The Samba-Bugzilla – Bug 4145
Update to 3.0.23c cannot understand "@groupname" in smb.conf
Last modified: 2008-03-19 18:03:21 UTC
Samba version 3.0.23c-1.fc5
I discovered, for an exemple, if you have a user group with 3 members (Alan, Baker, Clive), before 3.0.23c this line at smb.conf worked fine:
valid users = @group
But with 3.0.23c update it doesn't work anymore.
You have to replace the line like this:
valid users = Alan, Baker, Clive
I mean, replace the "@groupname" with the complete userlist of the group separated by commas.
It´s a quick solution, but some groups are big and it´s kind of hard to do that with all of them.
Other people are experiencing the same problem, as related at fedora forum (http://www.fedoraforum.org/forum/showthread.php?t=125460).
I´d appreciate any help or comments.
The workstation I´m trying to access the shares from is a Windows XP one, and it´s name is "rbsm204".
The user is "felipe" and he belongs to "admin" group.
I found this at my workstation log (attached):
[2006/09/30 14:58:35, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid @admin does not start with 'S-'.
[2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(423)
Unable to get default yp domain, let's try without specifying it [2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(427)
looking for user felipe of domain (ANY) in netgroup admin [2006/09/30 14:58:35, 0] lib/fault.c:fault_report(41)
[2006/09/30 14:58:35, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 11 in pid 13861 (3.0.23c-1.fc5)
Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/09/30 14:58:35, 0] lib/fault.c:fault_report(44)
[2006/09/30 14:58:35, 0] lib/fault.c:fault_report(45)
[2006/09/30 14:58:35, 0] lib/util.c:smb_panic(1614)
PANIC (pid 13861): internal error
[2006/09/30 14:58:35, 0] lib/util.c:log_stack_trace(1721)
BACKTRACE: 19 stack frames:
#0 smbd(log_stack_trace+0x2d) [0x8a78ad]
#1 smbd(smb_panic+0x5d) [0x8a79dd]
#2 smbd [0x89351a]
#4 /lib/libc.so.6(__strdup+0x1f) [0x346893]
#5 /lib/libnsl.so.1(nis_list+0x5d2) [0xc64b5f]
#6 /lib/libnss_nisplus.so.2(_nss_nisplus_setnetgrent+0x8f) [0x51262e]
#7 /lib/libc.so.6(innetgr+0xb2) [0x3c1d05]
#8 smbd(user_in_netgroup+0x65) [0x6de1e5]
#9 smbd(token_contains_name_in_list+0x23d) [0x6e0bdd]
#10 smbd(change_to_user+0x4d2) [0x71f642]
#11 smbd [0x73eb38]
#12 smbd(make_connection+0x194) [0x73ffa4]
#13 smbd(reply_tcon_and_X+0x21d) [0x7038ed]
#14 smbd [0x73b0e0]
#15 smbd(smbd_process+0x7ab) [0x73c21b]
#16 smbd(main+0xbd0) [0x955f90]
#17 /lib/libc.so.6(__libc_start_main+0xdc) [0x2f24e4]
#18 smbd [0x6c6701]
[2006/09/30 14:58:35, 0] lib/fault.c:dump_core(173)
dumping core in /var/log/samba/cores/smbd
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Insert, for example, any groups at smb.conf, such as valid users = @marketing
2. Everything works fine.
3. Update to samba 3.0.23c-1.fc5
4. Try to access the share containing the "@" from Windows XP
5. It wont´t access the share, altough it´s visible from explorer at Windows XP
6. Remove the "@" sign from smb.conf and replace it with the actual users from the group, separated by commas, such as "clive, celina, owen"
7. Access the share. It will work.
"The share you specified is not accessible anymore"
Log files (debug level 10) available at:
Thanks a lot.
Quick test: Does +group instead of @group work? Assuming you're not using NIS this should lead to the same results.
(In reply to comment #1)
> Quick test: Does +group instead of @group work? Assuming you're not using NIS
> this should lead to the same results.
Yes, not using NIS.
Yes, +group worked.
Ok. 99% this is a libc problem on fc5. I'd need access to such a box including a compilation environment to step through it to really nail it. If you can live with + instead of @ then I'd say I'd leave that for later.
(In reply to comment #3)
> Ok. 99% this is a libc problem on fc5. I'd need access to such a box including
> a compilation environment to step through it to really nail it. If you can live
> with + instead of @ then I'd say I'd leave that for later.
Yes, no problem at all about the +!!
I´ve also informed other people at fedora forum with the same problem and it worked for them as well.
Sure it can be left later.
I´m just glad I could help in some way the project, since I´m not a programmer or anything.
Thanks a lot for the immediate help and all of the attention.
I'm using rhel4, same problem, but we *are* using NIS. +group didn't work either.
Workaround for machines that don't use NIS:
Edit /etc/nsswitch.conf and change "netgroup: nisplus" to "netgroup: files".
(Using "+" instead of "@" not necessary in this case.)
Looks like the crash is in glibc's NIS implementation. See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208718 .
I'm having the same problem with Ubuntu Gutsy Gibbon running Samba 3.0.26a. I have changed from using @group to +group and this also seems to work for me. I just now need to find the subtle difference between these two group types. Thanks.