Hi all
I've written a few mails to the list hoping that I might get some hint to
what
mistake I've been making in configuring my samba server with acl support,
but
haven't been able to figure out much to date. I'm sending some parts of
my
log files with a description of my problem as a last hope-- I will have to go
through the manuals from cover to cover if I dont get an answer this time I
guess.
This mail is a bit too long to include all the details I thought necessary,
but since its my last resort before going into all the gory details, I'm
sending it with hopes that someone will be able to help me out here.
I'm including the problem description at the end of the letter.
Hope you can help me
Regards,
Prajjwal
General Description:
1. Linux kernel 2.4.24, acl patch from acl.bestbits.at--> setfacl, getfacl
properly working.
2. Samba 3.0.4 with acl support built in.
3. Samba standalone PDC configured with user level security. (domain name:
SYSTEMS, samba server name: BRIDGE)
4. Windows XP Professional Client used (netbios name: PRAJCOMP)
5. Both owner and root able to modify existing acl entries on files and
folders.
Problem:
1. When trying to add extra users/groups using the Object Picker, even as
root, authorized account is requested (root is listed in Domain Admins) and
when I try to login as root again, I get an error message saying multiple
connections to a shared resource are not allowed.
2. if an acl entry is shown for an user in the properties of one file,e.g.
SYSTEMS\prajjwal, if I try to add that same acl entry to another file which
does not have an acl entry for that user, the user will not be recognized.
Attempted solutions:
1. Have tried various net group mapping combinations.
2. Have tried both user and domain level security.
3. Have tried with smbpasswd backend as well as tdbsam backend ( the backend
used when generating these logs is tdbsam)
Selected suspicious lines in the machine log file with description of places
where they occur ( log level 10 used ):
1. When the initial username/password dialog appears on the client computer:
askauth.log: Cache entry with key = TDOM/PRAJCOMP couldn't be found
askauth.log: check_ntlm_password: guest had nothing to say
askauth.log: pdb_getsampwnam (TDB): error fetching database.
askauth.log: Error: Record does not exist
askauth.log: check_sam_security: Couldn't find user 'other' in
passdb file.
2. When username/password for user root are entered, and client is logged in:
rootloggedin.log: auth_get_challenge: module guest did not want to specify a
challenge
rootloggedin.log: auth_get_challenge: module sam did not want to specify a
challenge
rootloggedin.log: auth_get_challenge: module winbind did not want to specify
a challenge
rootloggedin.log: Cache entry with key = TDOM/PRAJCOMP couldn't be found
rootloggedin.log: check_ntlm_password: guest had nothing to say
rootloggedin.log: Account not autolocked, no check needed
rootloggedin.log: lp_servicenumber: couldn't find
rootrootloggedin.log:[2004/06/30 11:27:49, 5]
rpc_parse/parse_prs.c:prs_werror(695)
rootloggedin.log:[2004/06/30 11:27:50, 5]
rpc_parse/parse_prs.c:prs_werror(695)
rootloggedin.log:[2004/06/30 11:27:50, 5]
rpc_parse/parse_prs.c:prs_werror(695)
rootloggedin.log:[2004/06/30 11:27:50, 5]
rpc_parse/parse_prs.c:prs_werror(695)
rootloggedin.log:[2004/06/30 11:27:50, 5]
rpc_parse/parse_prs.c:prs_werror(695)
3. When the properties dialog box is opened for a file:
firstpropdialog.log: Error opening file tmp/test.dll (No such file or
directory) (local_flags=0) (flags=0)
firstpropdialog.log:[2004/06/30 11:28:21, 10]
smbd/trans2.c:set_bad_path_error(2213)
firstpropdialog.log: set_bad_path_error: err = 2 bad_path =
0firstpropdialog.log:
[2004/06/30 11:28:21, 3] smbd/error.c:error_packet(94)
firstpropdialog.log: error string = No such file or directory
firstpropdialog.log:[2004/06/30 11:28:21, 3] smbd/error.c:error_packet(118)
firstpropdialog.log: error packet at smbd/trans2.c(2219) cmd=162
(SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND
4. When the "security" tab is pressed to get a list of the users and
groups in
the acl entries for the file
userlist.log:[2004/06/30 11:28:31, 3] smbd/error.c:error_packet(94)
userlist.log: error string = No data available
userlist.log:[2004/06/30 11:28:31, 3] smbd/error.c:error_packet(118)
userlist.log: error packet at smbd/nttrans.c(104) cmd=160 (SMBnttrans)
NT_STATUS_BUFFER_TOO_SMALL
userlist.log:[2004/06/30 11:28:31, 3] smbd/error.c:error_packet(94)
userlist.log: error string = No data available
userlist.log: lsa_io_sec_qos: length c does not match size 8
userlist.log: lsa_io_sec_qos: length c does not match size 8
userlist.log: pdb_getsampwrid (TDB): error looking up RID 512 by key
RID_00000200.userlist.log: Error: Record does not exist
userlist.log: 00c0 bad_password_count : 0000
userlist.log: get_alias_user_groups: not returing Domain Admins, not an ALIAS
group.
userlist.log: get_alias_user_groups: not returing bin, not in the domain SID.
userlist.log: get_alias_user_groups: not returing daemon, not in the domain
SID.
userlist.log: get_alias_user_groups: not returing sys, not in the domain SID.
userlist.log: get_alias_user_groups: not returing adm, not in the domain SID.
userlist.log: get_alias_user_groups: not returing disk, not in the domain
SID.
userlist.log: get_alias_user_groups: not returing wheel, not in the domain
SID.
userlist.log: get_alias_user_groups: not returing Domain Admins, not an ALIAS
group.
userlist.log: pdb_getsampwrid (TDB): error looking up RID 512 by key
RID_00000200.
userlist.log: Error: Record does not exist
userlist.log: _samr_query_useraliases: an error occured while getting groups
5. When the "add" button is pressed to get extra users/groups added to
the
file acl entries
addpress.log: Cache entry with key = TDOM/SYSTEMS couldn't be found
addpress.log: pdb_getsampwrid (TDB): error looking up RID 501 by key
RID_000001f5.
addpress.log: Error: Record does not existaddpress.log: lsa_io_sec_qos:
length c does not match size 8
