Re: [Samba] 3.6.5: NT_STATUS_ACCESS_DENIED from Win7 to 750 dir
OA oktay.ak...@abwesend.de wrote: Is SMB2 enabled? I don't think so, I do not have a protocol option in smb.conf and according to its manpage NT1 is still the default. Sven -- Der wichtigste Aspekt, den Sie vor der Entscheidung für ein Open Source-Betriebssystem bedenken sollten, ist, dass Sie kein Windows-Betriebssystem erhalten. (von http://www.dell.de/ubuntu) /me is giggls@ircnet, http://sven.gegg.us/ on the Web -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 3.6.5: NT_STATUS_ACCESS_DENIED from Win7 to 750 dir
Hello, after upgrading from Samba 3.5.6 to 3.6.5 I encounter some strange NT_STATUS_ACCESS_DENIED trouble when trying to access group readable directories from Windows 7 or Windows 2008 Terminal Server. Very strange stuff is that it works fine using smbclient from a Linux machine using the same userid and Kerberos authentication. The Server is fully integrated into active directory and uses kerberos method = system keytab. Username and group mapping also looks fine. Here is the relevant part of the logfile: [2012/07/18 13:56:24.486879, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 18026 Primary group is 1800 and contains 6 supplementary groups Group[ 0]: 4294967295 Group[ 1]: 1802 Group[ 2]: 100 Group[ 3]: 101 Group[ 4]: 102 Group[ 5]: 55001 [2012/07/18 13:56:24.486974, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,18026), gid=(0,1800) [2012/07/18 13:56:24.487007, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /storage/debug-iad [2012/07/18 13:56:24.487052, 5] smbd/filename.c:257(unix_convert) unix_convert called on file testdir-geg [2012/07/18 13:56:24.487080, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = testdir-geg, dirpath = , start = testdir-geg [2012/07/18 13:56:24.487109, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7f89d661e810:size b) TESTDIR-GEG - testdir-geg [2012/07/18 13:56:24.487135, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished testdir-geg - testdir-geg [2012/07/18 13:56:24.487159, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [testdir-geg] [/storage/debug-iad] [2012/07/18 13:56:24.487188, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: testdir-geg reduced to /storage/debug-iad/testdir-geg [2012/07/18 13:56:24.487219, 5] smbd/files.c:126(file_new) allocated file structure 9869, fnum = 13965 (1 used) [2012/07/18 13:56:24.487256, 3] smbd/dosmode.c:159(unix_mode) unix_mode(testdir-geg) returning 0744 [2012/07/18 13:56:24.487283, 8] smbd/dosmode.c:621(dos_mode) dos_mode: testdir-geg [2012/07/18 13:56:24.487308, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2012/07/18 13:56:24.487338, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2012/07/18 13:56:24.487388, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask= 0x81, open_access_mask = 0x81 [2012/07/18 13:56:24.487429, 5] smbd/files.c:464(file_free) freed files structure 13965 (0 used) [2012/07/18 13:56:24.487455, 5] smbd/open.c:2597(open_directory) open_directory: opening directory testdir-geg, access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x10 [2012/07/18 13:56:24.487583, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED Any Idea? Sven -- If you don't make lower-resolution mapping data publicly available, there will be people with their cars and GPS devices, driving around with their laptops (Tim Berners-Lee) /me is giggls@ircnet, http://sven.gegg.us/ on the Web -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux SSO with samba4?
Quinn Plattel qie...@gmail.com wrote: I think it is great that samba4 has a single sign on solution for Windows platforms and it seems to work well too, but I am wondering is it possible to do the same for a Linux environment? I have a working single sign on solution running using Active Directory, nslcd and pam-krb5, I don't see a reason why this should not work using samba4 as well. On a windows client, you can login as a user though active directory even though that user is not defined locally on the client. Can you do the same in a Linux environment? Yepp. pam_ccreds and pam_mkhomedir are your friends. http://wiki.debian.org/LDAP/PAM Sven -- Every time you use Google, you're using a Linux machine (Chris DiBona, a programs manager for Google) /me is giggls@ircnet, http://sven.gegg.us/ on the Web -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Quota Problem with Samba 3.5.8
Hello, for some strange reason I can not get quota to work with Samba 3.5.8. The quoata system itself works fine (using repquota /mountpoint) and via NFS, but Samba does not report the correct free space (df command in smbclient). Instead the real free space on the disk volume is shown to smb clients (tested from Windows and smbclient). The quotasystem in use is the new quota format on an ext4 filesystem. Using the highest loglevel for quota I get the following: [2011/05/30 18:22:02.624179, 3] lib/sysquotas.c:453(sys_get_quota) sys_get_vfs_quota() failed for mntpath[/storage] bdev[/dev/drbd0] qtype[2] id[15005]: Operation not permitted [2011/05/30 18:22:02.624569, 3] lib/sysquotas.c:453(sys_get_quota) sys_get_vfs_quota() failed for mntpath[/storage] bdev[/dev/drbd0] qtype[4] id[1800]: Operation not permitted and here is what stracing the samba daemon when doing du in smbclient shows: ... quotactl(Q_GETQUOTA|USRQUOTA, /dev/drbd0, 15005, 0xbfb26cf8) = -1 ESRCH (No such process) quotactl(Q_GETQUOTA|USRQUOTA, /dev/drbd0, 15005, 0xbfb26d18) = -1 ESRCH (No such process) quotactl(Q_V1_GETQUOTA|USRQUOTA, /dev/drbd0, 15005, 0xbfb26d1c) = -1 EPERM (Operation not permitted) ... However stracing repquota does open /storage/aquota.user which smbclient does not seem to try. Any Idea what could be wrong here? For me it does somewhat look like smbd is trying to use the wrong quota system here which of course fails. The system in use is Debian oldstable with a custom backport of samba from Debian unstable (3.5.8) running on a vanilla Linuxkernel (v.2.6.36.2). Regards Sven -- If you don't make lower-resolution mapping data publicly available, there will be people with their cars and GPS devices, driving around with their laptops (Tim Berners-Lee) /me is giggls@ircnet, http://sven.gegg.us/ on the Web -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: changing ACLs only as owner possible
[EMAIL PROTECTED] wrote: But I'll can change ACLs, if i'm the owner of this file/folder. If I'm member of an ownerproup or I have full access via ACLs (as user or as a member of a group) I always get an error message: setfacl: test_unixgrpvoll: Operation not permitted RTFL hels in this case! from smb.conf(5) --cut-- dos filemode (S) The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions (including ACL) on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. Ownership of the file/directory may also be changed. Default: dos filemode = no --cut-- from setfacl(1) --cut-- PERMISSIONS The file owner and processes capable of CAP_FOWNER are granted the right to modify ACLs of a file. This is analogous to the permissions required for accessing the file mode. (On current Linux systems, root is the only user with the CAP_FOWNER capability.) --cut-- Regards Sven -- /* Fuck me gently with a chainsaw... */ (David S. Miller in /usr/src/linux/arch/sparc/kernel/ptrace.c) /me is [EMAIL PROTECTED], http://sven.gegg.us/ on the Web -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] weird valid users trouble in 3.0.24
Dear Samba List, I just updated my samba setup from an older Version (3.0.22) to 3.0.24 (Debian Version). Now unfortunately valid users does not work anymore. I have a Samba Server with security=ADS (win 2003 SP2 Domain Controller) in an all local Unix Users Setup! Thus all my usernames are available either way, by Unix getent and winbind -u. Probably this may cause the trouble here, just a suspicion though. idmap uid and idmap gid are mapped to a range where they can not interface with my real userids, as they are not used in my Unix centric setup at all. Now any share with a valid users entry does not work anymore! No matter if the share does contain a username or +someunixgroup I End up with the following messages: [2007/05/25 12:34:28, 2, effective(0, 0), real(0, 0)] smbd/service.c:make_connection_snum(580) user 'foo' (from session setup) not permitted to access this share (foo-valid-users) [2007/05/25 12:34:28, 3, effective(0, 0), real(0, 0)] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Any hint? Regards Sven -- The American news-media is no longer a news source; it is a cheerleading squad. (unknown source) /me is [EMAIL PROTECTED], http://sven.gegg.us/ on the Web -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba