Bug 4213 - Permission denied errors when accessing shares on second DC after upgrade
Summary: Permission denied errors when accessing shares on second DC after upgrade
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.23c
Hardware: x86 Windows XP
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-08 02:55 UTC by Marc Muehlfeld
Modified: 2018-12-09 16:48 UTC (History)
1 user (show)

See Also:

Attachments
Debug Level 10 LogFile (628.09 KB, text/plain)
2006-11-08 02:58 UTC, Marc Muehlfeld 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Muehlfeld 2006-11-08 02:55:42 UTC 
Hello,

since updating Samba from 3.0.22 to 3.0.23c I have trouble accessing shares on my first DC from computers out of my second domain.

I have two DomainControllers (MUC, PASING). On both DC I have a domaingroup "zyto" (mapped name is "Zytogenetik") with gid=202 and a user muehlfeld with uid=1061. Passdb are different ldap subtrees. The SIDs of the group and the user differs, because of the different Domain-SID. Both domains trust 

each other.

I have a share "MetaSetup" on my DC of domain MUC. From any workstation on MUC I can access it like before I updated to 3.0.23c, but from workstations out of domain PASING, I get a "Permission denied" error.

The logfile now shows me at debug level 10:
chdir (/shares/MetaSystems/MetaSetup) failed

But im able to enter this directory, because my user is in group zyto:

# la -d /shares/MetaSystems/MetaSetup
drwxrws---  25 zytogenetik zyto 736 Nov  7 13:05 /shares/MetaSystems/MetaSetup

This is the section for this share:

[MetaSetup]
        path = /shares/MetaSystems/MetaSetup
        browseable = yes
        force create mode = 0660
        force directory mode = 2770
        guest ok = no
        #valid users = +"MUC\Zytogenetik" +"PASING\Zytogenetik"
        #invalid users =

When I enable "in/valid users", like it was before, i don`t get the permission denied error, I get a request window for username and password. If I logon there with PASING\muehlfeld, I can enter the share. But I need the automatic mapping again, because the share is mapped in logonscript.

Yesterday I tried out some different settings (set sambaGroupType from 2 to 4) and changed valid users to "+Zytogenetik", and it worked after a reload. Then I did a restart without changing anything else, and it quit working again. I tried to reproduce this, and got the same after many retries again. But happens very sporadically.


Best regards Marc


PS: I think winbind could be a better way to do, but I tried and was only able to get users and groups from the other domain, not from the own, when I run it on my DC. Is this planed for future releases?
Comment 1 Marc Muehlfeld 2006-11-08 02:58:27 UTC 
Created attachment 2201 [details]
Debug Level 10 LogFile
Comment 2 Björn Jacke 2018-12-09 16:48:46 UTC 
i haven't seen any issue like this in the last years. this is probably not a problem anymore,