Matt Burkhardt
2009-May-27 18:07 UTC
[Samba] Having problems with Samba and openLDAP Groups
I'm getting a little closer and understanding how the logs, etc work. I
can log onto a Samba share, can read and write to my home directory, but
I'm concerned about trying to get the file share Staff to work - want it
to be read and write to the Group named Staff. I have set up the group
and added myself to the group
If I do a smbldap-groupshow Staff - I get
sudo smbldap-groupshow Staff
dn: cn=Staff,ou=Groups,dc=imparisystems,dc=local
objectClass: top,posixGroup
cn: Staff
gidNumber: 1012
memberUid: mlb
I'm mlb - but it doesn't have any Samba information and I added the
group by typing
sudo smbldap-groupadd -a Staff
If I try
smbclient //Ubuntu/Staff
Password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]
tree connect failed: NT_STATUS_ACCESS_DENIED
Here's my smb.conf file - just the globals and the share I want to fix
[global]
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://localhost/
pam password change = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*
\spassword$
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
log level = 3
server signing = auto
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u'
'%
g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%
u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%
u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = logon.bat
logon path = \\%N\profiles\%U
logon drive = H:
domain logons = Yes
os level = 34
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=imparisystems,dc=local
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=imparisystems,dc=local
ldap ssl = no
ldap user suffix = ou=Users
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
path = /samba
invalid users = root
[Staff]
writeable = yes
msdfs root = yes
valid users = @Staff
path = /samba/smalldrive/doc/Staff
only user = yes
Here's my log for the server at /var/log/samba/log.ubuntu
---snip---
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: sam authentication for user [mlb] succeeded
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [mlb] -> [mlb] -> [mlb]
succeeded
[2009/05/27 13:34:52, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1107)
fetch gid from cache 544 -> S-1-5-32-544
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-3529111891-2609867799-3129462049-3018]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1000]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-4]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-20]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-24]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-25]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-29]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-30]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-33]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-44]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-46]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-107]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-113]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-115]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-116]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1001]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1002]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1008]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1012]
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2009/05/27 13:34:52, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60088215
[2009/05/27 13:34:52, 3] smbd/password.c:register_vuid(304)
User name: mlb Real name: mlb
[2009/05/27 13:34:52, 3] smbd/password.c:register_vuid(325)
UNIX uid 1000 is UNIX user mlb, and will be vuid 101
[2009/05/27 13:34:52, 3] smbd/password.c:register_vuid(356)
Adding homes service for user 'mlb' using home directory:
'/home/mlb'
[2009/05/27 13:34:52, 3] param/loadparm.c:lp_add_home(2691)
adding home's share [mlb] for user 'mlb' at '/home/mlb'
[2009/05/27 13:34:52, 3] libsmb/smb_signing.c:srv_set_signing(975)
srv_set_signing: turning on SMB signing: signing negotiated = Yes,
mandatory_signing = No.
[2009/05/27 13:34:52, 3] smbd/process.c:process_smb(1069)
Transaction 3 of length 80
[2009/05/27 13:34:52, 3] smbd/process.c:switch_message(927)
switch message SMBtconX (pid 21207) conn 0x0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid root does not start with 'S-'.
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: root
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/service.c:make_connection_snum(806)
Connect path is '/tmp' for service [IPC$]
[2009/05/27 13:34:52, 3] lib/util_seaccess.c:se_access_check(250)
[2009/05/27 13:34:52, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is
S-1-5-21-3529111891-2609867799-3129462049-3018
se_access_check: also S-1-22-2-1000
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-4
se_access_check: also S-1-22-2-20
se_access_check: also S-1-22-2-24
se_access_check: also S-1-22-2-25
se_access_check: also S-1-22-2-29
se_access_check: also S-1-22-2-30
se_access_check: also S-1-22-2-33
se_access_check: also S-1-22-2-44
se_access_check: also S-1-22-2-46
se_access_check: also S-1-22-2-107
se_access_check: also S-1-22-2-113
se_access_check: also S-1-22-2-115
se_access_check: also S-1-22-2-116
se_access_check: also S-1-22-2-1001
se_access_check: also S-1-22-2-1002
se_access_check: also S-1-22-2-1008
se_access_check: also S-1-22-2-1012
[2009/05/27 13:34:52, 3] smbd/vfs.c:vfs_init_default(95)
Initialising default vfs hooks
[2009/05/27 13:34:52, 3] smbd/vfs.c:vfs_init_custom(128)
Initialising custom vfs hooks from [/[Default VFS]/]
[2009/05/27 13:34:52, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid root does not start with 'S-'.
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: root
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/util_seaccess.c:se_access_check(250)
[2009/05/27 13:34:52, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is
S-1-5-21-3529111891-2609867799-3129462049-3018
se_access_check: also S-1-22-2-1000
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-4
se_access_check: also S-1-22-2-20
se_access_check: also S-1-22-2-24
se_access_check: also S-1-22-2-25
se_access_check: also S-1-22-2-29
se_access_check: also S-1-22-2-30
se_access_check: also S-1-22-2-33
se_access_check: also S-1-22-2-44
se_access_check: also S-1-22-2-46
se_access_check: also S-1-22-2-107
se_access_check: also S-1-22-2-113
se_access_check: also S-1-22-2-115
se_access_check: also S-1-22-2-116
se_access_check: also S-1-22-2-1001
se_access_check: also S-1-22-2-1002
se_access_check: also S-1-22-2-1008
se_access_check: also S-1-22-2-1012
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/service.c:make_connection_snum(1033)
ubuntu (192.168.1.100) signed connect to service IPC$ initially as
user mlb (uid=1000, gid=1000) (pid 21207)
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/reply.c:reply_tcon_and_X(574)
tconX service=IPC$
[2009/05/27 13:34:52, 3] smbd/process.c:process_smb(1069)
Transaction 4 of length 102
[2009/05/27 13:34:52, 3] smbd/process.c:switch_message(927)
switch message SMBtrans2 (pid 21207) conn 0x84f0010
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/process.c:process_smb(1069)
Transaction 5 of length 39
[2009/05/27 13:34:52, 3] smbd/process.c:switch_message(927)
switch message SMBtdis (pid 21207) conn 0x84f0010
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/service.c:close_cnum(1230)
ubuntu (192.168.1.100) closed connection to service IPC$
[2009/05/27 13:34:52, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/process.c:process_smb(1069)
Transaction 6 of length 84
[2009/05/27 13:34:52, 3] smbd/process.c:switch_message(927)
switch message SMBtconX (pid 21207) conn 0x0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid root does not start with 'S-'.
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: root
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid @Staff does not start with 'S-'.
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 0] smbd/share_access.c:user_ok_token(221)
'only user = yes' and no 'username ='
[2009/05/27 13:34:52, 2] smbd/service.c:make_connection_snum(616)
user 'mlb' (from session setup) not permitted to access this share
(Staff)
[2009/05/27 13:34:52, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/reply.c(514) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
[2009/05/27 13:34:52, 3] smbd/process.c:timeout_processing(1329)
timeout_processing: End of file from client (client has disconnected).
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2009/05/27 13:34:52, 3] smbd/server.c:exit_server_common(768)
Server exit (normal exit)
So I figure something must be wrong with my group definition, but I
haven't found anything. How am I supposed to create groups to use with
Samba? Does there need to be an entry in for Unix? Any help
appreciated
Thanks
--
Matt Burkhardt, M.Sci. Technology Management
mlb@imparisystems.com
(301) 682-7901
502 Fairview Avenue
Frederick, MD 21701
http://www.imparisystems.com
Liutauras Adomaitis
2009-May-27 21:02 UTC
[Samba] Having problems with Samba and openLDAP Groups
> [2009/05/27 13:34:52, 2] smbd/service.c:make_connection_snum(616) > ?user 'mlb' (from session setup) not permitted to access this share > (Staff) > [2009/05/27 13:34:52, 3] smbd/error.c:error_packet_set(106) > ?error packet at smbd/reply.c(514) cmd=117 (SMBtconX) > NT_STATUS_ACCESS_DENIEDi guess your user mib is not in group @Staff. What do you get with commands: smbldap-tools works only with ldap, it doesn't mean system sees those users. id mib getent passwd | grep mib getent group | grep -i staff Run "testparm" - it will show some errors you have in your smb.conf file. Also run testparm command, it will show you some errors in your smb.conf file you have.
