albanperso-zatoo@yahoo.com
2008-Aug-18 14:53 UTC
[Samba] Samba 3.0.x access rights issue with secondary groups or Unix rights
Hi experts
I have a trouble in access rights
I am running Samba
3.0.31 on Solaris 10 x86 64 bits as member server of an Active
Directory 2003 R2 domain (MYDOMAIN) using Identity Management for Unix
I set rights to access a sub folder of a Samba share. On Solaris the user
"toto" jdoe can write a new file. From Windows, the same user
can't.
Itlooks like OK when the primary group (grp1) of the user is the group
that own the subtree but not when this owner group is a secondary group
(grp2).
It is OK If I set explicitly the user right from MS Windows
I can't change the access rights to the group from MS Windows
I suspect Unix ownership or ACL to be the root cause but I can't exclude a
Samba issue
Thanks for help
Here a long details on my config (sorry for the parts that take place and no
useful info, so just go to the valuable data)
************ An extract from my smb.conf ************
[global]
## part windows ##
host msdfs = no
netbios name = machines01
netbios aliases = 2store
server string = 2store
workgroup = MYDOMAIN
realm = MYDOMAIN.LOCAL
security = ADS
use kerberos keytab = yes
obey pam restrictions = Yes
use spnego = yes
client use spnego = yes
password server = machinew01.MYDOMAIN.local machinew07.MYDOMAIN.local
# unix extensions = no
machine password timeout = 0
# logon path = \\machines01\profiles\%U
template shell = /bin/bash
hosts allow = 127.0.0.1, 192.168.10.0/255.255.255.0,
192.168.11.0/255.255.255.0
## part samba engine ##
max log size = 50000
log level = 10
syslog = 0
log file = /var/log/samba/%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
## part ldap et idmap ##
ldap admin dn = "cn=myadmin,cn=users,dc=MYDOMAIN,dc=local"
ldap idmap suffix = ou=idmap
ldap ssl = no
idmap backend = ldap:ldap://machinew01.MYDOMAIN.local
ldap:ldap://machinew07.MYDOMAIN.local
#idmap backend = idmap_rid:MYDOMAIN=10000-20000
#idmap backend = ad
idmap uid = 10000-20000
idmap gid = 10000-20000
#idmap config MYDOMAIN:schema_mode = rfc2307
## part winbind ##
winbind nss info = rfc2307
winbind cache time = 5
winbind refresh tickets = Yes
winbind use default domain = Yes
winbind trusted domains only = Yes
winbind nested groups = Yes
winbind enum groups = Yes
winbind enum users = Yes
[data]
comment = Samba data folder
path = /samba/data
read only = No
create mask = 0740
directory mask = 0750
guest ok = Yes
************ Check the Unix name resolution ************
getent passwd jdoe
jdoe:x:10037:10002:John DOE:/home/jdoe:/bin/sh
getent group grp2
grp2::10004:myadmin,jdoe,demo1,demo2,demo3
************ I can check that Samba can resolve if the user is member of the
group ************
/usr/local/samba/bin/net ads user info jdoe
grp2
grp1
/usr/local/samba/bin/wbinfo -G 10004
S-1-5-21-2269603188-533060101-51835291-1642
/usr/local/samba/bin/wbinfo -Y S-1-5-21-2269603188-533060101-51835291-1642
10004
/usr/local/samba/bin/wbinfo -R 10004
winbind_lookup_rids failed
Could not lookup RIDs 10004
************ Review of the access rights ************
ls -al /samba/data/level1/level2/level3/level4
drwxrwsr-x+ 19 myadmin grp2 512 Aug 15 11:18 .
drwxr-x--- 9 myadmin grp1 512 Aug 12 16:06 ..
drwxrws---+ 3 myadmin grp2 512 Jun 27 10:58 general
-rwxr-----+ 1 jdoe grp2 0 Aug 15 11:18 New Text Document from
Windows.txt
-rwxrw---- 1 jdoe grp2 44 Aug 15 11:14 newdocfromunix.txt
*** ACTION: I try on Unix to change the group owner of ".." by grp2
but that remove all jdoe access from Windows
************ Test POSIX ACLs ************
getfacl -a /samba/data/level1/level2/level3/level4/
# file: /samba/data/level1/level2/level3/level4/
# owner: myadmin
# group: grp2
user::rwx
group::rwx #effective:rwx
other:r-x
getfacl -a /samba/data/level1/level2/level3
# file: /samba/data/level1/level2/level3
# owner: myadmin
# group: grp1
user::rwx
group::r-x #effective:r-x
mask:r-x
other:---
getfacl -a /samba/data/level1/level2
# file: /samba/data/level1/level2
# owner: myadmin
# group: grp1
user::rwx
group::r-x #effective:r-x
other:r-x
getfacl -a /samba/data/level1
# file: /samba/data/level1
# owner: root
# group: root
user::rwx
group::r-x #effective:r-x
mask:r-x
other:r-x
getfacl -a /samba/data
# file: /samba/data
# owner: myadmin
# group: grp1
user::rwx
user:user123:rwx #effective:rwx
group::r-x #effective:r-x
mask:rwx
other:r-x
************ From MS Windows side ************
properties/security
The group is in the "group and user names" list
there is no check box in the Allow or deny clomn
Advanced/permissions
Type Name Permission Inherited from Apply to
Allow smb_ins (MYDOMAIN/smb_ins) <not inherited> This folder only
****** ACTION:
When I try to force the situation returns to the original state with no error
checking allow inheritable and/or Replace permissions has no effect on nany
combination
When I add the user with access right, it is OK
************ Some extract the Samba log level 10 ************
[2008/08/15 12:25:22, 10] smbd/statcache.c:stat_cache_lookup(248)
stat_cache_lookup: lookup succeeded for name [jdoe] -> [jdoe]
[2008/08/15 12:25:22, 5] smbd/filename.c:unix_convert(246)
unix_convert begin: name = jdoe/ntuser.man, dirpath = jdoe, start = ntuser.man
[2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276)
is_mangled ntuser.man ?
[2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215)
is_mangled_component ntuser.man (len 10) ?
[2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276)
is_mangled ntuser.man ?
[2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215)
is_mangled_component ntuser.man (len 10) ?
[2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276)
is_mangled ntuser.man ?
[2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215)
is_mangled_component ntuser.man (len 10) ?
[2008/08/15 12:25:22, 5] smbd/filename.c:unix_convert(440)
New file ntuser.man
[2008/08/15 12:25:22, 3] smbd/dosmode.c:unix_mode(142)
unix_mode(jdoe/ntuser.man) returning 0700
[2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1184)
open_file_ntcreate: fname=jdoe/ntuser.man, dos_attrs=0x0
access_mask=0x1 share_access=0x7 create_disposition = 0x1
create_options=0x140 unix mode=0700 oplock_request=3
[2008/08/15 12:25:22, 5] smbd/open.c:open_file_ntcreate(1264)
open_file_ntcreate: FILE_OPEN requested for file jdoe/ntuser.man and file
doesn't exist.
[2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/nttrans.c(805) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2008/08/15 12:25:22, 5] lib/util.c:show_msg(484)
[2008/08/15 12:25:22, 5] lib/util.c:show_msg(494)
size=35
smb_com=0xa2
smb_rcls=52
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=3
smb_pid=588
smb_uid=101
smb_mid=1024
smt_wct=0
smb_bcc=0
[2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1347)
open_file_ntcreate: fname=jdoe/Application
Data/Microsoft/SystemCertificates/My/CRLs, after mapping access_mask=0x1
[2008/08/15 12:25:22, 5] smbd/files.c:file_new(123)
allocated file structure 1332, fnum = 5428 (5 used)
[2008/08/15 12:25:22, 4] smbd/open.c:open_file_ntcreate(1605)
calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x1,
open_access_mask = 0x1
[2008/08/15 12:25:22, 10] smbd/open.c:fd_open(67)
fd_open: name jdoe/Application Data/Microsoft/SystemCertificates/My/CRLs,
flags = 00 mode = 0700, fd = 32.
[2008/08/15 12:25:22, 10] locking/posix.c:get_windows_lock_ref_count(545)
get_windows_lock_count for file = 0
[2008/08/15 12:25:22, 10] locking/posix.c:delete_windows_lock_ref_count(559)
delete_windows_lock_ref_count for file
[2008/08/15 12:25:22, 5] smbd/files.c:file_free(454)
freed files structure 5428 (4 used)
[2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/nttrans.c(779) cmd=162 (SMBntcreateX)
NT_STATUS_FILE_IS_A_DIRECTORY
[2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1347)
open_file_ntcreate: fname=jdoe/Application
Data/Microsoft/SystemCertificates/My/CRLs, after mapping access_mask=0x1
[2008/08/15 12:25:22, 5] smbd/files.c:file_new(123)
allocated file structure 1332, fnum = 5428 (5 used)
[2008/08/15 12:25:22, 4] smbd/open.c:open_file_ntcreate(1605)
calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x1,
open_access_mask = 0x1
[2008/08/15 12:25:22, 10] smbd/open.c:fd_open(67)
fd_open: name jdoe/Application Data/Microsoft/SystemCertificates/My/CRLs,
flags = 00 mode = 0700, fd = 32.
[2008/08/15 12:25:22, 10] locking/posix.c:get_windows_lock_ref_count(545)
get_windows_lock_count for file = 0
[2008/08/15 12:25:22, 10] locking/posix.c:delete_windows_lock_ref_count(559)
delete_windows_lock_ref_count for file
[2008/08/15 12:25:22, 5] smbd/files.c:file_free(454)
freed files structure 5428 (4 used)
[2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/nttrans.c(779) cmd=162 (SMBntcreateX)
NT_STATUS_FILE_IS_A_DIRECTORY
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
Duncan Brannen
2008-Aug-19 12:14 UTC
[Samba] Samba 3.0.x access rights issue with secondary groups or Unix rights
Hi,
I have a similar problem, no ADS in my setup, just no
supplementary groups showing
up (samba 3.2.1 and groups ldap in nsswitch.conf as opposed to working
with Samba 3.0.28 and groups nis in nsswitch.conf)
Solaris 10 SPARC
Everything looks ok, getent, groups <user> etc when logged in as root,
but if I su to the user
not getting any groups and type
>groups
I don't see any groups there bar the primary one.
Are you seeing the same thing? IE if you're logged in as root and type
groups jdoe
You see all of jdoe's groups
but if you su to jdoe and type
groups
You only see the primary group?
Just a long shot but might push you in the right direction?
Cheers,
Duncan
albanperso-zatoo@yahoo.com wrote:> Hi experts
>
> I have a trouble in access rights
>
> I am running Samba
> 3.0.31 on Solaris 10 x86 64 bits as member server of an Active
> Directory 2003 R2 domain (MYDOMAIN) using Identity Management for Unix
> I set rights to access a sub folder of a Samba share. On Solaris the user
> "toto" jdoe can write a new file. From Windows, the same user
can't.
> Itlooks like OK when the primary group (grp1) of the user is the group
> that own the subtree but not when this owner group is a secondary group
> (grp2).
> It is OK If I set explicitly the user right from MS Windows
> I can't change the access rights to the group from MS Windows
>
> I suspect Unix ownership or ACL to be the root cause but I can't
exclude a Samba issue
>
> Thanks for help
>
> Here a long details on my config (sorry for the parts that take place and
no useful info, so just go to the valuable data)
>
> ************ An extract from my smb.conf ************
>
> [global]
> ## part windows ##
> host msdfs = no
> netbios name = machines01
> netbios aliases = 2store
> server string = 2store
> workgroup = MYDOMAIN
> realm = MYDOMAIN.LOCAL
> security = ADS
> use kerberos keytab = yes
> obey pam restrictions = Yes
> use spnego = yes
> client use spnego = yes
> password server = machinew01.MYDOMAIN.local
machinew07.MYDOMAIN.local
> # unix extensions = no
> machine password timeout = 0
> # logon path = \\machines01\profiles\%U
> template shell = /bin/bash
> hosts allow = 127.0.0.1, 192.168.10.0/255.255.255.0,
192.168.11.0/255.255.255.0
> ## part samba engine ##
> max log size = 50000
> log level = 10
> syslog = 0
> log file = /var/log/samba/%m
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> ## part ldap et idmap ##
> ldap admin dn =
"cn=myadmin,cn=users,dc=MYDOMAIN,dc=local"
> ldap idmap suffix = ou=idmap
> ldap ssl = no
> idmap backend = ldap:ldap://machinew01.MYDOMAIN.local
ldap:ldap://machinew07.MYDOMAIN.local
> #idmap backend > 0-20000
> #idmap backend = ad
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> #idmap config MYDOMAIN:schema_mode = rfc2307
> ## part winbind ##
> winbind nss info = rfc2307
> winbind cache time = 5
> winbind refresh tickets = Yes
> winbind use default domain = Yes
> winbind trusted domains only = Yes
> winbind nested groups = Yes
> winbind enum groups = Yes
> winbind enum users = Yes
>
> [data]
> comment = Samba data folder
> path = /samba/data
> read only = No
> create mask = 0740
> directory mask = 0750
> guest ok = Yes
>
>
>
>
> ************ Check the Unix name resolution ************
> getent passwd jdoe
> jdoe:x:10037:10002:John DOE:/home/jdoe:/bin/sh
>
>
> getent group grp2
> grp2::10004:myadmin,jdoe,demo1,demo2,demo3
>
>
> ************ I can check that Samba can resolve if the user is member of
the group ************
>
> /usr/local/samba/bin/net ads user info jdoe
> grp2
> grp1
>
>
> /usr/local/samba/bin/wbinfo -G 10004
> S-1-5-21-2269603188-533060101-51835291-1642
>
> /usr/local/samba/bin/wbinfo -Y S-1-5-21-2269603188-533060101-51835291-1642
> 10004
>
>
> /usr/local/samba/bin/wbinfo -R 10004
> winbind_lookup_rids failed
> Could not lookup RIDs 10004
>
>
>
> ************ Review of the access rights ************
>
> ls -al /samba/data/level1/level2/level3/level4
> drwxrwsr-x+ 19 myadmin grp2 512 Aug 15 11:18 .
> drwxr-x--- 9 myadmin grp1 512 Aug 12 16:06 ..
> drwxrws---+ 3 myadmin grp2 512 Jun 27 10:58 general
> -rwxr-----+ 1 jdoe grp2 0 Aug 15 11:18 New Text Document from
Windows.txt
> -rwxrw---- 1 jdoe grp2 44 Aug 15 11:14 newdocfromunix.txt
>
> *** ACTION: I try on Unix to change the group owner of ".." by
grp2 but that remove all jdoe access from Windows
>
>
> ************ Test POSIX ACLs ************
> getfacl -a /samba/data/level1/level2/level3/level4/
>
> # file: /samba/data/level1/level2/level3/level4/
> # owner: myadmin
> # group: grp2
> user::rwx
> group::rwx #effective:rwx
> other:r-x
>
>
> getfacl -a /samba/data/level1/leve
> vel3
>
> # file: /samba/data/level1/level2/level3
> # owner: myadmin
> # group: grp1
> user::rwx
> group::r-x #effective:r-x
> mask:r-x
> other:---
>
>
> getfacl -a /samba/data/level1/level2
>
> # file: /samba/data/level1/level2
> # owner: myadmin
> # group: grp1
> user::rwx
> group::r-x #effective:r-x
> other:r-x
>
>
> getfacl -a /samba/data/level1
>
> # file: /samba/data/level1
> # owner: root
> # group: root
> user::rwx
> group::r-x #effective:r-x
> mask:r-x
> other:r-x
>
>
> getfacl -a /samba/data
>
> # file: /samba/data
> # owner: myadmin
> # group: grp1
> user::rwx
> user:user123:rwx #effective:rwx
> group::r-x #effective:r-x
> mask:rwx
> other:r-x
>
>
>
> ************ From MS Windows side ************
>
> properties/security
> The group is in the "group and user names" list
> there is no check box in the Allow or deny clomn
>
> Advanced/permissions
>
> Type Name Permission Inherited from Apply to
> Allow smb_ins (MYDOMAIN/smb_ins) <not inherited> This folder
only
>
> ****** ACTION:
> When I try to force the situation returns to the original state with no
error
> checking allow inheritable and/or Replace permissions has no effect on nany
combination
>
> When I add the user with access right, it is OK
>
>
>
>
> ************ Some extract the Samba log level 10 ************
>
> [2008/08/15 12:25:22, 10] smbd/statcache.c:stat_cache_lookup(248)
> stat_cache_lookup: lookup succeeded for name [jdoe] -> [jdoe]
> [2008/08/15 12:25:22, 5] smbd/filename.c:unix_convert(246)
> unix_convert begin: name = jdoe/ntuser.man, dirpath = jdoe, start =
ntuser.man
> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276)
> is_mangled ntuser.man ?
> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215)
> is_mangled_component ntuser.man (len 10) ?
> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276)
> is_mangled ntuser.man ?
> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215)
> is_mangled_component ntuser.man (len 10) ?
> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276)
> is_mangled ntuser.man ?
> [200
> mangle_hash2.c:is_mangled_component(215)
> is_mangled_component ntuser.man (len 10) ?
> [2008/08/15 12:25:22, 5] smbd/filename.c:unix_convert(440)
> New file ntuser.man
> [2008/08/15 12:25:22, 3] smbd/dosmode.c:unix_mode(142)
> unix_mode(jdoe/ntuser.man) returning 0700
> [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1184)
>
> open_file_ntcreate: fname=jdoe/ntuser.man, dos_attrs=0x0
> access_mask=0x1 share_access=0x7 create_disposition = 0x1
> create_options=0x140 unix mode=0700 oplock_request=3
> [2008/08/15 12:25:22, 5] smbd/open.c:open_file_ntcreate(1264)
> open_file_ntcreate: FILE_OPEN requested for file jdoe/ntuser.man and file
doesn't exist.
> [2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106)
> error packet at smbd/nttrans.c(805) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2008/08/15 12:25:22, 5] lib/util.c:show_msg(484)
> [2008/08/15 12:25:22, 5] lib/util.c:show_msg(494)
> size=35
> smb_com=0xa2
> smb_rcls=52
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51201
> smb_tid=3
> smb_pid=588
> smb_uid=101
> smb_mid=1024
> smt_wct=0
> smb_bcc=0
>
>
>
> [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1347)
> open_file_ntcreate: fname=jdoe/Application
Data/Microsoft/SystemCertificates/My/CRLs, after mapping access_mask=0x1
> [2008/08/15 12:25:22, 5] smbd/files.c:file_new(123)
> allocated file structure 1332, fnum = 5428 (5 used)
> [2008/08/15 12:25:22, 4] smbd/open.c:open_file_ntcreate(1605)
> calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x1,
open_access_mask = 0x1
> [2008/08/15 12:25:22, 10] smbd/open.c:fd_open(67)
> fd_open: name jdoe/Application Data/Microsoft/SystemCertificates/My/CRLs,
flags = 00 mode = 0700, fd = 32.
> [2008/08/15 12:25:22, 10] locking/posix.c:get_windows_lock_ref_count(545)
> get_windows_lock_count for file = 0
> [2008/08/15 12:25:22, 10]
locking/posix.c:delete_windows_lock_ref_count(559)
> delete_windows_lock_ref_count for file
> [2008/08/15 12:25:22, 5] smbd/files.c:file_free(454)
> freed files structure 5428 (4 used)
> [2008/08/15 12:25:22, 3]
> 6)
> error packet at smbd/nttrans.c(779) cmd=162 (SMBntcreateX)
NT_STATUS_FILE_IS_A_DIRECTORY
>
>
> [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1347)
> open_file_ntcreate: fname=jdoe/Application
Data/Microsoft/SystemCertificates/My/CRLs, after mapping access_mask=0x1
> [2008/08/15 12:25:22, 5] smbd/files.c:file_new(123)
> allocated file structure 1332, fnum = 5428 (5 used)
> [2008/08/15 12:25:22, 4] smbd/open.c:open_file_ntcreate(1605)
> calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x1,
open_access_mask = 0x1
> [2008/08/15 12:25:22, 10] smbd/open.c:fd_open(67)
> fd_open: name jdoe/Application Data/Microsoft/SystemCertificates/My/CRLs,
flags = 00 mode = 0700, fd = 32.
> [2008/08/15 12:25:22, 10] locking/posix.c:get_windows_lock_ref_count(545)
> get_windows_lock_count for file = 0
> [2008/08/15 12:25:22, 10]
locking/posix.c:delete_windows_lock_ref_count(559)
> delete_windows_lock_ref_count for file
> [2008/08/15 12:25:22, 5] smbd/files.c:file_free(454)
> freed files structure 5428 (4 used)
> [2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106)
> error packet at smbd/nttrans.c(779) cmd=162 (SMBntcreateX)
NT_STATUS_FILE_IS_A_DIRECTORY
>
>
>
_____________________________________________________________________________
> Envoyez avec Yahoo! Mail. Une boite mail plus intelligente
http://mail.yahoo.fr
>
--
The University of St Andrews is a charity registered in Scotland : No SC013532
albanperso-zatoo@yahoo.com
2008-Aug-19 12:41 UTC
[Samba] Samba 3.0.x access rights issue with secondary groups or Unix rights
details on grous command To have the secondary groups, I have to enter "id -a" logged as the user As root, It doesn't work. "id -a jdoe" just returns the primary group ----- Message d'origine ----> De : Duncan Brannen <dbb@st-andrews.ac.uk> > ? : albanperso-zatoo@yahoo.com > Cc : samba@lists.samba.org > Envoy? le : Mardi, 19 Ao?t 2008, 14h02mn 38s > Objet : Re: [Samba] Samba 3.0.x access rights issue with secondary groups or Unix rights > > > Hi, > I have a similar problem, no ADS in my setup, just no > supplementary groups showing > up (samba 3.2.1 and groups ldap in nsswitch.conf as opposed to working > with Samba 3.0.28 and groups nis in nsswitch.conf) > Solaris 10 SPARC > > Everything looks ok, getent, groups etc when logged in as root, > but if I su to the user > not getting any groups and type > > >groups > > I don't see any groups there bar the primary one. > > Are you seeing the same thing? IE if you're logged in as root and type > > groups jdoe > > You see all of jdoe's groups > > but if you su to jdoe and type > > groups > > You only see the primary group? > > Just a long shot but might push you in the right direction? > > > Cheers, > Duncan > > > albanperso-zatoo@yahoo.com wrote: > > Hi experts > > > > I have a trouble in access rights > > > > I am running Samba > > 3.0.31 on Solaris 10 x86 64 bits as member server of an Active > > Directory 2003 R2 domain (MYDOMAIN) using Identity Management for Unix > > I set rights to access a sub folder of a Samba share. On Solaris the user > > "toto" jdoe can write a new file. From Windows, the same user can't. > > Itlooks like OK when the primary group (grp1) of the user is the group > > that own the subtree but not when this owner group is a secondary group > > (grp2). > > It is OK If I set explicitly the user right from MS Windows > > I can't change the access rights to the group from MS Windows > > > > I suspect Unix ownership or ACL to be the root cause but I can't exclude a > Samba issue > > > > Thanks for help > > > > Here a long details on my config (sorry for the parts that take place and no > useful info, so just go to the valuable data) > > > > ************ An extract from my smb.conf ************ > > > > [global] > > ## part windows ## > > host msdfs = no > > netbios name = machines01 > > netbios aliases = 2store > > server string = 2store > > workgroup = MYDOMAIN > > realm = MYDOMAIN.LOCAL > > security = ADS > > use kerberos keytab = yes > > obey pam restrictions = Yes > > use spnego = yes > > client use spnego = yes > > password server = machinew01.MYDOMAIN.local machinew07.MYDOMAIN.local > > # unix extensions = no > > machine password timeout = 0 > > # logon path = \\machines01\profiles\%U > > template shell = /bin/bash > > hosts allow = 127.0.0.1, 192.168.10.0/255.255.255.0, > 192.168.11.0/255.255.255.0 > > ## part samba engine ## > > max log size = 50000 > > log level = 10 > > syslog = 0 > > log file = /var/log/samba/%m > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > ## part ldap et idmap ## > > ldap admin dn = "cn=myadmin,cn=users,dc=MYDOMAIN,dc=local" > > ldap idmap suffix = ou=idmap > > ldap ssl = no > > idmap backend = ldap:ldap://machinew01.MYDOMAIN.local > ldap:ldap://machinew07.MYDOMAIN.local > > #idmap backend > > 0-20000 > > #idmap backend = ad > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > #idmap config MYDOMAIN:schema_mode = rfc2307 > > ## part winbind ## > > winbind nss info = rfc2307 > > winbind cache time = 5 > > winbind refresh tickets = Yes > > winbind use default domain = Yes > > winbind trusted domains only = Yes > > winbind nested groups = Yes > > winbind enum groups = Yes > > winbind enum users = Yes > > > > [data] > > comment = Samba data folder > > path = /samba/data > > read only = No > > create mask = 0740 > > directory mask = 0750 > > guest ok = Yes > > > > > > > > > > ************ Check the Unix name resolution ************ > > getent passwd jdoe > > jdoe:x:10037:10002:John DOE:/home/jdoe:/bin/sh > > > > > > getent group grp2 > > grp2::10004:myadmin,jdoe,demo1,demo2,demo3 > > > > > > ************ I can check that Samba can resolve if the user is member of the > group ************ > > > > /usr/local/samba/bin/net ads user info jdoe > > grp2 > > grp1 > > > > > > /usr/local/samba/bin/wbinfo -G 10004 > > S-1-5-21-2269603188-533060101-51835291-1642 > > > > /usr/local/samba/bin/wbinfo -Y S-1-5-21-2269603188-533060101-51835291-1642 > > 10004 > > > > > > /usr/local/samba/bin/wbinfo -R 10004 > > winbind_lookup_rids failed > > Could not lookup RIDs 10004 > > > > > > > > ************ Review of the access rights ************ > > > > ls -al /samba/data/level1/level2/level3/level4 > > drwxrwsr-x+ 19 myadmin grp2 512 Aug 15 11:18 . > > drwxr-x--- 9 myadmin grp1 512 Aug 12 16:06 .. > > drwxrws---+ 3 myadmin grp2 512 Jun 27 10:58 general > > -rwxr-----+ 1 jdoe grp2 0 Aug 15 11:18 New Text Document from > Windows.txt > > -rwxrw---- 1 jdoe grp2 44 Aug 15 11:14 newdocfromunix.txt > > > > *** ACTION: I try on Unix to change the group owner of ".." by grp2 but that > remove all jdoe access from Windows > > > > > > ************ Test POSIX ACLs ************ > > getfacl -a /samba/data/level1/level2/level3/level4/ > > > > # file: /samba/data/level1/level2/level3/level4/ > > # owner: myadmin > > # group: grp2 > > user::rwx > > group::rwx #effective:rwx > > other:r-x > > > > > > getfacl -a /samba/data/level1/leve > > vel3 > > > > # file: /samba/data/level1/level2/level3 > > # owner: myadmin > > # group: grp1 > > user::rwx > > group::r-x #effective:r-x > > mask:r-x > > other:--- > > > > > > getfacl -a /samba/data/level1/level2 > > > > # file: /samba/data/level1/level2 > > # owner: myadmin > > # group: grp1 > > user::rwx > > group::r-x #effective:r-x > > other:r-x > > > > > > getfacl -a /samba/data/level1 > > > > # file: /samba/data/level1 > > # owner: root > > # group: root > > user::rwx > > group::r-x #effective:r-x > > mask:r-x > > other:r-x > > > > > > getfacl -a /samba/data > > > > # file: /samba/data > > # owner: myadmin > > # group: grp1 > > user::rwx > > user:user123:rwx #effective:rwx > > group::r-x #effective:r-x > > mask:rwx > > other:r-x > > > > > > > > ************ From MS Windows side ************ > > > > properties/security > > The group is in the "group and user names" list > > there is no check box in the Allow or deny clomn > > > > Advanced/permissions > > > > Type Name Permission Inherited from Apply to > > Allow smb_ins (MYDOMAIN/smb_ins) This folder only > > > > ****** ACTION: > > When I try to force the situation returns to the original state with no error > > checking allow inheritable and/or Replace permissions has no effect on nany > combination > > > > When I add the user with access right, it is OK > > > > > > > > > > ************ Some extract the Samba log level 10 ************ > > > > [2008/08/15 12:25:22, 10] smbd/statcache.c:stat_cache_lookup(248) > > stat_cache_lookup: lookup succeeded for name [jdoe] -> [jdoe] > > [2008/08/15 12:25:22, 5] smbd/filename.c:unix_convert(246) > > unix_convert begin: name = jdoe/ntuser.man, dirpath = jdoe, start = > ntuser.man > > [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276) > > is_mangled ntuser.man ? > > [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215) > > is_mangled_component ntuser.man (len 10) ? > > [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276) > > is_mangled ntuser.man ? > > [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215) > > is_mangled_component ntuser.man (len 10) ? > > [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276) > > is_mangled ntuser.man ? > > [200 > > mangle_hash2.c:is_mangled_component(215) > > is_mangled_component ntuser.man (len 10) ? > > [2008/08/15 12:25:22, 5] smbd/filename.c:unix_convert(440) > > New file ntuser.man > > [2008/08/15 12:25:22, 3] smbd/dosmode.c:unix_mode(142) > > unix_mode(jdoe/ntuser.man) returning 0700 > > [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1184) > > > > open_file_ntcreate: fname=jdoe/ntuser.man, dos_attrs=0x0 > > access_mask=0x1 share_access=0x7 create_disposition = 0x1 > > create_options=0x140 unix mode=0700 oplock_request=3 > > [2008/08/15 12:25:22, 5] smbd/open.c:open_file_ntcreate(1264) > > open_file_ntcreate: FILE_OPEN requested for file jdoe/ntuser.man and file > doesn't exist. > > [2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106) > > error packet at smbd/nttrans.c(805) cmd=162 (SMBntcreateX) > NT_STATUS_OBJECT_NAME_NOT_FOUND > > [2008/08/15 12:25:22, 5] lib/util.c:show_msg(484) > > [2008/08/15 12:25:22, 5] lib/util.c:show_msg(494) > > size=35 > > smb_com=0xa2 > > smb_rcls=52 > > smb_reh=0 > > smb_err=49152 > > smb_flg=136 > > smb_flg2=51201 > > smb_tid=3 > > smb_pid=588 > > smb_uid=101 > > smb_mid=1024 > > smt_wct=0 > > smb_bcc=0 > > > > > > > > [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1347) > > open_file_ntcreate: fname=jdoe/Application > Data/Microsoft/SystemCertificates/My/CRLs, after mapping access_mask=0x1 > > [2008/08/15 12:25:22, 5] smbd/files.c:file_new(123) > > allocated file structure 1332, fnum = 5428 (5 used) > > [2008/08/15 12:25:22, 4] smbd/open.c:open_file_ntcreate(1605) > > calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x1, > open_access_mask = 0x1 > > [2008/08/15 12:25:22, 10] smbd/open.c:fd_open(67) > > fd_open: name jdoe/Application Data/Microsoft/SystemCertificates/My/CRLs, > flags = 00 mode = 0700, fd = 32. > > [2008/08/15 12:25:22, 10] locking/posix.c:get_windows_lock_ref_count(545) > > get_windows_lock_count for file = 0 > > [2008/08/15 12:25:22, 10] locking/posix.c:delete_windows_lock_ref_count(559) > > delete_windows_lock_ref_count for file > > [2008/08/15 12:25:22, 5] smbd/files.c:file_free(454) > > freed files structure 5428 (4 used) > > [2008/08/15 12:25:22, 3] > > 6) > > error packet at smbd/nttrans.c(779) cmd=162 (SMBntcreateX) > NT_STATUS_FILE_IS_A_DIRECTORY > > > > > > [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1347) > > open_file_ntcreate: fname=jdoe/Application > Data/Microsoft/SystemCertificates/My/CRLs, after mapping access_mask=0x1 > > [2008/08/15 12:25:22, 5] smbd/files.c:file_new(123) > > allocated file structure 1332, fnum = 5428 (5 used) > > [2008/08/15 12:25:22, 4] smbd/open.c:open_file_ntcreate(1605) > > calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x1, > open_access_mask = 0x1 > > [2008/08/15 12:25:22, 10] smbd/open.c:fd_open(67) > > fd_open: name jdoe/Application Data/Microsoft/SystemCertificates/My/CRLs, > flags = 00 mode = 0700, fd = 32. > > [2008/08/15 12:25:22, 10] locking/posix.c:get_windows_lock_ref_count(545) > > get_windows_lock_count for file = 0 > > [2008/08/15 12:25:22, 10] locking/posix.c:delete_windows_lock_ref_count(559) > > delete_windows_lock_ref_count for file > > [2008/08/15 12:25:22, 5] smbd/files.c:file_free(454) > > freed files structure 5428 (4 used) > > [2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106) > > error packet at smbd/nttrans.c(779) cmd=162 (SMBntcreateX) > NT_STATUS_FILE_IS_A_DIRECTORY > > > > > > > _____________________________________________________________________________ > > Envoyez avec Yahoo! Mail. Une boite mail plus intelligente > http://mail.yahoo.fr > > > > > -- > The University of St Andrews is a charity registered in Scotland : No SC013532_____________________________________________________________________________ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
albanperso-zatoo@yahoo.com
2008-Aug-19 13:53 UTC
[Samba] Samba 3.0.x access rights issue with secondary groups or Unix rights
good remark, Duncan, but on the samba side, the commande "net ads user info jdoe" can resolve all the user groups included secondary I check on unix side with the ldapsearch command that using kerberos that the authentication of the involved accounts can read requires all attributes in users and groups and it is OK I have no idea on what's wrong I am stuck and an expert could probably help us Regards ----- Message d'origine ----> De : Duncan Brannen <dbb@st-andrews.ac.uk> > ? : albanperso-zatoo@yahoo.com > Cc : samba@lists.samba.org > Envoy? le : Mardi, 19 Ao?t 2008, 15h28mn 47s > Objet : Re: Re : [Samba] Samba 3.0.x access rights issue with secondary groups or Unix rights > > > Someone more knowledgeable may correct me, but I'd guess you have to fix > that, > if Solaris isn't picking up secondary groups for a user, I'd think Samba > won't find > them either. > > On my systems id -a returns all the groups, it's just the groups command > when run as > a non root user that doesn't work on my systems with groups configured > in ldap and > this seems enough to stop Samba picking up my secondary groups. Your systems > seems to be misbehaving in the opposite way. > > If I fix mine, I'll let you know what was wrong, I may just go back to > NIS groups > in nsswitch.conf. > > Cheers, > Duncan > > > > albanperso-zatoo@yahoo.com wrote: > > details on grous command > > > > > > To have the secondary groups, I have to enter "id -a" logged as the user > > > > As root, It doesn't work. "id -a jdoe" just returns the primary group > > > > > > > > ----- Message d'origine ---- > > > >> De : Duncan Brannen > >> ? : albanperso-zatoo@yahoo.com > >> Cc : samba@lists.samba.org > >> Envoy? le : Mardi, 19 Ao?t 2008, 14h02mn 38s > >> Objet : Re: [Samba] Samba 3.0.x access rights issue with secondary groups or > Unix rights > >> > >> > >> Hi, > >> I have a similar problem, no ADS in my setup, just no > >> supplementary groups showing > >> up (samba 3.2.1 and groups ldap in nsswitch.conf as opposed to working > >> with Samba 3.0.28 and groups nis in nsswitch.conf) > >> Solaris 10 SPARC > >> > >> Everything looks ok, getent, groups etc when logged in as root, > >> but if I su to the user > >> not getting any groups and type > >> > >> > >>> groups > >>> > >> I don't see any groups there bar the primary one. > >> > >> Are you seeing the same thing? IE if you're logged in as root and type > >> > >> groups jdoe > >> > >> You see all of jdoe's groups > >> > >> but if you su to jdoe and type > >> > >> groups > >> > >> You only see the primary group? > >> > >> Just a long shot but might push you in the right direction? > >> > >> > >> Cheers, > >> Duncan > >> > >> > >> albanperso-zatoo@yahoo.com wrote: > >> > >>> Hi experts > >>> > >>> I have a trouble in access rights > >>> > >>> I am running Samba > >>> 3.0.31 on Solaris 10 x86 64 bits as member server of an Active > >>> Directory 2003 R2 domain (MYDOMAIN) using Identity Management for Unix > >>> I set rights to access a sub folder of a Samba share. On Solaris the user > >>> "toto" jdoe can write a new file. From Windows, the same user can't. > >>> Itlooks like OK when the primary group (grp1) of the user is the group > >>> that own the subtree but not when this owner group is a secondary group > >>> (grp2). > >>> It is OK If I set explicitly the user right from MS Windows > >>> I can't change the access rights to the group from MS Windows > >>> > >>> I suspect Unix ownership or ACL to be the root cause but I can't exclude a > >>> > >> Samba issue > >> > >>> Thanks for help > >>> > >>> > > he parts that take place and no > > > >> useful info, so just go to the valuable data) > >> > >>> ************ An extract from my smb.conf ************ > >>> > >>> [global] > >>> ## part windows ## > >>> host msdfs = no > >>> netbios name = machines01 > >>> netbios aliases = 2store > >>> server string = 2store > >>> workgroup = MYDOMAIN > >>> realm = MYDOMAIN.LOCAL > >>> security = ADS > >>> use kerberos keytab = yes > >>> obey pam restrictions = Yes > >>> use spnego = yes > >>> client use spnego = yes > >>> password server = machinew01.MYDOMAIN.local > machinew07.MYDOMAIN.local > >>> # unix extensions = no > >>> machine password timeout = 0 > >>> # logon path = \\machines01\profiles\%U > >>> template shell = /bin/bash > >>> hosts allow = 127.0.0.1, 192.168.10.0/255.255.255.0, > >>> > >> 192.168.11.0/255.255.255.0 > >> > >>> ## part samba engine ## > >>> max log size = 50000 > >>> log level = 10 > >>> syslog = 0 > >>> log file = /var/log/samba/%m > >>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > >>> ## part ldap et idmap ## > >>> ldap admin dn = "cn=myadmin,cn=users,dc=MYDOMAIN,dc=local" > >>> ldap idmap suffix = ou=idmap > >>> ldap ssl = no > >>> idmap backend = ldap:ldap://machinew01.MYDOMAIN.local > >>> > >> ldap:ldap://machinew07.MYDOMAIN.local > >> > >>> #idmap backend > >>> 0-20000 > >>> #idmap backend = ad > >>> idmap uid = 10000-20000 > >>> idmap gid = 10000-20000 > >>> #idmap config MYDOMAIN:schema_mode = rfc2307 > >>> ## part winbind ## > >>> winbind nss info = rfc2307 > >>> winbind cache time = 5 > >>> winbind refresh tickets = Yes > >>> winbind use default domain = Yes > >>> winbind trusted domains only = Yes > >>> winbind nested groups = Yes > >>> winbind enum groups = Yes > >>> winbind enum users = Yes > >>> > >>> [data] > >>> comment = Samba data folder > >>> path = /samba/data > >>> read o > >>> > > ctory mask = 0750 > > > >>> guest ok = Yes > >>> > >>> > >>> > >>> > >>> ************ Check the Unix name resolution ************ > >>> getent passwd jdoe > >>> jdoe:x:10037:10002:John DOE:/home/jdoe:/bin/sh > >>> > >>> > >>> getent group grp2 > >>> grp2::10004:myadmin,jdoe,demo1,demo2,demo3 > >>> > >>> > >>> ************ I can check that Samba can resolve if the user is member of the > > >>> > >> group ************ > >> > >>> /usr/local/samba/bin/net ads user info jdoe > >>> grp2 > >>> grp1 > >>> > >>> > >>> /usr/local/samba/bin/wbinfo -G 10004 > >>> S-1-5-21-2269603188-533060101-51835291-1642 > >>> > >>> /usr/local/samba/bin/wbinfo -Y S-1-5-21-2269603188-533060101-51835291-1642 > >>> 10004 > >>> > >>> > >>> /usr/local/samba/bin/wbinfo -R 10004 > >>> winbind_lookup_rids failed > >>> Could not lookup RIDs 10004 > >>> > >>> > >>> > >>> ************ Review of the access rights ************ > >>> > >>> ls -al /samba/data/level1/level2/level3/level4 > >>> drwxrwsr-x+ 19 myadmin grp2 512 Aug 15 11:18 . > >>> drwxr-x--- 9 myadmin grp1 512 Aug 12 16:06 .. > >>> drwxrws---+ 3 myadmin grp2 512 Jun 27 10:58 general > >>> -rwxr-----+ 1 jdoe grp2 0 Aug 15 11:18 New Text Document from > >>> > >> Windows.txt > >> > >>> -rwxrw---- 1 jdoe grp2 44 Aug 15 11:14 newdocfromunix.txt > >>> > >>> *** ACTION: I try on Unix to change the group owner of ".." by grp2 but that > > >>> > >> remove all jdoe access from Windows > >> > >>> ************ Test POSIX ACLs ************ > >>> getfacl -a /samba/data/level1/level2/level3/level4/ > >>> > >>> # file: /samba/data/level1/level2/level3/level4/ > >>> # owner: myadmin > >>> # group: grp2 > >>> user::rwx > >>> group::rwx #effective:rwx > >>> other:r-x > >>> > >>> > >>> getfacl -a /samba/data/level1/leve > >>> vel3 > >>> > >>> # file: /samba/data/level1/level2/level3 > >>> # owner: myadmin > >>> # group: grp1 > >>> user::rwx > >>> group::r-x #effective:r-x > >>> mask:r-x > >>> other:--- > >>> > >>> > >>> getfacl -a /samba/data/level1/level2 > >>> > >>> # file: /samba/data/level1/level2 > >>> # owner: myadmin > >>> # group: grp1 > >>> user::rwx > >>> group::r-x #effective:r-x > >>> other: > >>> > > mba/data/level1 > > > >>> # file: /samba/data/level1 > >>> # owner: root > >>> # group: root > >>> user::rwx > >>> group::r-x #effective:r-x > >>> mask:r-x > >>> other:r-x > >>> > >>> > >>> getfacl -a /samba/data > >>> > >>> # file: /samba/data > >>> # owner: myadmin > >>> # group: grp1 > >>> user::rwx > >>> user:user123:rwx #effective:rwx > >>> group::r-x #effective:r-x > >>> mask:rwx > >>> other:r-x > >>> > >>> > >>> > >>> ************ From MS Windows side ************ > >>> > >>> properties/security > >>> The group is in the "group and user names" list > >>> there is no check box in the Allow or deny clomn > >>> > >>> Advanced/permissions > >>> > >>> Type Name Permission Inherited from Apply to > >>> Allow smb_ins (MYDOMAIN/smb_ins) This folder only > >>> > >>> ****** ACTION: > >>> When I try to force the situation returns to the original state with no > error > >>> checking allow inheritable and/or Replace permissions has no effect on nany > >>> > >> combination > >> > >>> When I add the user with access right, it is OK > >>> > >>> > >>> > >>> > >>> ************ Some extract the Samba log level 10 ************ > >>> > >>> [2008/08/15 12:25:22, 10] smbd/statcache.c:stat_cache_lookup(248) > >>> stat_cache_lookup: lookup succeeded for name [jdoe] -> [jdoe] > >>> [2008/08/15 12:25:22, 5] smbd/filename.c:unix_convert(246) > >>> unix_convert begin: name = jdoe/ntuser.man, dirpath = jdoe, start = > >>> > >> ntuser.man > >> > >>> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276) > >>> is_mangled ntuser.man ? > >>> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215) > >>> is_mangled_component ntuser.man (len 10) ? > >>> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276) > >>> is_mangled ntuser.man ? > >>> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled_component(215) > >>> is_mangled_component ntuser.man (len 10) ? > >>> [2008/08/15 12:25:22, 10] smbd/mangle_hash2.c:is_mangled(276) > >>> is_mangled ntuser.man ? > >>> [200 > >>> mangle_hash2.c:is_mangled_component(215) > >>> is_mangled_component ntuser.man (len 10) ? > >>> [2008/08/15 1 > >>> > > ntuser.man > > > >>> [2008/08/15 12:25:22, 3] smbd/dosmode.c:unix_mode(142) > >>> unix_mode(jdoe/ntuser.man) returning 0700 > >>> [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1184) > >>> > >>> open_file_ntcreate: fname=jdoe/ntuser.man, dos_attrs=0x0 > >>> access_mask=0x1 share_access=0x7 create_disposition = 0x1 > >>> create_options=0x140 unix mode=0700 oplock_request=3 > >>> [2008/08/15 12:25:22, 5] smbd/open.c:open_file_ntcreate(1264) > >>> open_file_ntcreate: FILE_OPEN requested for file jdoe/ntuser.man and file > >>> > >> doesn't exist. > >> > >>> [2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106) > >>> error packet at smbd/nttrans.c(805) cmd=162 (SMBntcreateX) > >>> > >> NT_STATUS_OBJECT_NAME_NOT_FOUND > >> > >>> [2008/08/15 12:25:22, 5] lib/util.c:show_msg(484) > >>> [2008/08/15 12:25:22, 5] lib/util.c:show_msg(494) > >>> size=35 > >>> smb_com=0xa2 > >>> smb_rcls=52 > >>> smb_reh=0 > >>> smb_err=49152 > >>> smb_flg=136 > >>> smb_flg2=51201 > >>> smb_tid=3 > >>> smb_pid=588 > >>> smb_uid=101 > >>> smb_mid=1024 > >>> smt_wct=0 > >>> smb_bcc=0 > >>> > >>> > >>> > >>> [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1347) > >>> open_file_ntcreate: fname=jdoe/Application > >>> > >> Data/Microsoft/SystemCertificates/My/CRLs, after mapping access_mask=0x1 > >> > >>> [2008/08/15 12:25:22, 5] smbd/files.c:file_new(123) > >>> allocated file structure 1332, fnum = 5428 (5 used) > >>> [2008/08/15 12:25:22, 4] smbd/open.c:open_file_ntcreate(1605) > >>> calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x1, > >>> > >> open_access_mask = 0x1 > >> > >>> [2008/08/15 12:25:22, 10] smbd/open.c:fd_open(67) > >>> fd_open: name jdoe/Application Data/Microsoft/SystemCertificates/My/CRLs, > >>> > >> flags = 00 mode = 0700, fd = 32. > >> > >>> [2008/08/15 12:25:22, 10] locking/posix.c:get_windows_lock_ref_count(545) > >>> get_windows_lock_count for file = 0 > >>> [2008/08/15 12:25:22, 10] locking/posix.c:delete_windows_lock_ref_count(559) > >>> delete_windows_lock_ref_count for file > >>> [2008/08/15 12:25:22, 5] smbd/files.c:file_free(454) > >>> freed files structure 5428 (4 used > >>> > >> 6) > >> > >>> error packet at smbd/nttrans.c(779) cmd=162 (SMBntcreateX) > >>> > >> NT_STATUS_FILE_IS_A_DIRECTORY > >> > >>> > >>> > >>> [2008/08/15 12:25:22, 10] smbd/open.c:open_file_ntcreate(1347) > >>> open_file_ntcreate: fname=jdoe/Application > >>> > >> Data/Microsoft/SystemCertificates/My/CRLs, after mapping access_mask=0x1 > >> > >>> [2008/08/15 12:25:22, 5] smbd/files.c:file_new(123) > >>> allocated file structure 1332, fnum = 5428 (5 used) > >>> [2008/08/15 12:25:22, 4] smbd/open.c:open_file_ntcreate(1605) > >>> calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x1, > >>> > >> open_access_mask = 0x1 > >> > >>> [2008/08/15 12:25:22, 10] smbd/open.c:fd_open(67) > >>> fd_open: name jdoe/Application Data/Microsoft/SystemCertificates/My/CRLs, > >>> > >> flags = 00 mode = 0700, fd = 32. > >> > >>> [2008/08/15 12:25:22, 10] locking/posix.c:get_windows_lock_ref_count(545) > >>> get_windows_lock_count for file = 0 > >>> [2008/08/15 12:25:22, 10] locking/posix.c:delete_windows_lock_ref_count(559) > >>> delete_windows_lock_ref_count for file > >>> [2008/08/15 12:25:22, 5] smbd/files.c:file_free(454) > >>> freed files structure 5428 (4 used) > >>> [2008/08/15 12:25:22, 3] smbd/error.c:error_packet_set(106) > >>> error packet at smbd/nttrans.c(779) cmd=162 (SMBntcreateX) > >>> > >> NT_STATUS_FILE_IS_A_DIRECTORY > >> > >>> > >>> > >> _____________________________________________________________________________ > > >> > >>> Envoyez avec Yahoo! Mail. Une boite mail plus intelligente > >>> > >> http://mail.yahoo.fr > >> > >>> > >>> > >> -- > >> The University of St Andrews is a charity registered in Scotland : No > SC013532 > >> > > > > > > > > > _____________________________________________________________________________ > > Envoyez avec Yahoo! Mail. Une boite mail plus intelligente > http://mail.yahoo.fr > > > > > -- > The University of St Andrews is a charity registered in Scotland : No SC013532_____________________________________________________________________________ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr