[Samba] net rpc share allowedusers fails half the time?
Hi all, [Please CC me in reply, I'm not subscribed] We have a weird situation on one of our shares, net rpc share allowedusers fails with NT_STATUS_IO_DEVICE_ERROR. Normally the command is run with the password passed on the command-line. If we manually type the password or turn up the debug level, it works. If we turn up the debug output but direct the output to /dev/null or to a file, then it works. If we run net under valgrind (slowing it down) then it works about half the time. So there is some sort of race condition going on I think. Does anyone have any thoughts about fixing this on the server side or working around it client side (Ubuntu precise)? This is the samba client version: Ubuntu precise-updates 2:3.6.3-2ubuntu2.4 This is the server version string: Domain=[XXX] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1] This is the failing call and error output: cli_rpc_pipe_open_noauth: opened pipe \srvsvc to machine cvision-pc and bound anonymously. srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll in: struct srvsvc_NetShareEnumAll server_unc : * server_unc : 'xx' info_ctr : * info_ctr: struct srvsvc_NetShareInfoCtr level: 0x0001 (1) ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count: 0x (0) array: NULL max_buffer : 0x (4294967295) resume_handle: * resume_handle: 0x (0) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype: DCERPC_PKT_REQUEST (0) pfc_flags: 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x (0) call_id : 0x005d (93) u: union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0048 (72) context_id : 0x (0) opnum: 0x000f (15) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier: DATA_BLOB length=0 rpc_api_pipe: host xx num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=96, this_data=96, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 cli_api_pipe failed: NT_STATUS_IO_DEVICE_ERROR rpc command function failed! (NT_STATUS_IO_DEVICE_ERROR) return code = -1 -- bye, pabs http://bonedaddy.net/pabs3/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net rpc share allowedusers gives Coult not query secdesc for share?
Hi all, [Please CC me in reply, I'm not subscribed] On two of our machines, net rpc share allowedusers gives the error Coult not query secdesc for share, partial debug log (-d10) below. The servers are both running Windows Server 2008 R2 Standard 6.1 but we have other servers running the same version of Windows so I don't think that is the issue. This is definitely not a password issue since changing the password sent gives a very different error. Does anyone know what needs to be changed on the Windows side to allow querying security descriptors remotely? Is this a samba bug? foo srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : 'bar' share_name : 'foo' level: 0x01f6 (502) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype: DCERPC_PKT_REQUEST (0) pfc_flags: 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x (0) call_id : 0x0067 (103) u: union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0038 (56) context_id : 0x (0) opnum: 0x0010 (16) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier: DATA_BLOB length=0 rpc_api_pipe: host bar num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=80, this_data=80, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 20 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype: DCERPC_PKT_RESPONSE (2) pfc_flags: 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x (0) call_id : 0x0067 (103) u: union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000c (12) context_id : 0x (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [] 00. stub_and_verifier: DATA_BLOB length=12 [] F6 01 00 00 00 00 00 00 05 00 00 00 �... Got pdu len 36, data_len 12, ss_len 0 rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK rpc_api_pipe: host bar returned 12 bytes. srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 502) info502 : NULL result : WERR_ACCESS_DENIED Coult not query secdesc for share foo rpc command function succedded return code = 0 -- bye, pabs http://bonedaddy.net/pabs3/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net rpc share allowedusers gives Coult not query secdesc for share?
On Wed, 2013-02-27 at 13:32 -0800, Jeremy Allison wrote: Who are you authenticating as ? It is a specially created user for each server. Are you doing this as Administrator ? I guess from your response that the user needs to be an admin? I'm not sure as I don't have access to the Windows side of things, but it looks like from this list that the answer is no for this server? DOMAIN\user DOMAIN\user DOMAIN\domain users DOMAIN\secgrp_rev_rdp DOMAIN\user_god \Everyone NT Authority\Network NT Authority\Authenticated Users At other sites where this works, the user is in the 'domain admins' group, but at one of them, there is no obvious admin group: DOMAIN\user DOMAIN\user DOMAIN\domain users DOMAIN\iis_wpg DOMAIN\staff DOMAIN\management DOMAIN\wbd remote ts \Everyone NT Authority\Network NT Authority\Authenticated Users PS: if it isn't already fixed, you might want to fix the typos in the diagnostic messages that I posted. -- bye, pabs http://bonedaddy.net/pabs3/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba