R: Re: R: Re: Samba misconfiguration
antonio montagnani
antonio.montagnani at alice.it
Wed Feb 23 21:52:36 UTC 2011
Daniel J Walsh ha scritto / said the following il giorno/on
23/02/2011 22:18:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/23/2011 12:49 PM, antonio montagnani wrote:
>> Craig White ha scritto / said the following il giorno/on 22/02/2011
>> 14:04:
>>> On Mon, 2011-02-21 at 17:52 +0100, antonio.montagnani at alice.it wrote:
>>>>
>>>>> ----Messaggio originale----
>>>>> Da: craigwhite at azapple.com
>>>>> Data: 21-feb-2011
>>>> 16.43
>>>>> A:<users at lists.fedoraproject.org>
>>>>> Ogg: Re: R: Re: Samba
>>>> misconfiguration
>>>>>
>>>>> On Mon, 2011-02-21 at 17:38 +0100, antonio.montagnani at alice.
>>>> it wrote:
>>>>>>
>>>>>
>>>>>> I attach a log file of a test with samba trying to connect
>>>> by smbclient...I
>>>>>> am at a dead point.
>>>>> ----
>>>>> no ability to look at the log
>>>> until much, much later.
>>>>>
>>>>> What is output of command...
>>>>>
>>>>> pdbedit -Lv antonio
>>>>
>>>>>
>>>>> ?
>>>>>
>>>>> Craig
>>>>>
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>>
>>>>> --
>>>>> users
>>>> mailing list
>>>>> users at lists.fedoraproject.org
>>>>> To unsubscribe or change
>>>> subscription options:
>>>>> https://admin.fedoraproject.org/mailman/listinfo/users>Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>
>>>> pdbedit -Lv antonio
>>>> INFO: Current debug levels:
>>>> all: True/10
>>>> tdb:
>>>> False/0
>>>> printdrivers: False/0
>>>> lanman: False/0
>>>> smb: False/0
>>>> rpc_parse:
>>>> False/0
>>>> rpc_srv: False/0
>>>> rpc_cli: False/0
>>>> passdb: False/0
>>>> sam: False/0
>>>>
>>>> auth: False/0
>>>> winbind: False/0
>>>> vfs: False/0
>>>> idmap: False/0
>>>> quota:
>>>> False/0
>>>> acls: False/0
>>>> locking: False/0
>>>> msdfs: False/0
>>>> dmapi: False/0
>>>>
>>>> registry: False/0
>>>> doing parameter server string = Samba Server Version %v
>>>> doing
>>>> parameter print command =
>>>> doing parameter guest ok = yes
>>>> doing parameter
>>>> workgroup = workgroup
>>>> doing parameter username map = /etc/samba/smbusers
>>>> doing
>>>> parameter security = user
>>>> doing parameter lprm command =
>>>> doing parameter max
>>>> log size = 50
>>>> doing parameter wins support = Yes
>>>> doing parameter guest account
>>>> = nfsnobody
>>>> pm_process() returned Yes
>>>> lp_servicenumber: couldn't find homes
>>>>
>>>> set_server_role: role = ROLE_STANDALONE
>>>> Attempting to register new charset UCS-
>>>> 2LE
>>>> Registered charset UCS-2LE
>>>> Attempting to register new charset UTF-16LE
>>>>
>>>> Registered charset UTF-16LE
>>>> Attempting to register new charset UCS-2BE
>>>>
>>>> Registered charset UCS-2BE
>>>> Attempting to register new charset UTF-16BE
>>>>
>>>> Registered charset UTF-16BE
>>>> Attempting to register new charset UTF8
>>>> Registered
>>>> charset UTF8
>>>> Attempting to register new charset UTF-8
>>>> Registered charset UTF-8
>>>>
>>>> Attempting to register new charset ASCII
>>>> Registered charset ASCII
>>>> Attempting to
>>>> register new charset 646
>>>> Registered charset 646
>>>> Attempting to register new
>>>> charset ISO-8859-1
>>>> Registered charset ISO-8859-1
>>>> Attempting to register new
>>>> charset UCS2-HEX
>>>> Registered charset UCS2-HEX
>>>> Substituting charset 'UTF-8' for
>>>> LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8' for
>>>> LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8' for
>>>> LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8' for
>>>> LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8' for
>>>> LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8' for
>>>> LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8' for
>>>> LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Netbios name list:-
>>>>
>>>> my_netbios_names[0]="ACER"
>>>> Attempting to register passdb backend ldapsam
>>>>
>>>> Successfully added passdb backend 'ldapsam'
>>>> Attempting to register passdb
>>>> backend ldapsam_compat
>>>> Successfully added passdb backend 'ldapsam_compat'
>>>>
>>>> Attempting to register passdb backend NDS_ldapsam
>>>> Successfully added passdb
>>>> backend 'NDS_ldapsam'
>>>> Attempting to register passdb backend NDS_ldapsam_compat
>>>>
>>>> Successfully added passdb backend 'NDS_ldapsam_compat'
>>>> Attempting to register
>>>> passdb backend smbpasswd
>>>> Successfully added passdb backend 'smbpasswd'
>>>>
>>>> Attempting to register passdb backend tdbsam
>>>> Successfully added passdb backend
>>>> 'tdbsam'
>>>> Attempting to register passdb backend wbc_sam
>>>> Successfully added
>>>> passdb backend 'wbc_sam'
>>>> Attempting to find a passdb backend to match tdbsam
>>>> (tdbsam)
>>>> Found pdb backend tdbsam
>>>> pdb backend tdbsam has a valid init
>>>>
>>>> tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb
>>>>
>>>> pdb_set_username: setting username antonio, was
>>>> pdb_set_domain: setting domain
>>>> ACER, was
>>>> pdb_set_nt_username: setting nt username , was
>>>> pdb_set_full_name:
>>>> setting full name antonio, was
>>>> Home server: acer
>>>> Substituting charset 'UTF-8'
>>>> for LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8'
>>>> for LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8'
>>>> for LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8'
>>>> for LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8'
>>>> for LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8'
>>>> for LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> Substituting charset 'UTF-8'
>>>> for LOCALE
>>>> Substituting charset 'UTF-8' for LOCALE
>>>> pdb_set_homedir: setting
>>>> home dir \\acer\antonio, was
>>>> pdb_set_dir_drive: setting dir drive , was NULL
>>>>
>>>> pdb_set_logon_script: setting logon script , was
>>>> Home server: acer
>>>>
>>>> pdb_set_profile_path: setting profile path \\acer\antonio\profile, was
>>>>
>>>> pdb_set_workstations: setting workstations , was
>>>> account_policy_get: name:
>>>> password history, val: 0
>>>> pdb_set_user_sid: setting user sid S-1-5-21-3734388162-
>>>> 611009795-2949902601-1003
>>>> pdb_set_user_sid_from_rid:
>>>> setting user sid S-1-5-21-
>>>> 3734388162-611009795-2949902601-1003 from rid 1003
>>>> account_policy_get: name:
>>>> maximum password age, val: -1
>>>> Finding user antonio
>>>> Trying _Get_Pwnam(),
>>>> username as lowercase is antonio
>>>> Get_Pwnam_internals did find user [antonio]!
>>>>
>>>> Opening cache file at /var/lib/samba/gencache.tdb
>>>> Opening cache file at
>>>> /var/lib/samba/gencache_notrans.tdb
>>>> Cache entry with key = IDMAP/GID2SID/500
>>>> couldn't be found
>>>> gid_to_sid: winbind failed to find a sid for gid 500
>>>> LEGACY:
>>>> gid 500 -> sid S-1-22-2-500
>>>> account_policy_get: name: password history, val: 0
>>>>
>>>> pdb_set_username: setting username antonio, was
>>>> pdb_set_domain: setting domain
>>>> ACER, was
>>>> pdb_set_nt_username: setting nt username , was
>>>> pdb_set_full_name:
>>>> setting full name antonio, was
>>>> Home server: acer
>>>> pdb_set_homedir: setting home
>>>> dir \\acer\antonio, was
>>>> pdb_set_dir_drive: setting dir drive , was NULL
>>>>
>>>> pdb_set_logon_script: setting logon script , was
>>>> Home server: acer
>>>>
>>>> pdb_set_profile_path: setting profile path \\acer\antonio\profile, was
>>>>
>>>> pdb_set_workstations: setting workstations , was
>>>> account_policy_get: name:
>>>> password history, val: 0
>>>> pdb_set_user_sid: setting user sid S-1-5-21-3734388162-
>>>> 611009795-2949902601-1003
>>>> pdb_set_user_sid_from_rid:
>>>> setting user sid S-1-5-21-
>>>> 3734388162-611009795-2949902601-1003 from rid 1003
>>>> Returning expired cache
>>>> entry: key = IDMAP/SID2GID/S-1-5-21-3734388162-611009795-2949902601-513, value
>>>> = -1, timeout = Mon Feb 21 17:50:39 2011
>>>> Adding cache entry with key =
>>>> IDMAP/SID2GID/S-1-5-21-3734388162-611009795-2949902601-513 and timeout = Thu
>>>> Jan 1 01:00:00 1970
>>>> (-1298307042 seconds in the past)
>>>> winbind failed to find
>>>> a gid for sid S-1-5-21-3734388162-611009795-2949902601-513
>>>>
>>>> lookup_global_sam_rid: looking up RID 513.
>>>> pdb_getsampwrid (TDB): error looking
>>>> up RID 513 by key RID_00000201.
>>>> Can't find a unix id for an unmapped group
>>>>
>>>> LEGACY: mapping failed for sid S-1-5-21-3734388162-611009795-2949902601-513
>>>>
>>>> pdb_set_group_sid: setting group sid S-1-5-21-3734388162-611009795-2949902601-
>>>> 513
>>>> Unix username: antonio
>>>> NT username:
>>>> Account Flags:
>>>> [U ]
>>>> User SID: S-1-5-21-3734388162-611009795-2949902601-
>>>> 1003
>>>> Primary Group SID: S-1-5-21-3734388162-611009795-2949902601-513
>>>> Full
>>>> Name: antonio
>>>> Home Directory: \\acer\antonio
>>>> HomeDir
>>>> Drive:
>>>> Logon Script:
>>>> Profile Path:
>>>> \\acer\antonio\profile
>>>> Domain: ACER
>>>> Account desc:
>>>>
>>>> Workstations:
>>>> Munged dial:
>>>> Logon time: 0
>>>> Logoff
>>>> time: never
>>>> Kickoff time: never
>>>> Password last set: lun, 21
>>>> feb 2011 16:17:06 CET
>>>> account_policy_get: name: minimum password age, val: 0
>>>>
>>>> Password can change: lun, 21 feb 2011 16:17:06 CET
>>>> account_policy_get: name:
>>>> maximum password age, val: -1
>>>> Password must change: never
>>>> Last bad password :
>>>> 0
>>>> Bad password count : 0
>>>> Logon hours :
>>>> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>>> ----
>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html
>>>
>>> specifically, this should help...
>>>
>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#id2598404
>>>
>>> Fix your groups, make sure the user 'antonio' and the group he belongs
>>> to have access to the directory/files in the share.
>>>
>>> Craig
>>>
>>>
>>
>> Craig
>>
>> I made an easy test, no other jobs done, booting with selinux=0, and
>> magic samba is working.
>>
>> How do I debug the selinux policy, it is not a problem of Samba but of
>> Selinux.
>> What is wrong??
>>
>> Tnx
>>
> SELinux error messages are stored in /var/log/audit/audit.log, do you
> have setroubleshoot installed. Probably a labeling or boolean issue.
>
> Also look at
>
> man samba_selinux
> -----BEGIN PGP SIGNATURE-----
>
After my previous post, I went through man samba_selinux just after
dinner, and also samba.conf file, and I understood that I should have
done some homework on selinux labeling and so on :-) : What surprises me
that on a different box in my home selinux is enforced too, but samba is
working fine sharing folders, even if I didn't do my homework (i.e. no
tip&tricks).
The real difference between these two machines is a fresh installation
of F14 (that is having these problems) and an F14 as update (when Samba
was installed Selinux had been disabled).
Set
What do you suggest?? not a problem at home as I am working with Fedora
only, a problem if I want share folders in a Windows environment (this
is a laptop)
When I try to connect to the to-be-shared folder I get (not completely sure)
> type=ANOM_ABEND msg=audit(1298497182.397:43): auid=500 uid=500 gid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=4107 comm="gvfsd-smb-brows" sig=6
> type=USER_AUTH msg=audit(1298497753.618:44): user pid=4318 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=pts/1 res=success'
> type=USER_ACCT msg=audit(1298497753.618:45): user pid=4318 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=pts/1 res=success'
> type=USER_START msg=audit(1298497753.790:46): user pid=4318 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=pts/1 res=success'
> type=CRED_ACQ msg=audit(1298497753.790:47): user pid=4318 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=pts/1 res=success'
> type=USER_END msg=audit(1298497814.426:48): user pid=4318 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=pts/1 res=success'
> type=CRED_DISP msg=audit(1298497814.427:49): user pid=4318 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=pts/1 res=success'
Tnx a lot for help
Antonio M
Skype: amontag52
Linux Fedora F14 (Laughlin) on Acer 5720
http://lugsaronno.altervista.org
www.campingmonterosa.com
www.studiodacolpaloschi.it
More information about the users
mailing list