Bug 4145 - Update to 3.0.23c cannot understand "@groupname" in smb.conf
Update to 3.0.23c cannot understand "@groupname" in smb.conf
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.23c
x86 Windows XP
: P3 major
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
http://www.fedoraforum.org/forum/show...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-03 12:57 UTC by Luis Felipe Marzagao
Modified: 2008-03-19 18:03 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luis Felipe Marzagao 2006-10-03 12:57:34 UTC
Distribution: FC5
Samba version 3.0.23c-1.fc5

I discovered, for an exemple, if you have a user group with 3 members (Alan, Baker, Clive), before 3.0.23c this line at smb.conf worked fine:
 
valid users = @group
 
But with 3.0.23c update it doesn't work anymore.
 
You have to replace the line like this:
 
valid users = Alan, Baker, Clive
 
I mean, replace the "@groupname" with the complete userlist of the group separated by commas.
 
It´s a quick solution, but some groups are big and it´s kind of hard to do that with all of them.
 
Other people are experiencing the same problem, as related at fedora forum (http://www.fedoraforum.org/forum/showthread.php?t=125460).
 
 
I´d appreciate any help or comments.
 
 
The workstation I´m trying to access the shares from is a Windows XP one, and it´s name is "rbsm204".
 
The user is "felipe" and he belongs to "admin" group.
 
I found this at my workstation log (attached):
 
[2006/09/30 14:58:35, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid @admin does not start with 'S-'.
[2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(423)
Unable to get default yp domain, let's try without specifying it [2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(427)
looking for user felipe of domain (ANY) in netgroup admin [2006/09/30 14:58:35, 0] lib/fault.c:fault_report(41)
===============================================================
[2006/09/30 14:58:35, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 11 in pid 13861 (3.0.23c-1.fc5)
Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/09/30 14:58:35, 0] lib/fault.c:fault_report(44)
From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/09/30 14:58:35, 0] lib/fault.c:fault_report(45)
===============================================================
[2006/09/30 14:58:35, 0] lib/util.c:smb_panic(1614)
PANIC (pid 13861): internal error
[2006/09/30 14:58:35, 0] lib/util.c:log_stack_trace(1721)
BACKTRACE: 19 stack frames:
#0 smbd(log_stack_trace+0x2d) [0x8a78ad]
#1 smbd(smb_panic+0x5d) [0x8a79dd]
#2 smbd [0x89351a]
#3 [0xa5f420]
#4 /lib/libc.so.6(__strdup+0x1f) [0x346893]
#5 /lib/libnsl.so.1(nis_list+0x5d2) [0xc64b5f]
#6 /lib/libnss_nisplus.so.2(_nss_nisplus_setnetgrent+0x8f) [0x51262e]
#7 /lib/libc.so.6(innetgr+0xb2) [0x3c1d05]
#8 smbd(user_in_netgroup+0x65) [0x6de1e5]
#9 smbd(token_contains_name_in_list+0x23d) [0x6e0bdd]
#10 smbd(change_to_user+0x4d2) [0x71f642]
#11 smbd [0x73eb38]
#12 smbd(make_connection+0x194) [0x73ffa4]
#13 smbd(reply_tcon_and_X+0x21d) [0x7038ed]
#14 smbd [0x73b0e0]
#15 smbd(smbd_process+0x7ab) [0x73c21b]
#16 smbd(main+0xbd0) [0x955f90]
#17 /lib/libc.so.6(__libc_start_main+0xdc) [0x2f24e4]
#18 smbd [0x6c6701]
[2006/09/30 14:58:35, 0] lib/fault.c:dump_core(173)
dumping core in /var/log/samba/cores/smbd


Version-Release number of selected component (if applicable):
samba-3.0.23c-1.fc5

How reproducible:
Always


Steps to Reproduce:
1. Insert, for example, any groups at smb.conf, such as valid users = @marketing
2. Everything works fine.
3. Update to samba 3.0.23c-1.fc5
4. Try to access the share containing the "@" from Windows XP
5. It wont´t access the share, altough it´s visible from explorer at Windows XP
6. Remove the "@" sign from smb.conf and replace it with the actual users from the group, separated by commas, such as "clive, celina, owen"
7. Access the share. It will work.

Actual Results:
"The share you specified is not accessible anymore"

Log files (debug level 10) available at:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208718

Thanks a lot.
Luis Felipe
Comment 1 Volker Lendecke 2006-10-03 12:58:51 UTC
Quick test: Does +group instead of @group work? Assuming you're not using NIS this should lead to the same results.

Volker
Comment 2 Luis Felipe Marzagao 2006-10-03 13:20:23 UTC
(In reply to comment #1)
> Quick test: Does +group instead of @group work? Assuming you're not using NIS
> this should lead to the same results.
> 
> Volker
> 

Yes, not using NIS.

Yes, +group worked.

Luis Felipe
Comment 3 Volker Lendecke 2006-10-03 14:39:44 UTC
Ok. 99% this is a libc problem on fc5. I'd need access to such a box including a compilation environment to step through it to really nail it. If you can live with + instead of @ then I'd say I'd leave that for later.

Volker
Comment 4 Luis Felipe Marzagao 2006-10-03 14:49:23 UTC
(In reply to comment #3)
> Ok. 99% this is a libc problem on fc5. I'd need access to such a box including
> a compilation environment to step through it to really nail it. If you can live
> with + instead of @ then I'd say I'd leave that for later.
> 
> Volker
> 

Yes, no problem at all about the +!!

I´ve also informed other people at fedora forum with the same problem and it worked for them as well.

Sure it can be left later.

I´m just glad I could help in some way the project, since I´m not a programmer or anything.

Thanks a lot for the immediate help and all of the attention.

Luis Felipe
Comment 5 Rex Dieter 2006-10-05 10:07:08 UTC
I'm using rhel4, same problem, but we *are* using NIS.  +group didn't work either.
Comment 6 Catalin Patulea 2006-10-23 01:10:47 UTC
Workaround for machines that don't use NIS:
Edit /etc/nsswitch.conf and change "netgroup: nisplus" to "netgroup: files".
(Using "+" instead of "@" not necessary in this case.)

Looks like the crash is in glibc's NIS implementation. See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208718 .
Comment 7 Shane Hill 2008-03-19 18:03:21 UTC
I'm having the same problem with Ubuntu Gutsy Gibbon running Samba 3.0.26a. I have changed from using @group to +group and this also seems to work for me. I just now need to find the subtle difference between these two group types. Thanks.