Hi All,
I'm having some minor trouble with an obscure samba feature. I'm using
the remote administration "Server Manager" features of smb.conf.
Specifically the "add share command" "change share command"
and "delete
share command". I've written a small C program to do the
text-processing
portion of smb.conf file needed for each operation. The C program just
does simple changes and returns 0. The actual commands are defined in my
smb.conf as:
# remote administration
add share command = /usr/sbin/smbchangeshare /etc/samba/smb.conf.add
change share command = /usr/sbin/smbchangeshare /etc/samba/smb.conf.add
delete share command = /usr/sbin/smbchangeshare -d
(the extra parameters are used by my C program to do different things)
Adding shares works fine and changing the comments in shares works too.
However, when I delete shares from ServerManager, I get this message in
the samba log file:
[2002/12/19 12:16:13, 0]
rpc_server/srv_srvsvc_nt.c:delete_share_security(277)
delete_share_security: Failed to delete entry for share w98bin
The delete operation does work though and the share is removed from the
smb.conf and no longer appears in NetworkNeighborhood.
Also, when I do a change share operation in ServerManager where I change
the path of an existing share, I get the same message in the samba log
file, but the change operation does not fully complete. The smb.conf
file portion completes OK (the part my C program does), but the
NetworkNeighborhood view of the sharename shows the previous path. So It
would work (show the updated path) if the samba server were restarted,
but does not do it dynamically like the delete operation does.
I've tested and duplicated this problem on WindowsXP using the old Nt4
serverManager and on Windows98SE using the win9x serverManager. The
results are the same for both, so I do not think it is a client-side
issue. Also, I've tried various sharenames, paths and comments with no
difference found. And I've seen the same behavior on shares created with
either serverManager or text-based smb.conf editing.
The one effect I have observed is that if go into ServerManager and
modify the "Permissions" on the soon-to-be-deleted, newly-created,
share, then the delete/change-path works ok and there is no error
message in the samba log file.
The Permissions are initially set to Everyone-->FullControl. I can
eliminate the error by either adding another permission settings or
simply deleting the default Everyone setting, saving it, and then
recreating the exact same setting.
The actual error message come from the following section in the source:
rpc_server/srv_srvsvc_nt.c
static BOOL delete_share_security(int snum)
{
TDB_DATA kbuf;
fstring key;
slprintf(key, sizeof(key)-1, "SECDESC/%s",
lp_servicename(snum));
kbuf.dptr = key;
kbuf.dsize = strlen(key)+1;
if (tdb_delete(share_tdb, kbuf) != 0) {
DEBUG(0,("delete_share_security: Failed to delete entry
for share %s\n",
lp_servicename(snum) ));
return False;
}
return True;
}
So It appears to me that some security setting is not getting setup for
shares correctly. Before I dig further into the sources, I thought maybe
some of you kind readers could help me out with this one.
Ken McDonald
Computer Geek Extraordinaire
Here is my current smb.conf. It is a work-in-progress.
[global]
# main settings
workgroup = TGA
server string =
#security settings
security = user
admin users = root
hosts allow = 10.0.0.0/255.255.255.0 127.0.0.1 except
10.0.0.1
hosts deny = all
interfaces = eth0 10.0.0.0/255.255.255.0 127.0.0.1
bind interfaces only = yes
encrypt passwords = yes
smb passwd file = /etc/samba/sambapasswd
# invalid users = root @wheel
hide unreadable = yes
browseable = yes
utmp = yes
add user script = /usr/sbin/smbaddmachine %m$
allow trusted domains = no
# debug settings
log level = 0
log file = /var/log/samba/samba.log.%m
max log size = 1000
# performance options
oplocks = yes
level2oplocks = yes
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192
SO_RCVBUF=8192
# domain controller settings
domain logons = yes
domain master = yes
preferred master = yes
local master = yes
os level = 99
logon drive = H:
logon home = \\%h\%U\.profiles
logon path = \\%h\profiles\%U
logon script = ms.bat
wins support = yes
dns proxy = no
# name mangling
mangling method = hash2
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
# remote administration
add share command = /usr/sbin/smbchangeshare
/etc/samba/smb.conf.add
change share command = /usr/sbin/smbchangeshare
/etc/samba/smb.conf.add
delete share command = /usr/sbin/smbchangeshare -d
printing = CUPS
syslog = 0
[printers]
comment = All Printers
path = /tmp
create mask = 0700
printable = yes
browseable = no
[homes]
comment = Home Directories
path = %H
create mode = 0600
directory mode = 0700
browseable = no
read only = no
writeable = yes
valid users = %S
[netlogon]
comment = Network Logon Service
path = /home/netlogon
browseable = no
writeable = no
guest ok = yes
share modes = no
write list = @admins
[profiles]
profile acls = yes
path = /home/profiles
create mode = 0600
directory mode = 0700
read only = no
browseable = yes
hide unreadable = no
[install]
comment = Data Files and Backups
path = /mnt/disk3/install
create mask = 0775
directory mask = 0775
browseable = yes
read only = no
[programs]
comment = Data Files and Backups
path = /mnt/disk2/programs
create mask = 0775
directory mask = 0775
browseable = yes
read only = no
[shared]
comment = Data Files and Backups
path = /mnt/disk1/shared
create mask = 0775
directory mask = 0775
browseable = yes
read only = no
[disk1]
comment = Data Files and Backups
path = /mnt/disk1
create mask = 0775
directory mask = 0775
browseable = yes
read only = no
[disk2]
comment = Data Files and Backups
path = /mnt/disk2
create mask = 0775
directory mask = 0775
browseable = yes
read only = no
[disk3]
comment = Data Files and Backups
path = /mnt/disk3
create mask = 0775
directory mask = 0775
browseable = yes
read only = no
[cdrom]
comment = cd-rom
path = /mnt/cdrom
create mask = 0775
directory mask = 0775
browseable = yes
read only = yes
