 -0500 @@ -120,63 +120,6 @@ goto failed; } - /* -* Nasty hack necessary for too common scenarios: -* -* For 'valid users = +users' we know "users" is most probably not -* BUILTIN\users but the unix group users. This hack requires the -* admin to explicitly qualify BUILTIN if BUILTIN\users is meant. -* -* Please note that LOOKUP_NAME_GROUP can not be requested via for -* example lsa_lookupnames, it only comes into this routine via -* the expansion of group names coming in from smb.conf -*/ - - if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) { - - GROUP_MAP map; - - if (pdb_getgrgid(&map, grp->gr_gid)) { - /* The hack gets worse. Handle the case where we have -* 'force group = +unixgroup' but "unixgroup" has a -* group mapping */ - - if (sid_check_is_in_builtin(&map.sid)) { - domain = talloc_strdup( - tmp_ctx, builtin_domain_name()); - } else { - domain = talloc_strdup( - tmp_ctx, get_global_sam_name()); - } - - sid_copy(&sid, &map.sid); - type = map.sid_name_use; - goto ok; - } - - /* If we are using the smbpasswd backend, we need to use the -* algorithmic mapping for the unix group we find. This is -* necessary because when creating the NT token from the unix -* gid list we got from initgroups() we use gid_to_sid() that -* uses algorithmic mapping if pdb_rid_algorithm() is true. */ - - if (pdb_rid_algorithm() && - (grp->gr_gid < max_algorithmic_gid())) { - domain = talloc_strdup(tmp_ctx, get_global_sam_name()); - sid_compose(&sid, get_global_sam_sid(), - pdb_gid_to_group_rid(grp->gr_gid)); - type = SID_NAME_DOM_GRP; - goto ok; - } - - if (lookup_unix_group_name(name, &sid)) { - domain =
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Rankin wrote: >> From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> >> >> ok. Found the problem. It's smbpasswd. If you use tdbsam >> everything is fine. Patch forthcoming shortly. Sorry. >> > > Aahah! > > I knew the coffee would help ; - ) Hey folks, Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). It passes very basic testing for standalone servers using smbpasswd. And still has some discussion to go through before it will go into the tree for 3.0.23c. Also available at http://www.samba.org/~jerry/patches/ if the attachment gets messed up. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3J18IR7qMdg1EfYRAjK4AJ9bRS+cXFU0L3nMm9g+Hi+ExeXNxgCfb2/x Omcesq0DAeSWNOv0SGj5q6I= =LfCs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
I had the same problem on AIX with Samba 3.0.23b upgrading Samba 3.0.23a. The solution I found was to change all "valid users" to "users". The documents still say "valid users" is acceptable; but it would not work once I went to 3.0.23b. Lamar -Original Message- From: Franz Sirl [mailto:[EMAIL PROTECTED] Sent: Friday, August 11, 2006 4:20 AM To: Gerald (Jerry) Carter Cc: samba Subject: Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect. At 00:44 11.08.2006, Gerald (Jerry) Carter wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >david, > > >HELP! On mandriva, I compiled samba from source > > and got it running, but I cannot connect from windows. > > (see my post from earlier "[Samba] Compiling and > > Configuring Samba for Mandrival") > > > [EMAIL PROTECTED]:~> smbclient //bonza/office > > Password: > > Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] > > tree connect failed: NT_STATUS_ACCESS_DENIED >... > >I have attached a level 10 debug if that will help. > > This is a standalone server. > >Attachments get stripped from the list. I need >your smb.conf, a level 10 debug log from smbd, >and output from the following tow commands > >* pdbedit -L -w | cut -d: -f1 >* net groupmap list | cut -d\( -f1 Hi, I have the same problem with a simple security = user, non-LDAP, non-windbindd etc. setup. I can workaround this for gid=100/groupname=users with: valid users = S-1-5-21-1540046517-542637695-1028676802-1201 My net getlocalsid: SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 These didn't work: valid users = +users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = +"Unix Group\users" valid users = S-1-22-2-100 This seems also to be related on which versions of samba were working before on a machine (seems to depend on the contents of the .tdb), but so far I could always reproduce it when I delete most of the .tdb's except printer related and secrets.tdb. Maybe some "net groupmap" statements are now necessary for simple setups as well? bye, Franz. Privileged and Confidential. This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: > I have the same problem with a simple security = user, > non-LDAP, non-windbindd etc. setup. I can workaround > this for gid=100/groupname=users with: > >valid users = S-1-5-21-1540046517-542637695-1028676802-1201 > > My net getlocalsid: > SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 > > These didn't work: > >valid users = +users >valid users = +HOSTNAME\users >valid users = +BUILTIN\users >valid users = +"Unix Group\users" >valid users = S-1-22-2-100 ok. Found the problem. It's smbpasswd. If you use tdbsam everything is fine. Patch forthcoming shortly. Sorry. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3H5VIR7qMdg1EfYRAlqTAJ0ZcnKBwL4cTSqjcjq5rHpITHoG7ACg633E fiP3Ihqaeu+zHUfltU8CbJE= =YTCJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
At 00:44 11.08.2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, >HELP! On mandriva, I compiled samba from source > and got it running, but I cannot connect from windows. > (see my post from earlier "[Samba] Compiling and > Configuring Samba for Mandrival") > [EMAIL PROTECTED]:~> smbclient //bonza/office > Password: > Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] > tree connect failed: NT_STATUS_ACCESS_DENIED ... >I have attached a level 10 debug if that will help. > This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 Hi, I have the same problem with a simple security = user, non-LDAP, non-windbindd etc. setup. I can workaround this for gid=100/groupname=users with: valid users = S-1-5-21-1540046517-542637695-1028676802-1201 My net getlocalsid: SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 These didn't work: valid users = +users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = +"Unix Group\users" valid users = S-1-22-2-100 This seems also to be related on which versions of samba were working before on a machine (seems to depend on the contents of the .tdb), but so far I could always reproduce it when I delete most of the .tdb's except printer related and secrets.tdb. Maybe some "net groupmap" statements are now necessary for simple setups as well? bye, Franz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
>From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> > > david, > > >HELP! On mandriva, I compiled samba from source > > and got it running, but I cannot connect from windows. > > (see my post from earlier "[Samba] Compiling and > > Configuring Samba for Mandrival") > > > [EMAIL PROTECTED]:~> smbclient //bonza/office > > Password: > > Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] > > tree connect failed: NT_STATUS_ACCESS_DENIED > ... > >I have attached a level 10 debug if that will help. > > This is a standalone server. > > Attachments get stripped from the list. I need > your smb.conf, a level 10 debug log from smbd, > and output from the following tow commands > > * pdbedit -L -w | cut -d: -f1 > * net groupmap list | cut -d\( -f1 > Jerry, I went back and compiled 23a from source on my Mandriva 2005le box at work. I have now confirmed on the Mandriva box that 23a works great!, 23b give me the problems described above. [EMAIL PROTECTED] source]$ smbclient -U% -L localhost Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23a] Sharename Type Comment - --- office Disk Shared Office Files rankin Disk Rankin Law Firm PLLC allen Disk T Stefan Allen bertin Disk Darren Bertin guilloryDisk David Guillory jointcases Disk Joint Client Files lawtoolsDisk Case Development - Summation forms Disk Shared Forms and Briefs computerDisk Computer Drivers and Software closed Disk Closed Case Files print$ Disk pdf-gen Printer PDF Generator (only valid users) IPC$IPC IPC Service (Samba Server 3.0.23a) Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23a] Server Comment ---- BONZASamba Server 3.0.23a CW-DESK cynthia desktop DARREN-XPDarren-XP LISHALisha RANKIN-P35 P35-S629 Laptop RECEPTIONDell 2400 2.6 GHz SECRETARYFront Office TSA-LAPTOP stefan laptop WorkgroupMaster ---- RB_LAW BONZA [EMAIL PROTECTED] source]$ smbclient //bonza/rankin Password: Domain=[BONZA] OS=[Unix] Server=[Samba 3.0.23a] smb: \> dir . D0 Thu Aug 10 12:28:31 2006 .. D0 Mon Jul 17 16:49:17 2006 accounting D0 Thu Aug 10 16:46:30 2006 clients D0 Tue Aug 8 15:23:00 2006 investigation D0 Thu Mar 9 14:53:13 2006 LLC D0 Thu Feb 16 12:03:40 2006 office D0 Tue Jun 6 15:07:08 2006 pllc.docA 6364 Thu Feb 5 12:02:48 2004 tbpeD0 Wed Oct 12 12:28:08 2005 FAA Letter.doc A38912 Tue Nov 1 19:34:47 2005 clients_rejectedD0 Fri Mar 3 09:17:06 2006 clients_potential D0 Mon Jun 12 10:05:32 2006 54209 blocks of size 2097152. 41776 blocks available 3.0.23b won't let me do this Back for another cup of coffee. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
>From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > david, > > >HELP! On mandriva, I compiled samba from source > > and got it running, but I cannot connect from windows. > > (see my post from earlier "[Samba] Compiling and > > Configuring Samba for Mandrival") > > > [EMAIL PROTECTED]:~> smbclient //bonza/office > > Password: > > Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] > > tree connect failed: NT_STATUS_ACCESS_DENIED > ... > >I have attached a level 10 debug if that will help. > > This is a standalone server. > > Attachments get stripped from the list. I need > your smb.conf, a level 10 debug log from smbd, > and output from the following tow commands > > * pdbedit -L -w | cut -d: -f1 > * net groupmap list | cut -d\( -f1 > Jerry, There is definately something amiss with 3.0.23b. After I installed the 3.0.23b binaries on SuSE 10 at home, and I could not connect to any share except my home share. (I had deleted the 3.0.23a binaries before the 3.0.23b install -- never again...) This was the same problem I saw with 3.0.23b on mandriva 2005le at work -- that initially started this thread. Anyway, in a panic, I simple got the 3.0.23a tarball and compiled it as a test on the SuSE 10 box to see if the problem was really the 3.0.23b release. It was! This is a problem unique to 3.0.23b. 3.0.23a compiled and installed without a hitch. Now all my shares are accessable again! I didn't even have to reboot the windows clients, they just started connecting and playing nicely with samba again. I've already sent you my level 10 debug, smb.conf and the output you requested above from my SuSE 10 box. Let me know if I can send you anything else to help with this problem. If you need the mandriva info, just let me know. I can just hear the screams going out across the corporate world as 23b gets installed -- at least on standalone servers. Both my mandriva and suse systems are presently such that I can install 23b with a simple 'make install' and get back to a working config with 'make revert' so let me know if you want me to send anything else. I'm not smart enough to know what the difference between 23a and 23b is or why it is causing a problem, but I can confirm the problem. I have installed 23a from rpm and compiled it by hand and it works great. I have installed 23b from rpm and compiled it by hand and I can only connect to my home share -- all other shares fail miserably. Good luck, just put another pot of coffee on. Don't worry, I'm sure it's just a stray comma, semicolon, typo or typecast somewhere in the middle of 764,532 lines of source.. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
Oops, I sent log.dcrlaptop, here is the log.smbd: 0064 mask: 000f01ff [2006/08/10 18:51:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 68 smb_io_dom_sid trustee [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0068 sid_rev_num: 01 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0069 num_auths : 02 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006a id_auth[0] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006b id_auth[1] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006c id_auth[2] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006d id_auth[3] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006e id_auth[4] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006f id_auth[5] : 05 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0070 sub_auths : 0020 0220 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 size : 0018 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size : 0064 [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_store_values(593) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2006/08/10 18:51:21, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2006/08/10 18:51:21, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/08/10 18:51:21, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/08/10 18:51:21, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-3437134916-4280677633-2819608606-1000. [2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(250) [2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3437134916-4280677633-2819608606-1000 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/08/10 18:51:21, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_store_values(593) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2006/08/10 18:51:21, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2006/08/10 18:51:21, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/08/10 18:51:21, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/08/10 18:51:21, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-3437134916-4280677633-2819608606-1000. [2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(250) [2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3437134916-4280677633-2819608606-1000 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/0
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
