subject:"\[Samba\] winbindd instability, inconsistent handling of Domain name"

Re: [Samba] winbindd instability, inconsistent handling of Domain name

2003-09-22 Thread Alexander List

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, 20 Sep 2003, Gerald (Jerry) Carter wrote:

 | After restarting winbindd, it works again for a while. What's the proper
 | way to produce useful debugging information for the developers?

 I think this has already been fixed in our CVS tree.  The bedian
 packaging script should be fine for RC4 so you might just want to build
 your own package from that tree and see if things work better for you.

That's fixed, thanks, and AFAIR I posted that fact to the list on
Wed, 10 Sep 2003 21:11:11 +0200 (CEST).

 | user::rwx
 | user:DOMAIN+username:rwx
 |
 | When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
 | only DOMAIN+username (the short NETBIOS name of the domain) is listed in
 | the ACL.

 Haven't we already talked about this one?  I'm having serious
 deja vu here.  winbindd mostly operates on the short name of the do9main.

Yep, this is also a non-issue because INTERNAL.DOMAIN.COM is correctly
mapped to DOMAIN by winbindd.

 | [admin]
 | browsable = no
 | path = /mnt/admin
 | public = no
 | write list = DOMAIN+username
 |
 | This won't work. Windows domain user username gets Access denied when
 | trying to create a file on the share.
 |
 | However, this works:
 |
 | write list = INTERNAL.DOMAIN.COM+username
 |
 | Is this a bug or a configuration problem on my side?

 did you define the workgroup and realm in smb.conf?

Yes, I did. Just compiled the latest CVS HEAD branch stuff and tested it
again. The problem won't occur if I set writable to yes, it will only
occur if writable is set to no and there's a write list statement.

Here's what I get from the logs when I try to create a directory on a
share configured as explained above:

/* First, username.c returns  [EMAIL PROTECTED] instead of [EMAIL PROTECTED]:
*/

[2003/09/22 14:32:04, 3] smbd/sesssetup.c:reply_spnego_kerberos(178)
  Ticket name is [EMAIL PROTECTED]
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam(288)
  Finding user INTERNAL.DOMAIN.COM+user
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam_internals(223)
  Trying _Get_Pwnam(), username as lowercase is internal.domain.com+user
[2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam_internals(251)
  Get_Pwnam_internals did find user [INTERNAL.DOMAIN.COM+user]!

[...]

/* here, the realm+username is used again */

[2003/09/22 14:32:04, 10] passdb/pdb_get_set.c:pdb_set_username(593)
  pdb_set_username: setting username INTERNAL.DOMAIN.COM+username, was
[2003/09/22 14:32:04, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 11 - now SET

[...]

/* finally, the create directory call fails */

[2003/09/22 14:32:04, 5] smbd/filename.c:unix_convert(323)
  New file test1
[2003/09/22 14:32:04, 3] smbd/dosmode.c:unix_mode(110)
  unix_mode(test1) returning 0744
[2003/09/22 14:32:04, 5] smbd/files.c:file_new(122)
  allocated file structure 9230, fnum = 13326 (1 used)
[2003/09/22 14:32:04, 2] smbd/open.c:open_directory(1303)
  open_directory: failing create on read-only share
[2003/09/22 14:32:04, 5] smbd/files.c:file_free(385)
  freed files structure 13326 (0 used)
[2003/09/22 14:32:04, 10] smbd/trans2.c:set_bad_path_error(1785)
  set_bad_path_error: err = 13 bad_path = 0
[2003/09/22 14:32:04, 3] smbd/error.c:error_packet(94)
  error string = Permission denied
[2003/09/22 14:32:04, 3] smbd/error.c:error_packet(113)
  error packet at smbd/trans2.c(1797) cmd=162 (SMBntcreateX)
NT_STATUS_ACCESS_DENIED

Hope this helps to find the problem... if not, I'll send you the whole log
directly.

Thanks again for your help hunting down this problem...

Alex

- -- 
They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty not safety.
--Benjamin Franklin, 1759

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/bvhfNf7NP+s4C+YRAopGAKCJXKHsWtcakml+RuCavTI7jb0oOACdFFv6
hn//IBiqSeNFEaTyjDao7do=
=ByDR
-END PGP SIGNATURE-


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbindd instability, inconsistent handling of Domain name

2003-09-20 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexander List wrote:
| Hello world,
|
| I'm currently experimenting with a new Samba server that is to be
| integrated in an existing ADS domain.
|
| System is Debian Woody, plus samba 3.0.0beta2+3.0.0rc2-1 and necessary
| dependencies. Kernel is 2.4.21 + Debian patches + XFS
|
| ii  libc6  2.3.2-5GNU C Library: Shared libraries and
| Linux bigberta 2.4.21-4-686-xfs #1 Mon Aug 25 15:44:37 CEST 2003 i686
|
| smbd, nmbd and winbindd are working fine, I could joint the AD Domain in
| native mode, created partitions using XFS (with ACL support), and
| wbinfo -u bzw. wbinfo -g list the domain users and groups correctly.
|
| My first problem:
|
| After a while, wbinfo [-u|-g] returns
|
| server:/var/log/samba# wbinfo -g
| Error looking up domain groups
|
| After restarting winbindd, it works again for a while. What's the proper
| way to produce useful debugging information for the developers?
I think this has already been fixed in our CVS tree.  The bedian
packaging script should be fine for RC4 so you might just want to build
your own package from that tree and see if things work better for you.
| I created a directory /mnt/admin with this ACL:
|
| # file: .
| # owner: root
| # group: root
| user::rwx
| user:DOMAIN+username:rwx
| group::r-x
| mask::rwx
| other::r-x
|
| When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
| only DOMAIN+username (the short NETBIOS name of the domain) is listed in
| the ACL.
Haven't we already talked about this one?  I'm having serious
deja vu here.  winbindd mostly operates on the short name of the do9main.
| [admin]
| browsable = no
| path = /mnt/admin
| public = no
| write list = DOMAIN+username
|
| This won't work. Windows domain user username gets Access denied when
| trying to create a file on the share.
|
| However, this works:
|
| write list = INTERNAL.DOMAIN.COM+username
|
| Is this a bug or a configuration problem on my side?
did you define the workgroup and realm in smb.conf?





cheers, jerry
- --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
~ You can never go home again, Oatman, but I guess you can shop there.
~--John Cusack - Grosse Point Blank (1997)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/bHQlIR7qMdg1EfYRAoAaAKCRFtI2IlVBu0dUMyZotZuupdyu9ACgkpkC
qN/N7CKFidvRp68XUFMyD0Y=
=qk9+
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] winbindd instability, inconsistent handling of Domain name

2003-09-08 Thread Alexander List

Hello world,

I'm currently experimenting with a new Samba server that is to be
integrated in an existing ADS domain.

System is Debian Woody, plus samba 3.0.0beta2+3.0.0rc2-1 and necessary
dependencies. Kernel is 2.4.21 + Debian patches + XFS

ii  libc6  2.3.2-5GNU C Library: Shared libraries and
Linux bigberta 2.4.21-4-686-xfs #1 Mon Aug 25 15:44:37 CEST 2003 i686

smbd, nmbd and winbindd are working fine, I could joint the AD Domain in
native mode, created partitions using XFS (with ACL support), and
wbinfo -u bzw. wbinfo -g list the domain users and groups correctly.

My first problem:

After a while, wbinfo [-u|-g] returns

server:/var/log/samba# wbinfo -g
Error looking up domain groups

After restarting winbindd, it works again for a while. What's the proper
way to produce useful debugging information for the developers?



My second problem:

I created a directory /mnt/admin with this ACL:

# file: .
# owner: root
# group: root
user::rwx
user:DOMAIN+username:rwx
group::r-x
mask::rwx
other::r-x

When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
only DOMAIN+username (the short NETBIOS name of the domain) is listed in
the ACL.

I created the following Samba share:

[admin]
browsable = no
path = /mnt/admin
public = no
write list = DOMAIN+username

This won't work. Windows domain user username gets Access denied when
trying to create a file on the share.

However, this works:

write list = INTERNAL.DOMAIN.COM+username

Is this a bug or a configuration problem on my side?



Another thing I found in the winbindd log file:

[2003/09/07 16:36:26, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147)
  user 'MACHINE$' does not exist

MACHINE$ is the Windows client I'm using to access the share.

Thanks for any hints!

Alex

-- 
UNLESS someone like you cares a whole awful lot, nothing is going to get
better. It's not. --Dr. Seuss, fromThe Lorax




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbindd instability, inconsistent handling of Domain name

Re: [Samba] winbindd instability, inconsistent handling of Domain name

[Samba] winbindd instability, inconsistent handling of Domain name

3 matches

Site Navigation

Mail list logo

Footer information