Re: [Samba] winbindd instability, inconsistent handling of Domain name
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 20 Sep 2003, Gerald (Jerry) Carter wrote: | After restarting winbindd, it works again for a while. What's the proper | way to produce useful debugging information for the developers? I think this has already been fixed in our CVS tree. The bedian packaging script should be fine for RC4 so you might just want to build your own package from that tree and see if things work better for you. That's fixed, thanks, and AFAIR I posted that fact to the list on Wed, 10 Sep 2003 21:11:11 +0200 (CEST). | user::rwx | user:DOMAIN+username:rwx | | When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx, | only DOMAIN+username (the short NETBIOS name of the domain) is listed in | the ACL. Haven't we already talked about this one? I'm having serious deja vu here. winbindd mostly operates on the short name of the do9main. Yep, this is also a non-issue because INTERNAL.DOMAIN.COM is correctly mapped to DOMAIN by winbindd. | [admin] | browsable = no | path = /mnt/admin | public = no | write list = DOMAIN+username | | This won't work. Windows domain user username gets Access denied when | trying to create a file on the share. | | However, this works: | | write list = INTERNAL.DOMAIN.COM+username | | Is this a bug or a configuration problem on my side? did you define the workgroup and realm in smb.conf? Yes, I did. Just compiled the latest CVS HEAD branch stuff and tested it again. The problem won't occur if I set writable to yes, it will only occur if writable is set to no and there's a write list statement. Here's what I get from the logs when I try to create a directory on a share configured as explained above: /* First, username.c returns [EMAIL PROTECTED] instead of [EMAIL PROTECTED]: */ [2003/09/22 14:32:04, 3] smbd/sesssetup.c:reply_spnego_kerberos(178) Ticket name is [EMAIL PROTECTED] [2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam(288) Finding user INTERNAL.DOMAIN.COM+user [2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is internal.domain.com+user [2003/09/22 14:32:04, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [INTERNAL.DOMAIN.COM+user]! [...] /* here, the realm+username is used again */ [2003/09/22 14:32:04, 10] passdb/pdb_get_set.c:pdb_set_username(593) pdb_set_username: setting username INTERNAL.DOMAIN.COM+username, was [2003/09/22 14:32:04, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493) element 11 - now SET [...] /* finally, the create directory call fails */ [2003/09/22 14:32:04, 5] smbd/filename.c:unix_convert(323) New file test1 [2003/09/22 14:32:04, 3] smbd/dosmode.c:unix_mode(110) unix_mode(test1) returning 0744 [2003/09/22 14:32:04, 5] smbd/files.c:file_new(122) allocated file structure 9230, fnum = 13326 (1 used) [2003/09/22 14:32:04, 2] smbd/open.c:open_directory(1303) open_directory: failing create on read-only share [2003/09/22 14:32:04, 5] smbd/files.c:file_free(385) freed files structure 13326 (0 used) [2003/09/22 14:32:04, 10] smbd/trans2.c:set_bad_path_error(1785) set_bad_path_error: err = 13 bad_path = 0 [2003/09/22 14:32:04, 3] smbd/error.c:error_packet(94) error string = Permission denied [2003/09/22 14:32:04, 3] smbd/error.c:error_packet(113) error packet at smbd/trans2.c(1797) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED Hope this helps to find the problem... if not, I'll send you the whole log directly. Thanks again for your help hunting down this problem... Alex - -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty not safety. --Benjamin Franklin, 1759 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/bvhfNf7NP+s4C+YRAopGAKCJXKHsWtcakml+RuCavTI7jb0oOACdFFv6 hn//IBiqSeNFEaTyjDao7do= =ByDR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd instability, inconsistent handling of Domain name
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander List wrote: | Hello world, | | I'm currently experimenting with a new Samba server that is to be | integrated in an existing ADS domain. | | System is Debian Woody, plus samba 3.0.0beta2+3.0.0rc2-1 and necessary | dependencies. Kernel is 2.4.21 + Debian patches + XFS | | ii libc6 2.3.2-5GNU C Library: Shared libraries and | Linux bigberta 2.4.21-4-686-xfs #1 Mon Aug 25 15:44:37 CEST 2003 i686 | | smbd, nmbd and winbindd are working fine, I could joint the AD Domain in | native mode, created partitions using XFS (with ACL support), and | wbinfo -u bzw. wbinfo -g list the domain users and groups correctly. | | My first problem: | | After a while, wbinfo [-u|-g] returns | | server:/var/log/samba# wbinfo -g | Error looking up domain groups | | After restarting winbindd, it works again for a while. What's the proper | way to produce useful debugging information for the developers? I think this has already been fixed in our CVS tree. The bedian packaging script should be fine for RC4 so you might just want to build your own package from that tree and see if things work better for you. | I created a directory /mnt/admin with this ACL: | | # file: . | # owner: root | # group: root | user::rwx | user:DOMAIN+username:rwx | group::r-x | mask::rwx | other::r-x | | When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx, | only DOMAIN+username (the short NETBIOS name of the domain) is listed in | the ACL. Haven't we already talked about this one? I'm having serious deja vu here. winbindd mostly operates on the short name of the do9main. | [admin] | browsable = no | path = /mnt/admin | public = no | write list = DOMAIN+username | | This won't work. Windows domain user username gets Access denied when | trying to create a file on the share. | | However, this works: | | write list = INTERNAL.DOMAIN.COM+username | | Is this a bug or a configuration problem on my side? did you define the workgroup and realm in smb.conf? cheers, jerry - -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/bHQlIR7qMdg1EfYRAoAaAKCRFtI2IlVBu0dUMyZotZuupdyu9ACgkpkC qN/N7CKFidvRp68XUFMyD0Y= =qk9+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd instability, inconsistent handling of Domain name
Hello world, I'm currently experimenting with a new Samba server that is to be integrated in an existing ADS domain. System is Debian Woody, plus samba 3.0.0beta2+3.0.0rc2-1 and necessary dependencies. Kernel is 2.4.21 + Debian patches + XFS ii libc6 2.3.2-5GNU C Library: Shared libraries and Linux bigberta 2.4.21-4-686-xfs #1 Mon Aug 25 15:44:37 CEST 2003 i686 smbd, nmbd and winbindd are working fine, I could joint the AD Domain in native mode, created partitions using XFS (with ACL support), and wbinfo -u bzw. wbinfo -g list the domain users and groups correctly. My first problem: After a while, wbinfo [-u|-g] returns server:/var/log/samba# wbinfo -g Error looking up domain groups After restarting winbindd, it works again for a while. What's the proper way to produce useful debugging information for the developers? My second problem: I created a directory /mnt/admin with this ACL: # file: . # owner: root # group: root user::rwx user:DOMAIN+username:rwx group::r-x mask::rwx other::r-x When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx, only DOMAIN+username (the short NETBIOS name of the domain) is listed in the ACL. I created the following Samba share: [admin] browsable = no path = /mnt/admin public = no write list = DOMAIN+username This won't work. Windows domain user username gets Access denied when trying to create a file on the share. However, this works: write list = INTERNAL.DOMAIN.COM+username Is this a bug or a configuration problem on my side? Another thing I found in the winbindd log file: [2003/09/07 16:36:26, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147) user 'MACHINE$' does not exist MACHINE$ is the Windows client I'm using to access the share. Thanks for any hints! Alex -- UNLESS someone like you cares a whole awful lot, nothing is going to get better. It's not. --Dr. Seuss, fromThe Lorax -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba