In a follow-up to a previous post a couple weeks back, we've implemented a
Samba 3.0.20 (Suse packages on 10.0 - recompiled to include idmap_rid)
server to replace the Windows 2000 file server in our Win2003 Active
Directory. For the most part things have been going well, but occassionally
people will get access denied errors to things that they were accessing just
fine minutes before. With file shares, they can access the share via UNC
and, if they unmap and remap the share, it works. The recommendation was to
increase the log level to 10. I was finally able to capture a log while
someone was having a problem. In this instance they were getting access
denied to the printers.
To date, I've only seen these errors on Windows 2000 workstations and not
our XP workstations, but since this is so intermittent and we have only a
few XP boxes, I'm not sure that is signficant, but I figured I'd throw it
out there anyway. Here's my config (with the names changed to protect the
innocent)
[global]
unix charset = LOCALE
workgroup = MYDOMAIN
realm = MYDOMAIN.INT
server string = Production File Server 03
security = ADS
allow trusted domains = No
enable privileges = Yes
username map = /etc/samba/smbusers
log level = 10
log file = /var/log/samba/%m
max log size = 50
deadtime = 15
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap name = cups
wins server = 10.0.0.10
ldap ssl = no
idmap backend = idmap_rid:MYDOMAIN=1-5
idmap uid = 1-5
idmap gid = 1-5
template shell = /bin/bash
winbind separator = +
cups options = raw
[Software]
comment = Adheris Software
path = /srv/public/software
valid users = @MYDOMAIN+grpIT, @MYDOMAIN+grpDevelopers
admin users = @MYDOMAIN+Domain Admins
read only = No
create mask = 0664
directory mask = 0775
dos filemode = Yes
[Home$]
path = /srv/private/home
valid users = @MYDOMAIN+Domain Users
admin users = @MYDOMAIN+Domain Admins
read only = No
create mask = 0660
directory mask = 0770
dos filemode = Yes
[Users]
comment = Adheris User Data
path = /srv/public/users
valid users = @MYDOMAIN+Domain Users
admin users = @MYDOMAIN+Domain Admins
read only = No
create mask = 02664
directory mask = 02775
dos filemode = Yes
[Printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root, @MYDOMAIN+Domain Admins
And here is the debug information. The thing that stands out to me is the
request for spoolss that fails. We do not have the iptables firewall
enabled, but we seem to be getting a pipe issue perhaps? I'm weak on the
programming/debugging side but take directions well if anyone has some
suggestions. Thanks
[2006/09/26 16:19:51, 10]
lib/util_sock.c:read_smb_length_return_keepalive(615)
got smb length of 49
[2006/09/26 16:19:51, 6] smbd/process.c:process_smb(1113)
got message type 0x0 of len 0x31
[2006/09/26 16:19:51, 3] smbd/process.c:process_smb(1114)
Transaction 1145 of length 53
[2006/09/26 16:19:51, 5] lib/util.c:show_msg(454)
[2006/09/26 16:19:51, 5] lib/util.c:show_msg(464)
size=49
smb_com=0x2b
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=49219
smb_tid=65535
smb_pid=65279
smb_uid=0
smb_mid=65534
smt_wct=1
smb_vwv[ 0]=1 (0x1)
smb_bcc=12
[2006/09/26 16:19:51, 10] lib/util.c:dump_data(2053)
[000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr.
[2006/09/26 16:19:51, 3] smbd/process.c:switch_message(900)
switch message SMBecho (pid 23178) conn 0x0
[2006/09/26 16:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/26 16:19:51, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2006/09/26 16:19:51, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/26 16:19:51, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/09/26 16:19:51, 5] lib/util.c:show_msg(454)
[2006/09/26 16:19:51, 5] lib/util.c:show_msg(464)
size=49
smb_com=0x2b
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=65535
smb_pid=65279
smb_uid=0
smb_mid=65534
smt_wct=1
smb_vwv[ 0]=1 (0x1)
smb_bcc=12
[2006/09/26 16:19:51, 10] lib/util.c:dump_data(2053)
[000] 4A 6C 4A 6D 49 68 43 6C 42 73 72 00 JlJmIhCl Bsr.
[2006/09/26 16:19:51, 3] smbd/reply.c:reply_echo(3499)
echo 1 times
[2006/09/26 16:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/26 16:19:51, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2006/09/26 16:19:51, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/26 16:19:51, 5]