Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
10-09-2005, 02:46 PM
#1
Member
Registered: May 2005
Posts: 64
Rep:
ACL Problems
Hello everyone
Im having some issues with ACL on directories and folders
im having a samba server running user auth against a win2k ADS...
For some odd reason my ACL on the directories have changed from something like this:
example:
default:group:DOMAIN\Domain Admins:rwx
to
default:group:10001:rwx
And now no users can connect to and list the shares anymore...
Does anyone have some clues to where I should be looking in order of fixing this? Anyone had the same experience/problems?
Last edited by jtshaw; 10-10-2005 at 07:45 AM .
10-10-2005, 07:47 AM
#2
Senior Member
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Rep:
I have had a similar problem using LDAP authentication when the GID's of the groups on the LDAP server didn't match the GID's of the groups on local machine... that is about the only thing I can think of off the top of my head.
PS. I disabled the smiles in your post so the example wasn't messed up.
10-10-2005, 08:16 AM
#3
Member
Registered: May 2005
Posts: 64
Original Poster
Rep:
Ty very much for your reply
I have been all over WWW searching for info about this issue...
After some long debugging and no success at solving the problem here is what I know:
I cant add any of my WK2 ADS domain groups but i can add the users to my access controle list of files and directories...
Same goes for the samba. I cant add groups "@DOMAIN+domain admins" but "DOMAIN+user" works perfectly
10-10-2005, 08:30 AM
#4
Member
Registered: May 2005
Posts: 64
Original Poster
Rep:
Also some samba log files level 3:
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/negprot.c:reply_negprot(461)
Requested protocol [Windows for Workgroups 3.1a]
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN2.1]
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/negprot.c:reply_negprot(461)
Requested protocol [NT LM 0.12]
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/negprot.c:reply_negprot(555)
Selected protocol NT LM 0.12
---
[2005/10/10 14:56:23, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(179)
Ticket name is [hl@TARP.DK]
---
[2005/10/10 14:56:24, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/password.c:register_vuid(241)
UNIX uid 10315 is UNIX user TARP+hl, and will be vuid 100
[2005/10/10 14:56:24, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/password.c:register_vuid(270)
Adding homes service for user 'TARP+hl' using home directory: '/home/TARP/hl'
---
[2005/10/10 14:56:24, 2, pid=8274, effective(0, 0), real(0, 0)] smbd/service.c:make_connection_snum(321)
user 'TARP+hl' (from session setup) not permitted to access this share (IPC$)
[2005/10/10 14:56:24, 3, pid=8274, effective(0, 0), real(0, 0)] smbd/error.c:error_packet(129)
error packet at smbd/reply.c(415) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
10-10-2005, 08:53 AM
#5
Member
Registered: May 2005
Posts: 64
Original Poster
Rep:
Some more system log files
Oct 3 10:12:50 install smbd[6826]: [2005/10/03 10:12:50, 0] lib/util_sock.c:get_peer_addr(1150)
Oct 3 10:12:50 install smbd[6826]: getpeername failed. Error was Transport endpoint is not connected
Oct 3 10:12:50 install smbd[6826]: [2005/10/03 10:12:50, 0] lib/util_sock.c:write_socket_data(430)
Oct 3 10:12:50 install smbd[6826]: write_socket_data: write failure. Error = Connection reset by peer
Oct 3 10:12:50 install smbd[6826]: [2005/10/03 10:12:50, 0] lib/util_sock.c:write_socket(455)
Oct 3 10:12:50 install smbd[6826]: write_socket: Error writing 4 bytes to socket 7: ERRNO = Connection reset by peer
Oct 3 10:12:50 install smbd[6826]: [2005/10/03 10:12:50, 0] lib/util_sock.c:send_smb(647)
Oct 3 10:12:50 install smbd[6826]: Error writing 4 bytes to client. -1. (Connection reset by peer)
----
Oct 3 10:56:47 install smbd[7208]: [2005/10/03 10:56:47, 0] lib/util_sock.c:get_peer_addr(1150)
Oct 3 10:56:47 install smbd[7208]: getpeername failed. Error was Transport endpoint is not connected
Oct 3 10:56:47 install smbd[7208]: [2005/10/03 10:56:47, 0] lib/util_sock.c:write_socket_data(430)
Oct 3 10:56:47 install smbd[7208]: write_socket_data: write failure. Error = Connection reset by peer
Oct 3 10:56:47 install smbd[7208]: [2005/10/03 10:56:47, 0] lib/util_sock.c:write_socket(455)
Oct 3 10:56:47 install smbd[7208]: write_socket: Error writing 4 bytes to socket 26: ERRNO = Connection reset by peer
Oct 3 10:56:47 install smbd[7208]: [2005/10/03 10:56:47, 0] lib/util_sock.c:send_smb(647)
Oct 3 10:56:47 install smbd[7208]: Error writing 4 bytes to client. -1. (Connection reset by peer)
---
Oct 3 11:25:34 install smbd[7331]: [2005/10/03 11:25:34, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:34 install smbd[7331]: Can't become connected user!
Oct 3 11:25:37 install smbd[7331]: [2005/10/03 11:25:37, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:37 install smbd[7331]: Can't become connected user!
Oct 3 11:25:38 install smbd[7331]: [2005/10/03 11:25:38, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:38 install smbd[7331]: Can't become connected user!
Oct 3 11:25:38 install smbd[7331]: [2005/10/03 11:25:38, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:38 install smbd[7331]: Can't become connected user!
Oct 3 11:25:41 install smbd[7331]: [2005/10/03 11:25:41, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:41 install smbd[7331]: Can't become connected user!
Oct 3 11:25:41 install smbd[7331]: [2005/10/03 11:25:41, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:41 install smbd[7331]: Can't become connected user!
Oct 3 11:25:43 install smbd[7331]: [2005/10/03 11:25:43, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:43 install smbd[7331]: Can't become connected user!
Oct 3 11:25:43 install smbd[7331]: [2005/10/03 11:25:43, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:43 install smbd[7331]: Can't become connected user!
Oct 3 11:25:44 install smbd[7331]: [2005/10/03 11:25:44, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:44 install smbd[7331]: Can't become connected user!
Oct 3 11:25:45 install smbd[7331]: [2005/10/03 11:25:45, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:45 install smbd[7331]: Can't become connected user!
Oct 3 11:25:45 install smbd[7331]: [2005/10/03 11:25:45, 0] smbd/service.c:make_connection_snum(577)
Oct 3 11:25:45 install smbd[7331]: Can't become connected user!
-----------
Oct 6 06:59:16 install smbd[8426]: [2005/10/06 06:59:16, 0] lib/util_sock.c:write_socket_data(430)
Oct 6 06:59:16 install smbd[8426]: write_socket_data: write failure. Error = Connection reset by peer
Oct 6 06:59:16 install smbd[8426]: [2005/10/06 06:59:16, 0] lib/util_sock.c:write_socket(455)
Oct 6 06:59:16 install smbd[8426]: write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection reset by peer
Oct 6 06:59:16 install smbd[8426]: [2005/10/06 06:59:16, 0] lib/util_sock.c:send_smb(647)
Oct 6 06:59:16 install smbd[8426]: Error writing 4 bytes to client. -1. (Connection reset by peer)
Oct 6 07:17:20 install smbd[8466]: [2005/10/06 07:17:20, 0] lib/util_sock.c:get_peer_addr(1150)
Oct 6 07:17:20 install smbd[8466]: getpeername failed. Error was Transport endpoint is not connected
Oct 6 07:17:20 install smbd[8466]: [2005/10/06 07:17:20, 0] lib/util_sock.c:write_socket_data(430)
Oct 6 07:17:20 install smbd[8466]: write_socket_data: write failure. Error = Connection reset by peer
Oct 6 07:17:20 install smbd[8466]: [2005/10/06 07:17:20, 0] lib/util_sock.c:write_socket(455)
Oct 6 07:17:20 install smbd[8466]: write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer
Oct 6 07:17:20 install smbd[8466]: [2005/10/06 07:17:20, 0] lib/util_sock.c:send_smb(647)
Oct 6 07:17:20 install smbd[8466]: Error writing 4 bytes to client. -1. (Connection reset by peer)
---
ection_snum(577)
Oct 10 14:08:49 install smbd[7727]: Can't become connected user!
Oct 10 14:09:23 install smbd[7736]: [2005/10/10 14:09:23, 0, pid=7736, effective(0, 0), real(0, 0)] smbd/service.c:make_conn\
ection_snum(577)
Oct 10 14:09:23 install smbd[7736]: Can't become connected user!
Oct 10 14:09:41 install smbd[7761]: [2005/10/10 14:09:41, 0, pid=7761, effective(0, 0), real(0, 0)] auth/auth_util.c:make_se\
rver_info_info3(1195)
Oct 10 14:09:41 install smbd[7761]: make_server_info_info3: pdb_init_sam failed!
Oct 10 14:09:41 install smbd[7761]: [2005/10/10 14:09:41, 0, pid=7761, effective(0, 0), real(0, 0)] smbd/service.c:make_conn\
ection_snum(577)
Oct 10 14:09:41 install smbd[7761]: Can't become connected user!
Oct 10 14:10:14 install smbd[7874]: [2005/10/10 14:10:14, 0, pid=7874, effective(0, 0), real(0, 0)] auth/auth_util.c:make_se\
rver_info_info3(1195)
Oct 10 14:10:14 install smbd[7874]: make_server_info_info3: pdb_init_sam failed!
Oct 10 14:10:14 install smbd[7874]: [2005/10/10 14:10:14, 0, pid=7874, effective(0, 0), real(0, 0)] smbd/service.c:make_conn\
ection_snum(577)
Oct 10 14:10:14 install smbd[7874]: Can't become connected user!
Oct 10 14:12:59 install syslog-ng[3357]: STATS: dropped 0
Oct 10 15:05:59 install smbd[8299]: [2005/10/10 15:05:59, 0, pid=8299, effective(0, 0), real(0, 0)] lib/util_sock.c:write_so\
cket_data(430)
Oct 10 15:05:59 install smbd[8299]: write_socket_data: write failure. Error = Connection reset by peer
Oct 10 15:05:59 install smbd[8299]: [2005/10/10 15:05:59, 0, pid=8299, effective(0, 0), real(0, 0)] lib/util_sock.c:write_so\
cket(455)
Oct 10 15:05:59 install smbd[8299]: write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer
Oct 10 15:05:59 install smbd[8299]: [2005/10/10 15:05:59, 0, pid=8299, effective(0, 0), real(0, 0)] lib/util_sock.c:send_smb\
(647)
Oct 10 15:05:59 install smbd[8299]: Error writing 4 bytes to client. -1. (Connection reset by peer)
Oct 10 15:12:59 install syslog-ng[3357]: STATS: dropped 0
10-10-2005, 09:16 AM
#6
Member
Registered: May 2005
Posts: 64
Original Poster
Rep:
I have no problem mapping the UID however I think there is a problem mapping the GID yes?
if I change idmap GID to 17000-20000
and idmap UID to 10000-16999
getent group should return groups from 17000 and up?
(Now it hands out IDs from 10000+)
and here my smb.conf
[global]
workgroup = TARP
realm = TARP.DK
server string = Install
interfaces = eth0
security = ADS
map to guest = Bad User
password server = DC1.TARP.DK
enable privileges = Yes
username map = /etc/samba/smbusers
log level = 3 passdb:5 auth:10 winbind:10
syslog = 5
log file = /var/log/samba/test.%M.log
debug pid = Yes
debug uid = Yes
printcap cache time = 750
printcap name = cups
show add printer wizard = No
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
domain master = No
ldap ssl = no
socket address =
idmap uid = 10000-16999
idmap gid = 17000-20000
winbind separator = +
valid users = "@TARP+Domain Users"
admin users = "@TARP+domain admins"
read list = "@TARP+Domain Users"
write list = "@TARP+Domain Users"
printer admin = @ntadmin, root, administrator
map acl inherit = Yes
cups options = raw
include = /etc/samba/dhcp.conf
dos filemode = Yes
dos filetimes = Yes
dos filetime resolution = Yes
fake directory create times = Yes
[preinstall]
comment = Preinstall software
path = /var/samba/preInstall
read only = No
inherit acls = Yes
10-10-2005, 09:22 AM
#7
Member
Registered: May 2005
Posts: 64
Original Poster
Rep:
Sorry for my lots of posts also I noticed the following when playing around with wbinfo
wbinfo -r TARP+hl
10000
10001
10010
10011
10012
10013
10015
10016
10017
10036
normally you would have Group names there?
install:/var/log/samba # wbinfo -n TARP+hl
S-1-5-21-220523388-1957994488-854245398-2811 User (1)
install:/var/log/samba # wbinfo --user-sids=S-1-5-21-220523388-1957994488-854245398-2811
Could not get group SIDs for user SID S-1-5-21-220523388-1957994488-854245398-2811
install:/var/log/samba #
Last edited by Daniboy; 10-10-2005 at 09:23 AM .
All times are GMT -5. The time now is 10:13 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News