FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-01-2012, 07:39 AM
"Paul R. Ganci"
 
Default samba3x PDC and Win XP

I am at my wits end on this one. Ever since I upgraded to samba3x
(present version 3.5.10-0.110.el5_8) in preparation for adding a Win 7
client, my WinXP client can no longer find their roaming profiles nor
can they assign their home shares to a drive at login. Logins and
authentication work just fine and I can see the home and profile shares
from the Win XP client after login. My smb.conf file contains (here are
some essential snippets):

# the login script name depends on the machine name
; logon script = %m.bat
# the login script name depends on the unix user used
; logon script = %u.bat
logon script = logon.bat
# disables profiles support by specifing an empty path
; logon path =
logon path = \%Lprofile\%u\%m
logon home = \%L\%u
logon drive = H:

[homes]
path = /mnt/home/%u
comment = Home Directories
browseable = no
writable = yes
valid users = %S
guest ok = no
inherit permissions = yes

[profile]
path = /mnt/home/profile
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = @smbusers @smbadmins
create mask = 0600
directory mask = 0700
csc policy = disable
profile acls = yes

I enabled debuging and from what I can tell the %u variable is not
getting properly evaluated. For example for the homes share:

[2012/08/01 00:28:19.471215, 3] smbd/password.c:282(register_existing_vuid)
register_existing_vuid: User name: snichols Real name:
[2012/08/01 00:28:19.471240, 3] smbd/password.c:292(register_existing_vuid)
register_existing_vuid: UNIX uid 501 is UNIX user snichols, and will
be vuid 102
[2012/08/01 00:28:19.472336, 3] smbd/password.c:223(register_homes_share)
Adding homes service for user 'snichols' using home directory:
'/mnt/home/snichols'
[2012/08/01 00:28:19.472475, 3] param/loadparm.c:6287(lp_add_home)
adding home's share [snichols] for user 'snichols' at '/mnt/home/%u'

Or for the profile service:

2012/08/01 00:28:19.488457, 1] smbd/service.c:1070(make_connection_snum)
sasha (192.168.1.13) connect to service profile initially as user
snichols (uid=501, gid=501) (pid 25876
2012/08/01 00:28:19.489251, 3] smbd/trans2.c:5100(call_trans2qfilepathinfo)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2012/08/01 00:28:19.489364, 3]
smbd/filename.c:945(get_real_filename_full_scan)
scan dir didn't open dir [%u]
[2012/08/01 00:28:19.489399, 3] smbd/vfs.c:881(check_reduced_name)
check_reduced_name [%u/sasha] [/mnt/home/profile]
[2012/08/01 00:28:19.489437, 3] smbd/vfs.c:962(check_reduced_name)
check_reduced_name: couldn't get realpath for %u/sasha
[2012/08/01 00:28:19.489463, 3] smbd/filename.c:1184(filename_convert)
filename_convert: check_name failed for name %u/sasha with
NT_STATUS_ACCESS_DENIED
[2012/08/01 00:28:19.489495, 3] smbd/error.c:80(error_packet_set)
error packet at smbd/trans2.c(5129) cmd=50 (SMBtrans2)
NT_STATUS_ACCESS_DENIED

The samba/linux user that successfully logged in is snichols. Does
anybody have a clue as to why %u is not evaluating to the linux username
snichols and is getting treated simply as the string %u? I am sure it is
something to stupid, but damn if I can see it.

--
Paul (ganci@nurdog.com)

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-01-2012, 10:06 AM
Leonard den Ottolander
 
Default samba3x PDC and Win XP

Hello Paul,

On Wed, 2012-08-01 at 01:39 -0600, Paul R. Ganci wrote:
> logon path = \%Lprofile\%u\%m
> logon home = \%L\%u
> logon drive = H:

> The samba/linux user that successfully logged in is snichols. Does
> anybody have a clue as to why %u is not evaluating to the linux username
> snichols and is getting treated simply as the string %u? I am sure it is
> something to stupid, but damn if I can see it.

Perhaps the single backslashes being escapes for the following percent
signs? Try doubling the backslashes, possibly the first two in the path
as well.

Regards,
Leonard.

--
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-01-2012, 01:51 PM
"Paul R. Ganci"
 
Default samba3x PDC and Win XP

On 08/01/2012 04:06 AM, Leonard den Ottolander wrote:
> Hello Paul,
>
> On Wed, 2012-08-01 at 01:39 -0600, Paul R. Ganci wrote:
>> logon path = \%Lprofile\%u\%m
>> logon home = \%L\%u
>>
>> Perhaps the single backslashes being escapes for the following percent
>> signs? Try doubling the backslashes, possibly the first two in the path
>> as well.
>>
Thanks for the idea ... I gave this a try but it is not the issue. The
path in the error message was different but no cigar. I am positive that
the syntax specified above is correct for the /etc/samba/smb.conf file
as it is documented this way all over the web. It really looks like
there is a mapping missing somewhere. For example I am seeing:

2012/08/01 07:03:05.412614, 3] smbd/service.c:807(make_connection_snum)
Connect path is '/mnt/home/profile' for service [profile]
[2012/08/01 07:03:05.412655, 3] smbd/vfs.c:97(vfs_init_default)
Initialising default vfs hooks
[2012/08/01 07:03:05.412684, 3] smbd/vfs.c:122(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2012/08/01 07:03:05.412806, 3] lib/util_sid.c:228(string_to_sid)
string_to_sid: Sid @smbusers does not start with 'S-'.

I do have some linux groups smbusers, smbadmins, smbguests defined in
/etc/group

smbusers:x:103:snichols,visitor
smbadmins:x:107:root,ganci
smbguests:x:108:

and mapped the group like so:

> net groupmap list
Domain Users (S-1-5-21-2436759526-4149905533-814844971-513) -> smbusers
Administrators (S-1-5-32-544) -> 100000
Domain Guests (S-1-5-21-2436759526-4149905533-814844971-514) -> smbguests
Domain Admins (S-1-5-21-2436759526-4149905533-814844971-512) -> smbadmins
Users (S-1-5-32-545) -> 100001

I even tried adding this /etc/samba/smb.conf entry:

# Unix users can map to different SMB User names
username map = /etc/samba/smbusers

with /etc/samba/smbusers containing:

> cat smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = Administrator administrator admin
nobody = guest pcguest smbguest
snichols = snichols
ganci = ganci
visitor = visitor

None of it works.

--
Paul (ganci@nurdog.com)

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-01-2012, 03:13 PM
Andreas Rogge
 
Default samba3x PDC and Win XP

Am 01.08.2012 09:39, schrieb Paul R. Ganci:
> The samba/linux user that successfully logged in is snichols. Does
> anybody have a clue as to why %u is not evaluating to the linux username
> snichols and is getting treated simply as the string %u? I am sure it is
> something to stupid, but damn if I can see it.
>
The stage at which %u needs to be evaluated in this case is before the
user authentication happens.
You have to use %U instead of %u - this is not a security issue as
having the wrong UNC path should (and probably will) be caught using ACLs.

Regards,
Andreas
--
Solvention Ltd. & Co. KG
St.-Sebastianus-Str. 5
51147 Köln

Tel: +49 2203 989967-0
Fax: +49 2203 989967-9

http://www.solvention.de
mailto:info@solvention.de
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-02-2012, 12:30 AM
"Paul R. Ganci"
 
Default samba3x PDC and Win XP

On 08/01/2012 09:13 AM, Andreas Rogge wrote:
> Am 01.08.2012 09:39, schrieb Paul R. Ganci:
>> anybody have a clue as to why %u is not evaluating to the linux username
>> snichols and is getting treated simply as the string %u?
> The stage at which %u needs to be evaluated in this case is before the
> user authentication happens.
> You have to use %U instead of %u - this is not a security issue as
> having the wrong UNC path should (and probably will) be caught using ACLs.
Thank you so much for this bit of information. I have spent 3 days on
this issue and now realize I was searching the web with the wrong
question. As soon as I asked for the difference between %U and %u
everything becomes clear. Apparently the use of %u as I have been using
it for the last 5 years was deprecated and apparently with samba3x stops
working altogether.

The documentation is not very clear about the difference between %u and
%U. The best I could find is that %u evaluates to the Linux username and
that %U evaluates to (in my case) the Win XP client username. These do
not necessarily have to be the same. Therefore I always used the %u
version believing I was trusting the Linux. Besides out of the box the
smb.conf uses %u as I did. Live and learn I suppose.

I haven't fixed my configuration yet but from what I just learned today
this solution is what I was searching for the last three days. Again
thank you very much for the information.

--
Paul (ganci@nurdog.com)

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 03:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org