When trying to access //host/homes i see this in the logs [2003/05/26 19:40:57, 2] auth/auth.c:check_ntlm_password(294) check_ntlm_password: authentication for user [bwlang] -> [bwlang] -> [bwlang] suceeded [2003/05/26 19:40:57, 2] smbd/service.c:make_connection(793) [homes] share not available for this user because it was not found or created at session setup time however access to //host/bwlang works just fine... I'm using the a24 packages from debian unstable from 5/26/03. smb.conf is nothing special - nearly all default settings.
The code that generates this error is only called if: - the user is a guest user - the user has no home directory Are any of these conditions true? Is there a 'guest only' setting that is causing the user to be mapped to guest for the [homes] share (you mention nearly all default settings)? The second condition can be checked by setting 'debug level = 10' and grepping for 'pdb_set_unix_homedir: setting home dir' in the log file.
user is not a guest user user does have a home dir there is no guest only setting if i remove this line and add a smbpasswd file homes works again passdb backend = tdbsam, guest pdbeditl -L says idmap uid range missing or invalid idmap will be unable to map foreign SIDs idmap gid range missing or invalid idmap will be unable to map foreign SIDs ... (lots of users) bwlang:1000: here's the complete smb.conf file that gives rise the homes behaviour # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2003/05/26 19:46:50 # Global parameters [global] workgroup = LANGHORST server string = %h server (Samba %v) obey pam restrictions = Yes passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap.cups dns proxy = No panic action = /usr/share/samba/panic-action %d invalid users = root printing = cups [backup] path = /tmp read only = No guest ok = Yes [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [cdrom] comment = Samba server's CD-ROM path = /cdrom guest ok = Yes locking = No
I've found the cause of the problem: the tdbsam passdb backend doesn't seem to set the unix home directory attribute at all! It should be initialised with the value returned by the getpwnam() system call.
Assigning bug to me.
Hey abartlet, can you take a look at my patch? It seems to do the trick. Index: passdb/pdb_tdb.c =================================================================== RCS file: /data/cvs/samba/source/passdb/pdb_tdb.c,v retrieving revision 1.58.2.13 diff -u -r1.58.2.13 pdb_tdb.c --- passdb/pdb_tdb.c 27 May 2003 07:21:57 -0000 1.58.2.13 +++ passdb/pdb_tdb.c 5 Jun 2003 03:08:28 -0000 @@ -144,6 +144,19 @@ goto done; } + /* Initialise sensible defaults */ + + { + struct passwd *pwfile; + + pwfile = getpwnam_alloc(username); + + if (pwfile) { + pdb_fill_sam_pw(sampass, pwfile); + passwd_free(&pwfile); + } + } + pdb_set_logon_time(sampass, logon_time, PDB_SET); pdb_set_logoff_time(sampass, logoff_time, PDB_SET); pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
This idea with tdbsam is that it does not call getpwnam(). There *was* some code in password.c's 'claim new vuid' code that would do the same call, but I seem to have lost it - either not commited or lost between the two branches, as it does not appear to be there. It's just a fluke that tdbsam is the only 'big' backend not supporting this at the moment - we shouldn't require this. Andrew,
Tim, your fix is _wrong_, we are trying to get all getpw calls out of the passdb backends. My idea was to add an initialization layer out of passdb, had no time. Currently our infrastructure permit use to know if a value has been se tin SAM_ACCOUNT or not, I propose to move the default-filling code that currently is duplicated over each backend, outside the backends, so that we avoid code duplication and different behaviours beetween modules. The reason to take getpw* calls out of passdb backends is that we want to be able to make the famous winbind_pdc module, and that need the passdb backend don't try to loop over itself. Simo.
OK that's fine but what is the correct fix then?
Created attachment 20 [details] Generic solution to the 'no [homes]' problem This is how I intended to fix this.
Abartlet, that's *exactly* what I would have done! Thank you. Simo.
That's becouse it's the change we agreed on back when we were doing the idmap stuff :-)
Patch applied to Samba 3.0 tree.
originally reported against 3.0aph24. Bugzilla spring cleaning. Removing old alpha versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup