Bug 5340 - Profiles share not accessible any more
Summary: Profiles share not accessible any more
Status: NEW
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.28a
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 5339
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-20 04:11 UTC by Sysadmin HTL-Leonding
Modified: 2008-04-02 00:25 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sysadmin HTL-Leonding 2008-03-20 04:11:09 UTC
Distribution: Gentoo

Since the upgrade to 3.0.28a it is not possible to mount the profiles share (or the subfolders of it) any more.

The error message of smbclient is
tree connect failed: NT_STATUS_NO_SUCH_USER

It is possible to mount the home share or other shares.

Configuration:

[profiles]
path= /profiles
read only=no
writeable=yes
create mask=0600
directory mask =0700
browseable= no
guest ok=yes
profile acls= yes
csc policy= disable
force user=%U
valid users=%U @"Domain Admins"
locking =no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
nt acl support=yes
Comment 1 Volker Lendecke 2008-03-20 04:16:39 UTC
From which release did you upgrade? And please send in a debug level 10 log of the smbd process to which the client is connecting to.

Volker
Comment 2 Sysadmin HTL-Leonding 2008-03-20 04:28:13 UTC
Upgraded from 3.0.28 to 3.0.28a (with 3.0.28 no problems in this case) (it also worked with previous versions). Didn't change the config file.

I won't send you debug level 10 messages from this system, but if it helps you I'll try it on another system and then send you debug level 10 messages from the second system, but this will take a few days until I'm ready.

Maybe something has changed between 3.0.28 and 3.0.28a and is causing my trouble?
Comment 3 Sysadmin HTL-Leonding 2008-03-29 03:11:10 UTC
Sorry no debug level 10 logs yet, but an important information.

The issue occurs when following conditions are met:
* Samba 3.0.28a and a "running" winbind-daemon (winbind seems to be broken in 3.0.28a see my bug 5339)
* The share to which you want to connect has the option force user=%U set

Winbind must only be running, it must not be necessary nor in the nsswitch.conf to show the behaviour (at least on my computer)

Seems as if the server doesn't permit access to the share any more (although he is a PDC itself and the user is a user from its own domain). Don't know whether this is really intentional or not, because even without winbind I think it should work with local users.

When you remove the user=%U option from the share it works even in this case (but I don't think this is really what is wanted).
Comment 4 Sysadmin HTL-Leonding 2008-04-02 00:25:15 UTC
Please see Bug 5339 for log level 10 files, hope it helps you