Liutauras Adomaitis
2009-Jun-03 18:54 UTC
[Samba] Having problems with Samba and openLDAP Groups
On Thu, May 28, 2009 at 11:59 PM, Matt Burkhardt <mlb@imparisystems.com> wrote:> On Thu, 2009-05-28 at 23:29 +0300, Liutauras Adomaitis wrote: > > On Thu, May 28, 2009 at 3:53 PM, Matt Burkhardt <mlb@imparisystems.com> > wrote: >> Thanks for the help!? I appreciate you taking the time! >> >> On Thu, 2009-05-28 at 00:02 +0300, Liutauras Adomaitis wrote: >> >>> [2009/05/27 13:34:52, 2] smbd/service.c:make_connection_snum(616) >>> ?user 'mlb' (from session setup) not permitted to access this share >>> (Staff) >>> [2009/05/27 13:34:52, 3] smbd/error.c:error_packet_set(106) >>> ?error packet at smbd/reply.c(514) cmd=117 (SMBtconX) >>> NT_STATUS_ACCESS_DENIED >> >> i guess your user mib is not in group @Staff. What do you get with >> commands: smbldap-tools works only with ldap, it doesn't mean system >> sees those users. >> id mib >> getent passwd | grep mib >> getent group | grep -i staff >> >> id mlb >> uid=1000(mlb) gid=1000(mlb) >> >> groups=1000(mlb),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),33(www-data),44(video),46(plugdev),107(fuse),113(lpadmin),115(admin),116(sambashare),1001(musicshare),1002(printer-admin),1008(subversion),1012(Staff),513(Domain >> Users),1014(Staff) >> >> getent passwd | grep mlb >> mlb:x:1000:1000:Matt Burkhardt,,,:/home/mlb:/bin/bash >> mlb:x:1009:544:mlb:/home/mlb:/bin/bash >> mlb-laptop$:*:1014:515:Computer:/dev/null:/bin/false >> >> getent group | grep -i Staff >> staff:x:50: >> Staff:x:1012:alex,mlb >> Staff:*:1014:mlb,alex > > You have 3 groups Staff and 2 users mib. This confuses me a bit. It > may be your problem. I think you should have only one user mib. > You should also make sure you have 1 group Staff. Check your "net > groupmap list" to see how does Staff group maps to windows group. > > Liutauras > > Those are deleted entries - they don't show up in either the webmin module > or phpldapadmin.? Here's the results from the net groupmap list > > Domain Admins (S-1-5-21-3529111891-2609867799-3129462049-512) -> Domain > Admins > Domain Users (S-1-5-21-3529111891-2609867799-3129462049-513) -> Domain Users > Domain Guests (S-1-5-21-3529111891-2609867799-3129462049-514) -> Domain > Guests > Domain Computers (S-1-5-21-3529111891-2609867799-3129462049-515) -> Domain > Computers > Administrators (S-1-5-32-544) -> Administrators > Account Operators (S-1-5-32-548) -> Account Operators > Print Operators (S-1-5-32-550) -> Print Operators > Backup Operators (S-1-5-32-551) -> Backup Operators > Replicators (S-1-5-32-552) -> Replicators > Staff (S-1-5-21-3529111891-2609867799-3129462049-3029) -> Staff >Hi, have you solved your problem? I've been busy a bit. You groupmap list looks nice, but I still think there is something to dig arround group membership. Some more things to check, if you didn't do that already: - smbldap-groupshow Staff - this should give an idea of gidNumber and SID of Staff group in ldap - do you run nscd? I had a lot of problems with it and ldap authentication. Samba Docs even say, that this is not supported if I remmeber correctly. nscd could be responsible of showing groups that are already deleted. - have tried using other group, like "Domain Users". If it works with other group then it is problem with your group Staff. Liutauras
Possibly Parallel Threads
- I am so frustrated - Samba ports not opening and no error message
- Problems configuring Samba PDC + FDS error "No privileges assigned to SID"
- root is there in tdbsam but it says user name not there while Joining a Win Xp to a domain
- open_sockets_smbd: accept: Protocol error
- Performance problem when copy from samba server to client