We had to power down all servers today for electrical maintenance in the
building and for some reason I began having access problems related to
the valid users lists when power was restored.
The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if
it might be related even though I had not performed any software upgrade
so I tried adding the group mappings as discussed in that thread. It
didn't seem to help. If I remove the valid users parameter it works
fine.
The below logfile snippet shows that it's having a problem with the
group membership aspect of the valid users list. Please note that user
'mikes' is most definitely a member of the unix group 'mis':
looking for user mikes of domain (ANY) in netgroup mis
[2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64)
lookup_name: HCNAS\mis => HCNAS (domain), mis (name)
[2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208)
User mikes not in 'valid users'
[2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580)
user 'mikes' (from session setup) not permitted to access this share
(exec_share)
[2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146)
error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
[root@hcnas samba]# groups mikes
mikes : avante mis
[root@hcnas samba]#
[exec_share]
comment = Exec Share
path = /usr/netshare/exec_share
writeable = Yes
valid users = @exec, @exasst, @mis
admin users = @mis
force group = exec
force create mode = 0666
force directory mode = 0777
Please help!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/04/2007 06:51 PM, Michael St. Laurent wrote:> We had to power down all servers today for electrical maintenance in the > building and for some reason I began having access problems related to > the valid users lists when power was restored. > > The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if > it might be related even though I had not performed any software upgrade > so I tried adding the group mappings as discussed in that thread. It > didn't seem to help. If I remove the valid users parameter it works > fine. > > The below logfile snippet shows that it's having a problem with the > group membership aspect of the valid users list. Please note that user > 'mikes' is most definitely a member of the unix group 'mis': > > looking for user mikes of domain (ANY) in netgroup mis > [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64) > lookup_name: HCNAS\mis => HCNAS (domain), mis (name) > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) > [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208) > User mikes not in 'valid users' > [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580) > user 'mikes' (from session setup) not permitted to access this share > (exec_share) > [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146) > error packet at smbd/reply.c(676) cmd=117 (SMBtconX) > NT_STATUS_ACCESS_DENIED > > [root@hcnas samba]# groups mikes > mikes : avante mis > [root@hcnas samba]# > > [exec_share] > comment = Exec Share > path = /usr/netshare/exec_share > writeable = Yes > valid users = @exec, @exasst, @mis > admin users = @mis > force group = exec > force create mode = 0666 > force directory mode = 0777 > > Please help!What happens if you try with: valid users = +mis Did you checked the "Release Notes" for 3.0.23b? http://us1.samba.org/samba/history/samba-3.0.23d.html Kind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu dNND4PP6sa6bFAJR0aq2fAI=dq8E -----END PGP SIGNATURE-----
Well, why would it change after a power off? No software upgrades were done. In fact, that same server had been powered off before while still on the same software version (samba-3.0.23c) without any problem. It was only after we took all servers offline simultaneously that this happened. I'll try your suggestion of course (and thank you very much!), I'm just confused about why this happened. -----Original Message----- From: samba-bounces+mikes=hartwellcorp.com@lists.samba.org [mailto:samba-bounces+mikes=hartwellcorp.com@lists.samba.org] On Behalf Of Felipe Augusto van de Wiel Sent: Monday, February 05, 2007 5:37 AM To: samba@lists.samba.org Subject: Re: [Samba] Samba-3.0.23 problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/04/2007 06:51 PM, Michael St. Laurent wrote:> We had to power down all servers today for electrical maintenance in the > building and for some reason I began having access problems related to > the valid users lists when power was restored. > > The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if > it might be related even though I had not performed any software upgrade > so I tried adding the group mappings as discussed in that thread. It > didn't seem to help. If I remove the valid users parameter it works > fine. > > The below logfile snippet shows that it's having a problem with the > group membership aspect of the valid users list. Please note that user > 'mikes' is most definitely a member of the unix group 'mis': > > looking for user mikes of domain (ANY) in netgroup mis > [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64) > lookup_name: HCNAS\mis => HCNAS (domain), mis (name) > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) > [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208) > User mikes not in 'valid users' > [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580) > user 'mikes' (from session setup) not permitted to access this share > (exec_share) > [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146) > error packet at smbd/reply.c(676) cmd=117 (SMBtconX) > NT_STATUS_ACCESS_DENIED > > [root@hcnas samba]# groups mikes > mikes : avante mis > [root@hcnas samba]# > > [exec_share] > comment = Exec Share > path = /usr/netshare/exec_share > writeable = Yes > valid users = @exec, @exasst, @mis > admin users = @mis > force group = exec > force create mode = 0666 > force directory mode = 0777 > > Please help!What happens if you try with: valid users = +mis Did you checked the "Release Notes" for 3.0.23b? http://us1.samba.org/samba/history/samba-3.0.23d.html Kind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu dNND4PP6sa6bFAJR0aq2fAI=dq8E -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
I've tried using the plus sign with no change. I also tried adding the machine name with no result. In other words: @mis +mis @HCNAS\mis +HCNAS\mis Have not worked. -----Original Message----- From: samba-bounces+mikes=hartwellcorp.com@lists.samba.org [mailto:samba-bounces+mikes=hartwellcorp.com@lists.samba.org] On Behalf Of Michael St. Laurent Sent: Monday, February 05, 2007 9:15 AM To: samba@lists.samba.org Subject: RE: [Samba] Samba-3.0.23 problem Well, why would it change after a power off? No software upgrades were done. In fact, that same server had been powered off before while still on the same software version (samba-3.0.23c) without any problem. It was only after we took all servers offline simultaneously that this happened. I'll try your suggestion of course (and thank you very much!), I'm just confused about why this happened. -----Original Message----- From: samba-bounces+mikes=hartwellcorp.com@lists.samba.org [mailto:samba-bounces+mikes=hartwellcorp.com@lists.samba.org] On Behalf Of Felipe Augusto van de Wiel Sent: Monday, February 05, 2007 5:37 AM To: samba@lists.samba.org Subject: Re: [Samba] Samba-3.0.23 problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/04/2007 06:51 PM, Michael St. Laurent wrote:> We had to power down all servers today for electrical maintenance in the > building and for some reason I began having access problems related to > the valid users lists when power was restored. > > The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if > it might be related even though I had not performed any software upgrade > so I tried adding the group mappings as discussed in that thread. It > didn't seem to help. If I remove the valid users parameter it works > fine. > > The below logfile snippet shows that it's having a problem with the > group membership aspect of the valid users list. Please note that user > 'mikes' is most definitely a member of the unix group 'mis': > > looking for user mikes of domain (ANY) in netgroup mis > [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64) > lookup_name: HCNAS\mis => HCNAS (domain), mis (name) > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) > [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208) > User mikes not in 'valid users' > [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580) > user 'mikes' (from session setup) not permitted to access this share > (exec_share) > [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146) > error packet at smbd/reply.c(676) cmd=117 (SMBtconX) > NT_STATUS_ACCESS_DENIED > > [root@hcnas samba]# groups mikes > mikes : avante mis > [root@hcnas samba]# > > [exec_share] > comment = Exec Share > path = /usr/netshare/exec_share > writeable = Yes > valid users = @exec, @exasst, @mis > admin users = @mis > force group = exec > force create mode = 0666 > force directory mode = 0777 > > Please help!What happens if you try with: valid users = +mis Did you checked the "Release Notes" for 3.0.23b? http://us1.samba.org/samba/history/samba-3.0.23d.html Kind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu dNND4PP6sa6bFAJR0aq2fAI=dq8E -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba