Re: [Samba] Samba 3.6.10 not reading groups

2013-01-21 Thread Günter Kukkukk 
Am Montag, 21. Januar 2013, 22:27:44 schrieb Benjamin Huntsman:
> The problem seems to be when 'security = SHARE' is set.  It works just fine
> when 'security = USER'. Seeing as 4.0 removed the option to set SHARE, I
> guess it's moot for that release...
> 
> Unfortunate, but what can be done...
> 
> -Ben

the setting "security = share" is deprecated for a long time already - now
in 4.0 it has been removed.
But the same "anonymous guest" access can be achieved with "security = user"
plus some additional lines ... (also in samba-3.6.x).

See https://wiki.samba.org/index.php/Public_Samba_Server

Cheers, Günter

> 
> From: Chris Smith [smb...@chrissmith.org]
> Sent: Monday, January 21, 2013 1:19 PM
> To: Benjamin Huntsman
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Samba 3.6.10 not reading groups
> 
> Might be related to my bug:
> https://bugzilla.samba.org/show_bug.cgi?id=9561
> 
> Unfortunately I'm not getting any traction on it. From my testing
> there still hasn't, after 10 releases, been a fully usable 3.6.x and
> now it's claimed to be in "maintenance mode" due to the release of
> Samba 4.x, which I guess must not have any major issues.
> 
> On Mon, Jan 21, 2013 at 1:06 PM, Benjamin Huntsman
> 
>  wrote:
> > It isn't honoring groups specified in the valid users clause of the share
> > configuration. I'm running in security = SHARE mode, and user
> > authentication is working just fine.  Even if I specify individual users
> > on the valid users = line, it works.  Just not groups.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.6.10 not reading groups

2013-01-21 Thread Benjamin Huntsman 
The problem seems to be when 'security = SHARE' is set.  It works just fine 
when 'security = USER'.
Seeing as 4.0 removed the option to set SHARE, I guess it's moot for that 
release...

Unfortunate, but what can be done...

-Ben

From: Chris Smith [smb...@chrissmith.org]
Sent: Monday, January 21, 2013 1:19 PM
To: Benjamin Huntsman
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba 3.6.10 not reading groups

Might be related to my bug:
https://bugzilla.samba.org/show_bug.cgi?id=9561

Unfortunately I'm not getting any traction on it. From my testing
there still hasn't, after 10 releases, been a fully usable 3.6.x and
now it's claimed to be in "maintenance mode" due to the release of
Samba 4.x, which I guess must not have any major issues.

On Mon, Jan 21, 2013 at 1:06 PM, Benjamin Huntsman
 wrote:
> It isn't honoring groups specified in the valid users clause of the share 
> configuration.
> I'm running in security = SHARE mode, and user authentication is working just 
> fine.  Even if I specify individual users on the valid users = line, it 
> works.  Just not groups.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.6.10 not reading groups

2013-01-21 Thread Chris Smith 
Might be related to my bug:
https://bugzilla.samba.org/show_bug.cgi?id=9561

Unfortunately I'm not getting any traction on it. From my testing
there still hasn't, after 10 releases, been a fully usable 3.6.x and
now it's claimed to be in "maintenance mode" due to the release of
Samba 4.x, which I guess must not have any major issues.

On Mon, Jan 21, 2013 at 1:06 PM, Benjamin Huntsman
 wrote:
> It isn't honoring groups specified in the valid users clause of the share 
> configuration.
> I'm running in security = SHARE mode, and user authentication is working just 
> fine.  Even if I specify individual users on the valid users = line, it 
> works.  Just not groups.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.6.10 not reading groups

2013-01-21 Thread Benjamin Huntsman 
Helpp! :)  We didn't catch this in testing and now it's killing me in 
production!
I'm getting stuck with my fresh build of Samba 3.6.10.  It isn't honoring 
groups specified in the valid users clause of the share configuration.
I'm running in security = SHARE mode, and user authentication is working just 
fine.  Even if I specify individual users on the valid users = line, it works.  
Just not groups.
Here's my configuration:

# Samba config file created using SWAT
# from UNKNOWN (10.33.224.61)
# Date: 2013/01/21 10:00:00

[global]
interfaces = 10.33.72.67/22, 127.0.0.1
bind interfaces only = Yes
security = SHARE
encrypt passwords = No
log level = 3
os level = 8
local master = No
domain master = No
idmap config * : range = 
idmap config * : backend = tdb

[testshare]
path = /testshare
valid users = +titan, benhu
read only = No



I'm in the group 'titan' also.  Here's the log I get at log level = 3:


[2013/01/21 10:03:05.928101,  3] param/loadparm.c:9572(lp_load_ex)
  lp_load_ex: refreshing parameters
[2013/01/21 10:03:05.928257,  3] param/loadparm.c:5192(init_globals)
  Initialising global parameters
[2013/01/21 10:03:05.928594,  3] ../lib/util/params.c:550(pm_process)
  params.c:pm_process() - Processing configuration file 
"/etc/samba-3.6.10/smb.conf"
[2013/01/21 10:03:05.928696,  3] param/loadparm.c:8310(do_section)
  Processing section "[global]"
[2013/01/21 10:03:05.929629,  2] param/loadparm.c:8327(do_section)
  Processing section "[testshare]"
[2013/01/21 10:03:05.929862,  3] param/loadparm.c:6630(lp_add_ipc)
  adding IPC service
[2013/01/21 10:03:05.929926,  1] param/loadparm.c:9670(lp_load_ex)
  WARNING: The security=share option is deprecated
[2013/01/21 10:03:05.930333,  2] lib/interface.c:479(interpret_interface)
  interpret_interface: Adding interface 10.33.72.67/22
[2013/01/21 10:03:05.930401,  2] lib/interface.c:341(add_interface)
  added interface 10.33.72.67/22 ip=10.33.72.67 bcast=10.33.75.255 
netmask=255.255.252.0
[2013/01/21 10:03:05.930493,  2] lib/interface.c:341(add_interface)
  added interface lo0 ip=127.0.0.1 bcast=127.242.234.223 netmask=
[2013/01/21 10:03:05.930626,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.33.75.164 (10.33.75.164)
[2013/01/21 10:03:05.930715,  3] smbd/oplock.c:922(init_oplocks)
  init_oplocks: initializing messages.
[2013/01/21 10:03:05.930887,  3] smbd/process.c:1662(process_smb)
  Transaction 0 of length 159 (0 toread)
[2013/01/21 10:03:05.930970,  3] smbd/process.c:1467(switch_message)
  switch message SMBnegprot (pid 7864494) conn 0x0
[2013/01/21 10:03:05.931110,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2013/01/21 10:03:05.931178,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN1.0]
[2013/01/21 10:03:05.931245,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2013/01/21 10:03:05.931313,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LM1.2X002]
[2013/01/21 10:03:05.931379,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN2.1]
[2013/01/21 10:03:05.931445,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [NT LM 0.12]
[2013/01/21 10:03:05.931511,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [SMB 2.002]
[2013/01/21 10:03:05.931577,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [SMB 2.???]
[2013/01/21 10:03:05.931749,  3] smbd/negprot.c:401(reply_nt1)
  not using SPNEGO
[2013/01/21 10:03:05.931811,  3] smbd/negprot.c:704(reply_negprot)
  Selected protocol NT LM 0.12
[2013/01/21 10:03:05.933695,  3] smbd/process.c:1662(process_smb)
  Transaction 1 of length 176 (0 toread)
[2013/01/21 10:03:05.933776,  3] smbd/process.c:1467(switch_message)
  switch message SMBsesssetupX (pid 7864494) conn 0x0
[2013/01/21 10:03:05.933865,  3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
  wct=13 flg2=0xc807
[2013/01/21 10:03:05.933953,  3] smbd/sesssetup.c:1536(reply_sesssetup_and_X)
  Domain=[10.33.72.67]  NativeOS=[] NativeLanMan=[] PrimaryDomain=[null]
[2013/01/21 10:03:05.934049,  2] smbd/sesssetup.c:1279(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old 
resources.
[2013/01/21 10:03:05.934111,  3] smbd/sesssetup.c:1552(reply_sesssetup_and_X)
  sesssetupX:name=[10.33.72.67]\[benhu]@[10.33.75.164]
[2013/01/21 10:03:05.934785,  3] smbd/sesssetup.c:151(check_guest_password)
  Got anonymous request
[2013/01/21 10:03:05.934884,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[] with the 
new password interface
[2013/01/21 10:03:05.934976,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: []\[]@[]
[2013/01/21 10:03:05.935069,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: guest authentication for user [] succeeded
[2013/01/21 10:03:05