916-4280677633-2819608606-3000 from rid 3000 getsampwent (smbpasswd) Got david from pwnam_cache pdb_getsampwent getsmbfilepwent pdb_set_username pdb_set_full_name pdb_set_domain fetch sid from gid cache 100 -> S-1-5-21-3437134916-4280677633-2819608606-1201 fetch gid from cache 100 -> S-1-5-21-3437134916-4280677633-2819608606-1201 pdb_set_group_sid Home server pdb_set_profile_path Home server pdb_set_homedir pdb_set_dir_drive pdb_set_logon_script pdb_set_user_sid pdb_set_user_sid_from_rid setting user sid S-1-5-21-3437134916-4280677633-2819608606-3002 from rid 3002 getsampwent (smbpasswd) Got deborah from pwnam_cache pdb_getsampwent getsmbfilepwent endsmbfilepwent_internal david deborah nemesis:/home/david/Documents # net groupmap list | cut -d\( -f1 nemesis:/home/david/Documents # -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "david rankin" <[EMAIL PROTECTED]> Cc: "samba" Sent: Thursday, August 10, 2006 5:44 PM Subject: Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect. > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > david, > > >HELP! On mandriva, I compiled samba from source > > and got it running, but I cannot connect from windows. > > (see my post from earlier "[Samba] Compiling and > > Configuring Samba for Mandrival") > > > [EMAIL PROTECTED]:~> smbclient //bonza/office > > Password: > > Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] > > tree connect failed: NT_STATUS_ACCESS_DENIED > ... > >I have attached a level 10 debug if that will help. > > This is a standalone server. > > Attachments get stripped from the list. I need > your smb.conf, a level 10 debug log from smbd, > and output from the following tow commands > > * pdbedit -L -w | cut -d: -f1 > * net groupmap list | cut -d\( -f1 > > > > > > > cheers, jerry > = > Samba--- http://www.samba.org > Centeris --- http://www.centeris.com > "What man is a man who does not make the world better?" --Balian > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.4 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFE27a4IR7qMdg1EfYRAu97AKDeKIT8n0t/7Z9gRxzIXMfjjVnz6QCglGzx > G/dFUy92rL2FdHw3eJ0z104= > =wDgQ > -END PGP SIGNATURE- > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06 > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, >HELP! On mandriva, I compiled samba from source > and got it running, but I cannot connect from windows. > (see my post from earlier "[Samba] Compiling and > Configuring Samba for Mandrival") > [EMAIL PROTECTED]:~> smbclient //bonza/office > Password: > Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] > tree connect failed: NT_STATUS_ACCESS_DENIED ... >I have attached a level 10 debug if that will help. > This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE27a4IR7qMdg1EfYRAu97AKDeKIT8n0t/7Z9gRxzIXMfjjVnz6QCglGzx G/dFUy92rL2FdHw3eJ0z104= =wDgQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.
Gerry, all: HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier "[Samba] Compiling and Configuring Samba for Mandrival") I think this relates to the group/SID changes discussed in the release notes. However, I'm not smart enough to figure it out. The tarball compiled and installed fine. It appears to run fine, it just wont take the lookup_name: Unix Group\ochiltree => Unix Group (domain), ochiltree (name) handshake for some reason. The samba tests work fine until: querying __SAMBA__ on 192.168.7.15 192.168.7.15 __SAMBA__<00> [EMAIL PROTECTED]:~> nmblookup -B rankin-p35 '*' querying * on 192.168.7.98 name_query failed to find name * [EMAIL PROTECTED]:~> nmblookup -d 2 '*' added interface ip=192.168.7.90 bcast=192.168.7.255 nmask=255.255.255.0 querying * on 192.168.7.255 Got a positive name query response from 192.168.7.15 ( 192.168.7.15 ) 192.168.7.15 *<00> [EMAIL PROTECTED]:~> smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED I have attached a level 10 debug if that will help. This is a standalone server. Right now I am running on 3.0.20 after saving myself with a "make revert" Gotta love it... What should I do/check/read to find out how to get 3.0.23 to allow my clients to connect??? Any help is appreciated.. I think the problems come in at this point: [2006/08/10 10:11:26, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [david] succeeded [2006/08/10 10:11:26, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [david] -> [david] -> [david] succeeded [2006/08/10 10:11:26, 5] auth/auth_util.c:free_user_info(1816) attempting to free (and zero) a user_info structure [2006/08/10 10:11:26, 10] auth/auth_util.c:free_user_info(1820) structure was created for david [2006/08/10 10:11:26, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-3406342033-1696486390-100470924-2002] [2006/08/10 10:11:26, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-3406342033-1696486390-100470924-2003] [2006/08/10 10:11:26, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 (snip) [2006/08/10 10:11:26, 10] passdb/lookup_sid.c:lookup_name(65) lookup_name: Unix Group\ochiltree => Unix Group (domain), ochiltree (name) [2006/08/10 10:11:26, 10] smbd/share_access.c:user_ok_token(208) User david not in 'valid users' [2006/08/10 10:11:26, 2] smbd/service.c:make_connection_snum(571) user 'david' (from session setup) not permitted to access this share (office) [2006/08/10 10:11:26, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED I am certainly a member of group 'ochiltree', so I'm not sure where to go from here. Help? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba