I've gone further down the food chain in diagnosing the problem:
A net rpc join command works but wbinfo -u or wbinfo -g fails:
[root@hcnas samba]# net rpc join -U Administrator
Password:
Joined domain MERCURY.
[root@hcnas samba]# net rpc info -U Administrator
Password:
Domain Name: MERCURY
Domain SID: S-1-5-21-356471451-824197641-1237804090
Sequence number: 20543
Num users: 625
Num domain groups: 96
Num local groups: 109
[root@hcnas samba]# wbinfo --set-auth-user=Administrator
Password:
[root@hcnas samba]# wbinfo -u
Error looking up domain users
[root@hcnas samba]# wbinfo -g
BUILTIN\administrators
BUILTIN\users
[root@hcnas samba]#
I've tried removing the server from the domain and rejoining it to no avail.
The domain has a Windows ADS controller running in mixed-mode.
Please help! This is seriously impacting the network and my stress levels are
peaking! ;)
Here is the global section from our smb.conf file:
[global]
workgroup = MERCURY
server string = Network Attached Storage
security = DOMAIN
winbind use default domain = yes
encrypt passwords = Yes
password server = HCDC
winbind nested groups = yes
log file = /var/log/samba/log.%m
log level = 3
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = no
os level = 0
local master = No
dns proxy = No
wins server = 10.11.10.3
writeable = Yes
inherit acls = Yes
map to guest = Bad Uid
-----Original Message-----
From: samba-bounces+mikes=hartwellcorp.com@lists.samba.org
[mailto:samba-bounces+mikes=hartwellcorp.com@lists.samba.org] On Behalf Of
Michael St. Laurent
Sent: Monday, February 05, 2007 9:59 AM
To: samba@lists.samba.org
Subject: RE: [Samba] Samba-3.0.23 problem
I've tried using the plus sign with no change. I also tried adding the
machine name with no result.
In other words:
@mis
+mis
@HCNAS\mis
+HCNAS\mis
Have not worked.
-----Original Message-----
From: samba-bounces+mikes=hartwellcorp.com@lists.samba.org
[mailto:samba-bounces+mikes=hartwellcorp.com@lists.samba.org] On Behalf Of
Michael St. Laurent
Sent: Monday, February 05, 2007 9:15 AM
To: samba@lists.samba.org
Subject: RE: [Samba] Samba-3.0.23 problem
Well, why would it change after a power off? No software upgrades were done.
In fact, that same server had been powered off before while still on the same
software version (samba-3.0.23c) without any problem. It was only after we took
all servers offline simultaneously that this happened.
I'll try your suggestion of course (and thank you very much!), I'm just
confused about why this happened.
-----Original Message-----
From: samba-bounces+mikes=hartwellcorp.com@lists.samba.org
[mailto:samba-bounces+mikes=hartwellcorp.com@lists.samba.org] On Behalf Of
Felipe Augusto van de Wiel
Sent: Monday, February 05, 2007 5:37 AM
To: samba@lists.samba.org
Subject: Re: [Samba] Samba-3.0.23 problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/04/2007 06:51 PM, Michael St. Laurent wrote:> We had to power down all servers today for electrical maintenance in the
> building and for some reason I began having access problems related to
> the valid users lists when power was restored.
>
> The dialog from the 'Samba-3.0.23 broke my network' thread seemed
as if
> it might be related even though I had not performed any software upgrade
> so I tried adding the group mappings as discussed in that thread. It
> didn't seem to help. If I remove the valid users parameter it works
> fine.
>
> The below logfile snippet shows that it's having a problem with the
> group membership aspect of the valid users list. Please note that user
> 'mikes' is most definitely a member of the unix group
'mis':
>
> looking for user mikes of domain (ANY) in netgroup mis
> [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64)
> lookup_name: HCNAS\mis => HCNAS (domain), mis (name)
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208)
> User mikes not in 'valid users'
> [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580)
> user 'mikes' (from session setup) not permitted to access this
share
> (exec_share)
> [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146)
> error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
>
> [root@hcnas samba]# groups mikes
> mikes : avante mis
> [root@hcnas samba]#
>
> [exec_share]
> comment = Exec Share
> path = /usr/netshare/exec_share
> writeable = Yes
> valid users = @exec, @exasst, @mis
> admin users = @mis
> force group = exec
> force create mode = 0666
> force directory mode = 0777
>
> Please help!
What happens if you try with:
valid users = +mis
Did you checked the "Release Notes" for 3.0.23b?
http://us1.samba.org/samba/history/samba-3.0.23d.html
Kind regards,
- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu
dNND4PP6sa6bFAJR0aq2fAI=dq8E
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba