Hello,
I do have a very strange behavior. For some reason, I only observe
this, when I access a samba share through an openvpn tunnel.
(1) objective
have a share, have SECURITY USERS (to control access rights), but NULL
PASSWORDS (authentication is fine enough by vpn). Find config files
below.
This is samba 3.3.2. Openvpn 2.1_rc11.
(2) issue
I connect via vpn from winXP ... fine
I access some shares ... fine
I access some directories and files ... fine (btw: access rights work
perfectly)
I create a file or a folder ... sometimes works, sometimes not
THEN: If it works I try to rename the file or folder. It does not
*ALWAYS* work. Sometimes it does. More often it does not. WinXP throws
"access denied". I played around with the parameters "nt acl
support no", "directory mask", "create mask",
"force directory mask". Nothing
really works out (latest version attached below). The logfiles are
very busy and I cannot figure out what is really going on.
=> did anybody ever observe this?
=> this does not occur, when I do *not* access the share through VPN!
Or is this coincidence?
=> real issue is, that sometimes it works. In this successful case,
the renamed folder appears only after various F5 in winXP (refresh).
(3) config file smb.conf
[global]
log file = /var/log/samba/log.%m
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*
\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = yes
null passwords = yes
encrypt passwords = yes
passwd program = /usr/bin/passwd %u
passdb backend = tdbsam
dns proxy = no
server string = %h server (Samba, Ubuntu)
unix password sync = yes
workgroup = DALL-ARMI
security = user
syslog = 0
usershare allow guests = yes
panic action = /usr/share/samba/panic-action %d
unix charset = UTF8
max log size = 1000
pam password change = yes
log level = 0
nt acl support = no
[share]
path=/mnt/workspace/share
comment = share-workspace
browsable = yes
read only = no
create mask = 777
directory mask = 777
force directory mode = 0770
#guest ok = true
All other options of smb.conf are (or should be :-) "default".
(4) samba log files with a "log level 3"
Here are some snippets which seem strange to me:
<snip>
[2009/09/10 01:50:00, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID
[S-1-5-21-3561405685-2395757788-2122654243-501]
[2009/09/10 01:50:00, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2009/09/10 01:50:00, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-32-546]
<snip>
[2009/09/10 01:50:00, 3] smbd/password.c:register_existing_vuid(289)
register_existing_vuid: User name: nobody Real name: nobody
[2009/09/10 01:50:00, 3] smbd/password.c:register_existing_vuid(299)
register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will
be vuid 100
<snip>
[2009/09/10 01:50:01, 3] smbd/msdfs.c:get_referred_path(813)
get_referred_path: |piazza| in dfs path \10.8.0.1\piazza is not a
dfs root.
[2009/09/10 01:50:01, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/trans2.c(7299) cmd=50 (SMBtrans2)
NT_STATUS_NOT_FOUND
<snip>
[2009/09/10 01:50:01, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user [MB-LAPTOP]
\[mra]@[MB-LAPTOP] with the new password interface
[2009/09/10 01:50:01, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [MASTER]\[mra]@[MB-LAPTOP]
<snip>
[2009/09/10 01:50:01, 3] auth/auth_sam.c:sam_password_ok(47)
Account for user 'mra' has no password and null passwords are
allowed.
<snip>
[2009/09/10 01:50:01, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [mra] -> [mra] ->
[mra] succeeded
<snip>
[2009/09/10 01:50:01, 3] auth/token_util.c:create_local_nt_token(433)
Failed to fetch domain sid for DALL-ARMI
<snip>
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID
[S-1-5-21-3561405685-2395757788-2122654243-1014]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-1000]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-4]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-110]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-112]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-1002]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-1010]
[2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-1009]
[2009/09/10 01:50:01, 3] smbd/password.c:register_existing_vuid(289)
register_existing_vuid: User name: mra Real name: Michael Rau
[2009/09/10 01:50:01, 3] smbd/password.c:register_existing_vuid(299)
register_existing_vuid: UNIX uid 1000 is UNIX user mra, and will be
vuid 101
[2009/09/10 01:50:01, 3] smbd/password.c:register_homes_share(231)
Adding homes service for user 'mra' using home directory: '/home/
mra'
<snip>
[2009/09/10 01:50:11, 3] lib/sysquotas.c:sys_get_quota(453)
sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[2] id[1000]: Invalid argument
[2009/09/10 01:50:11, 3] lib/sysquotas.c:sys_get_quota(453)
sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[4] id[1000]: Invalid argument
[2009/09/10 01:50:11, 3] smbd/process.c:process_smb(1554)
Transaction 23 of length 74 (0 toread)
[2009/09/10 01:50:11, 3] smbd/process.c:switch_message(1378)
switch message SMBtrans2 (pid 13672) conn 0x7f17e59acfa0
[2009/09/10 01:50:11, 3] smbd/trans2.c:call_trans2qfsinfo(2592)
call_trans2qfsinfo: level = 1007
[2009/09/10 01:50:11, 3] lib/sysquotas.c:sys_get_quota(453)
sys_get_vfs_quota() failed for mntpath[/mnt/wo<snip>
rkspace] bdev[/dev/sdb5] qtype[2] id[1000]: Invalid argument
[2009/09/10 01:50:11, 3] lib/sysquotas.c:sys_get_quota(453)
sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[4] id[1000]: Invalid argument
<snip>
[2009/09/10 01:50:11, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/trans2.c(4038) cmd=50 (SMBtrans2)
NT_STATUS_OBJECT_NAME_NOT_FOUND
<snip>
[2009/09/10 01:50:11, 3] lib/sysquotas.c:sys_get_quota(453)
sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[2] id[1000]: Invalid argument
[2009/09/10 01:50:11, 3] lib/sysquotas.c:sys_get_quota(453)
sys_get_vfs_quota() failed for mntpath[/mnt/workspace] bdev[/dev/
sdb5] qtype[4] id[1000]: Invalid argument
<snip>
get_referred_path: |piazza| in dfs path \10.8.0.1\piazza is not a
dfs root.
<snip>
[[2009/09/10 01:50:32, 3] smbd/trans2.c:call_trans2qfilepathinfo
(4057)
call_trans2qfilepathinfo piazza_doc/09-07-03.Business_Plan/Neuer
Ordner (fnum = 10831) level=1007 call=7 total_data=0
[2009/09/10 01:50:32, 3] smbd/process.c:process_smb(1554)
Transaction 269 of length 45 (0 toread)
[2009/09/10 01:50:32, 3] smbd/process.c:switch_message(1378)
switch message SMBclose (pid 13672) conn 0x7f17e59acfa0
[2009/09/10 01:50:32, 3] smbd/reply.c:reply_close(4338)
close directory fnum=10829
[2009/09/10 01:50:32, 3] smbd/process.c:process_smb(1554)
Transaction 270 of length 220 (0 toread)
[2009/09/10 01:50:32, 3] smbd/process.c:switch_message(1378)
switch message SMBmv (pid 13672) conn 0x7f17e59acfa0
[2009/09/10 01:50:32, 3] smbd/reply.c:reply_mv(6104)
reply_mv : piazza_doc/09-07-03.Business_Plan/Neuer Ordner ->
piazza_doc/09-07-03.Business_Plan/test
[2009/09/10 01:50:32, 3] smbd/reply.c:rename_internals(5832)
rename_internals: case_sensitive = 0, case_preserve = 1, short case
preserve = 1, directory = piazza_doc/09-07-03.Business_Plan/Neuer
Ordner, newname = piazza_doc/09-07-03.Business_Plan/test,
last_component_dest = test, is_8_3 = 0
[2009/09/10 01:50:32, 3] smbd/reply.c:rename_internals_fsp(5642)
rename_internals_fsp: Error NT_STATUS_ACCESS_DENIED rename
piazza_doc/09-07-03.Business_Plan/Neuer Ordner -> piazza_doc/
09-07-03.Business_Plan/test
[2009/09/10 01:50:32, 3] smbd/reply.c:rename_internals(5887)
rename_internals: Error NT_STATUS_ACCESS_DENIED rename piazza_doc/
09-07-03.Business_Plan/Neuer Ordner -> piazza_doc/
09-07-03.Business_Plan/test
[2009/09/10 01:50:32, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/reply.c(6114) cmd=7 (SMBmv)
NT_STATUS_ACCESS_DENIED
But acutally, with level 3 the log file is very busy (attached in this
email). And with level 2
nothing really happens.
Help is very much appreciated. If no help possible, then any advice
for alternative groups is welcome.
Michael.