Re: [Samba] Rename Computer In Samba Domain: Access Is Denied
Ah, thanks. I tested 3.3.8 and 3.4.2. On 3.3.8 the computer rename still fails with the same log symptoms, but on 3.4.2 the rename actually succeeds. I reckon this is a bug in the 3.2 and 3.3 series. As an aside, in compiling these versions from scratch I am puzzled by if the install scripts (make install) are expected to handle setting up shared library locations. i.e., the shared libraries are installed into /usr/local/samba/lib but the script doesn't appear to do any configuration to enable these to be found when the binaries are loaded. Is this intended to be beyond the scope of the makefiles? Looking around, things like Chapter 42 of the Samba How To (How to Compile Samba) talk about doing a make install and subsequently running the daemons as if there's no other steps to be dealt with. (I did manually set up my ld.so.conf to search the samba/lib directory but don't know if this should've been necessary.) On Thu, Oct 1, 2009 at 5:22 PM, Jeremy Allison j...@samba.org wrote: On Thu, Oct 01, 2009 at 05:09:00PM -0700, m wrote: It still doesn't work and I tried the same on a different Samba installation which is version 3.3.2 and it behaved the same way. (Thus covering versions 3.2.3 and 3.3.2). I didn't mention before, this is with passdb backend = tdbsam. I've been continuing to study the issue and I think the relevant error line is [2009/10/01 16:59:35, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_SetUserInfo: ACCESS DENIED (granted: 0x000d04e4; required: 0x00b0) Ah. Please upgrade to the latest 3.3.8 relesae which had some work in this area (or 3.4.2). Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rename Computer In Samba Domain: Access Is Denied
Hi, I've had a similar behavior in compiling 3.4.2 from scratch, not for the library path (--prefix works correctly on ./configure), but for the confdir. I proceed like this : ./configure --prefix=/usr --sysconfdir=/etc/samba --libdir=/usr/lib (other options) make make install But when I launch any tools compiled (testparm, pdbedit, smbd, nmbd, ...) all are searching smb.conf into /usr/lib. After a few research, it appears that Mafefile contain CONFIGDIR=/usr/lib (and not /etc/samba like it must...) after changing CONFIGDIR in the Makefile and make, all works fine. Maybe your problem resides into the Makefile ? Have you try to to use some options into your configure (like --libdir) ? Regards, Bruno m a écrit : Ah, thanks. I tested 3.3.8 and 3.4.2. On 3.3.8 the computer rename still fails with the same log symptoms, but on 3.4.2 the rename actually succeeds. I reckon this is a bug in the 3.2 and 3.3 series. As an aside, in compiling these versions from scratch I am puzzled by if the install scripts (make install) are expected to handle setting up shared library locations. i.e., the shared libraries are installed into /usr/local/samba/lib but the script doesn't appear to do any configuration to enable these to be found when the binaries are loaded. Is this intended to be beyond the scope of the makefiles? Looking around, things like Chapter 42 of the Samba How To (How to Compile Samba) talk about doing a make install and subsequently running the daemons as if there's no other steps to be dealt with. (I did manually set up my ld.so.conf to search the samba/lib directory but don't know if this should've been necessary.) On Thu, Oct 1, 2009 at 5:22 PM, Jeremy Allison j...@samba.org wrote: On Thu, Oct 01, 2009 at 05:09:00PM -0700, m wrote: It still doesn't work and I tried the same on a different Samba installation which is version 3.3.2 and it behaved the same way. (Thus covering versions 3.2.3 and 3.3.2). I didn't mention before, this is with passdb backend = tdbsam. I've been continuing to study the issue and I think the relevant error line is [2009/10/01 16:59:35, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_SetUserInfo: ACCESS DENIED (granted: 0x000d04e4; required: 0x00b0) Ah. Please upgrade to the latest 3.3.8 relesae which had some work in this area (or 3.4.2). Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rename Computer In Samba Domain: Access Is Denied
So you're talking about explicitly settings the directories so the targets are already in places on the path to load and for the linker. I considered that in the realm of manually taking care that the search paths (for loading and libraries) are set up. I can handle that or updating the path, etc. to accommodate the default locations, it was just intuitive to me for make install to leave the system in a state where the installed binaries could be used automatically, and the documentation I've seen doesn't say anything about this (compared to e.g. configuring starting the daemons which isn't handled by make install but it says this is your job). On Fri, Oct 2, 2009 at 2:38 PM, Bruno MACADRE bruno.maca...@univ-rouen.fr wrote: Hi, I've had a similar behavior in compiling 3.4.2 from scratch, not for the library path (--prefix works correctly on ./configure), but for the confdir. I proceed like this : ./configure --prefix=/usr --sysconfdir=/etc/samba --libdir=/usr/lib (other options) make make install But when I launch any tools compiled (testparm, pdbedit, smbd, nmbd, ...) all are searching smb.conf into /usr/lib. After a few research, it appears that Mafefile contain CONFIGDIR=/usr/lib (and not /etc/samba like it must...) after changing CONFIGDIR in the Makefile and make, all works fine. Maybe your problem resides into the Makefile ? Have you try to to use some options into your configure (like --libdir) ? Regards, Bruno m a écrit : Ah, thanks. I tested 3.3.8 and 3.4.2. On 3.3.8 the computer rename still fails with the same log symptoms, but on 3.4.2 the rename actually succeeds. I reckon this is a bug in the 3.2 and 3.3 series. As an aside, in compiling these versions from scratch I am puzzled by if the install scripts (make install) are expected to handle setting up shared library locations. i.e., the shared libraries are installed into /usr/local/samba/lib but the script doesn't appear to do any configuration to enable these to be found when the binaries are loaded. Is this intended to be beyond the scope of the makefiles? Looking around, things like Chapter 42 of the Samba How To (How to Compile Samba) talk about doing a make install and subsequently running the daemons as if there's no other steps to be dealt with. (I did manually set up my ld.so.conf to search the samba/lib directory but don't know if this should've been necessary.) On Thu, Oct 1, 2009 at 5:22 PM, Jeremy Allison j...@samba.org wrote: On Thu, Oct 01, 2009 at 05:09:00PM -0700, m wrote: It still doesn't work and I tried the same on a different Samba installation which is version 3.3.2 and it behaved the same way. (Thus covering versions 3.2.3 and 3.3.2). I didn't mention before, this is with passdb backend = tdbsam. I've been continuing to study the issue and I think the relevant error line is [2009/10/01 16:59:35, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_SetUserInfo: ACCESS DENIED (granted: 0x000d04e4; required: 0x00b0) Ah. Please upgrade to the latest 3.3.8 relesae which had some work in this area (or 3.4.2). Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rename Computer In Samba Domain: Access Is Denied
On Tue, Sep 29, 2009 at 5:04 PM, m mag...@gmail.com wrote: I am pulling my hair out trying to figure out why trying to rename my computer joined to a Samba domain (version 3.2.3) keeps failing with Access is Denied. In searching I found references to people with the same problem where the answer was to set the rename user script option in smb.conf, but I have done that (not forgetting to restart Samba) and there is no difference, still the same error. My account permissions are set (making my account a member of a group mapped to the Administrators group, as well as individually individually granting SeMachineAccountPrivilege and SeAddUsersPrivilege). I added the same machine to the domain through the Windows GUI and I can successfully issue a rename from the Samba server-side, as in $ net rpc user rename fog$ hog$ Enter m's password: Renamed user from fog$ to hog$ but attempting via the Windows GUI, System Properties|Computer Name|Change... keeps failing with the Access Is Denied message box. Any clue what else could be missing or how to diagnose. I tried log level = 3 but found the output to be virtually indecipherable, no obvious way to correlate any output with the rename operation in question. To be sure, my rename user scipt line is rename user script = /usr/sbin/usermod --login='%unew' '%uold' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Are you still having the problem? If so can you try to do a rename from My Computer - Properties and pastebin the /var/log/samba/log.smbd file for the five minutes around when you do it. And can you pastebin your smb.conf. Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rename Computer In Samba Domain: Access Is Denied
It still doesn't work and I tried the same on a different Samba installation which is version 3.3.2 and it behaved the same way. (Thus covering versions 3.2.3 and 3.3.2). I didn't mention before, this is with passdb backend = tdbsam. I've been continuing to study the issue and I think the relevant error line is [2009/10/01 16:59:35, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_SetUserInfo: ACCESS DENIED (granted: 0x000d04e4; required: 0x00b0) From looking at the source code the missing bit is SA_RIGHT_USER_ACCT_FLAGS_EXPIRY, which I am in the process of trying to find out the semantics of. The source code apparently makes no reference to it in any way to elucidate its meaning. At this point I don't have much insight, the involved flags are things such as #define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY0x0010 #define SA_RIGHT_USER_SET_ATTRIBUTES 0x0020 #define SA_RIGHT_USER_CHANGE_PASSWORD 0x0040 #define SA_RIGHT_USER_SET_PASSWORD 0x0080 and the granted security of 0xd04e4 seems unrelated and invariant with any of the permissions exposed to the user (SeMachineAccountPrivilege, etc.). On Thu, Oct 1, 2009 at 1:06 PM, Nick Pappin npap...@latahfcu.org wrote: On Tue, Sep 29, 2009 at 5:04 PM, m mag...@gmail.com wrote: I am pulling my hair out trying to figure out why trying to rename my computer joined to a Samba domain (version 3.2.3) keeps failing with Access is Denied. In searching I found references to people with the same problem where the answer was to set the rename user script option in smb.conf, but I have done that (not forgetting to restart Samba) and there is no difference, still the same error. My account permissions are set (making my account a member of a group mapped to the Administrators group, as well as individually individually granting SeMachineAccountPrivilege and SeAddUsersPrivilege). I added the same machine to the domain through the Windows GUI and I can successfully issue a rename from the Samba server-side, as in $ net rpc user rename fog$ hog$ Enter m's password: Renamed user from fog$ to hog$ but attempting via the Windows GUI, System Properties|Computer Name|Change... keeps failing with the Access Is Denied message box. Any clue what else could be missing or how to diagnose. I tried log level = 3 but found the output to be virtually indecipherable, no obvious way to correlate any output with the rename operation in question. To be sure, my rename user scipt line is rename user script = /usr/sbin/usermod --login='%unew' '%uold' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Are you still having the problem? If so can you try to do a rename from My Computer - Properties and pastebin the /var/log/samba/log.smbd file for the five minutes around when you do it. And can you pastebin your smb.conf. Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rename Computer In Samba Domain: Access Is Denied
On Thu, Oct 01, 2009 at 05:09:00PM -0700, m wrote: It still doesn't work and I tried the same on a different Samba installation which is version 3.3.2 and it behaved the same way. (Thus covering versions 3.2.3 and 3.3.2). I didn't mention before, this is with passdb backend = tdbsam. I've been continuing to study the issue and I think the relevant error line is [2009/10/01 16:59:35, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_SetUserInfo: ACCESS DENIED (granted: 0x000d04e4; required: 0x00b0) Ah. Please upgrade to the latest 3.3.8 relesae which had some work in this area (or 3.4.2). Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rename Computer In Samba Domain: Access Is Denied
On 9/29/2009, m (mag...@gmail.com) wrote: I am pulling my hair out trying to figure out why trying to rename my computer joined to a Samba domain (version 3.2.3) keeps failing with Access is Denied. Never tried this on a Samba domain, but when joined to a windows domain, you must make sure that there are no open connections to the DC... I always log onto the PC with a local admin account to do renames... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Rename Computer In Samba Domain: Access Is Denied
I am pulling my hair out trying to figure out why trying to rename my computer joined to a Samba domain (version 3.2.3) keeps failing with Access is Denied. In searching I found references to people with the same problem where the answer was to set the rename user script option in smb.conf, but I have done that (not forgetting to restart Samba) and there is no difference, still the same error. My account permissions are set (making my account a member of a group mapped to the Administrators group, as well as individually individually granting SeMachineAccountPrivilege and SeAddUsersPrivilege). I added the same machine to the domain through the Windows GUI and I can successfully issue a rename from the Samba server-side, as in $ net rpc user rename fog$ hog$ Enter m's password: Renamed user from fog$ to hog$ but attempting via the Windows GUI, System Properties|Computer Name|Change... keeps failing with the Access Is Denied message box. Any clue what else could be missing or how to diagnose. I tried log level = 3 but found the output to be virtually indecipherable, no obvious way to correlate any output with the rename operation in question. To be sure, my rename user scipt line is rename user script = /usr/sbin/usermod --login='%unew' '%uold' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba