(I use samba 3.0.33) I don't know why some user's permission changed to read only suddenly. Users access to files via msdfs to files. If this case happened,the user must logout from windowsXP(SP2). The user must change to ID:samba for force user config. But suddenly force user did not work. ----readonly access log---- [2009/02/27 18:25:06, 3] smbd/process.c:switch_message(927) switch message SMBntcreateX (pid 6656) conn 0x552b04ba70 [2009/02/27 18:25:06, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (901, 903) - sec_ctx_stack_ndx = 0 [2009/02/27 18:25:06, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-148211337-2714050329-3066933918-19000 contains 6 SIDs SID[ 0]: S-1-5-21-148211337-2714050329-3066933918-19000 SID[ 1]: S-1-5-21-148211337-2714050329-3066933918-2801 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-903 SE_PRIV 0x0 0x0 0x0 0x0 [2009/02/27 18:25:06, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 901 Primary group is 903 and contains 1 supplementary groups Group[ 0]: 903 [2009/02/27 18:25:06, 5] smbd/uid.c:change_to_user(273) change_to_user uid=(901,901) gid=(0,903) [2009/02/27 18:25:06, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /samba_home/sda1/GROUP/b_SOUMU/2_SOUMU [2009/02/27 18:25:06, 10] smbd/nttrans.c:reply_ntcreate_and_X(515) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2009/02/27 18:25:06, 5] smbd/filename.c:unix_convert(147) unix_convert called on file "15_oa/03_lease/lease.xls" [2009/02/27 18:25:06, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [15_oa/03_lease/lease.XLS] -> [15_oa/03_lease/lease.xls] [2009/02/27 18:25:06, 3] smbd/dosmode.c:unix_mode(142) unix_mode(15_oa/03_lease/lease.xls) returning 0664 [2009/02/27 18:25:06, 10] smbd/open.c:open_file_ntcreate(1184) open_file_ntcreate: fname=15_oa/03_lease/lease.xls, dos_attrs=0x80 access_mask=0x2019f share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0664 oplock_request=3 [2009/02/27 18:25:06, 8] smbd/dosmode.c:dos_mode(371) dos_mode: 15_oa/03_lease/lease.xls [2009/02/27 18:25:06, 8] smbd/dosmode.c:dos_mode_from_sbuf(188) dos_mode_from_sbuf returning [2009/02/27 18:25:06, 8] smbd/dosmode.c:dos_mode(409) dos_mode returning [2009/02/27 18:25:06, 10] smbd/open.c:open_file_ntcreate(1347) open_file_ntcreate: fname=15_oa/03_lease/lease.xls, after mapping access_mask=0x2019f [2009/02/27 18:25:06, 5] smbd/files.c:file_new(123) allocated file structure 8591, fnum = 12687 (3 used) [2009/02/27 18:25:06, 4] smbd/open.c:open_file_ntcreate(1605) calling open_file with flags=0x2 flags2=0x0 mode=0664, access_mask = 0x2019f, open_access_mask = 0x2019f [2009/02/27 18:25:06, 10] smbd/open.c:fd_open(67) fd_open: name 15_oa/03_lease/lease.xls, flags = 02 mode = 0664, fd = -1. Permission denied [2009/02/27 18:25:06, 3] smbd/open.c:open_file(301) Error opening file 15_oa/03_lease/lease.xls (NT_STATUS_ACCESS_DENIED) (local_flags=2) (flags=2) [2009/02/27 18:25:06, 5] smbd/files.c:file_free(454) freed files structure 12687 (2 used) [2009/02/27 18:25:06, 3] smbd/error.c:error_packet_set(106) error packet at smbd/nttrans.c(805) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2009/02/27 18:25:06, 5] lib/util.c:show_msg(484) [2009/02/27 18:25:06, 5] lib/util.c:show_msg(494) ----access OK log---- [2009/02/27 18:25:11, 3] smbd/process.c:switch_message(927) switch message SMBclose (pid 6656) conn 0x552b04ba70 [2009/02/27 18:25:11, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (901, 903) - sec_ctx_stack_ndx = 0 [2009/02/27 18:25:11, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-148211337-2714050329-3066933918-19000 contains 6 SIDs SID[ 0]: S-1-5-21-148211337-2714050329-3066933918-19000 SID[ 1]: S-1-5-21-148211337-2714050329-3066933918-2801 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-903 SE_PRIV 0x0 0x0 0x0 0x0 [2009/02/27 18:25:11, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 901 Primary group is 903 and contains 1 supplementary groups Group[ 0]: 903 [2009/02/27 18:25:11, 5] smbd/uid.c:change_to_user(273) change_to_user uid=(901,901) gid=(0,903) [2009/02/27 18:25:11, 3] smbd/reply.c:reply_close(3338) close fd=29 fnum=12690 (numopen=2) [2009/02/27 18:25:11, 10] locking/locking.c:parse_share_modes(523) parse_share_modes: delete_on_close: 0, num_share_modes: 2 [2009/02/27 18:25:11, 10] locking/locking.c:parse_share_modes(623) parse_share_modes: share_mode_entry[0]: pid = 6656, share_access = 0x3, private_options = 0x40, access_mask = 0x20089, mid = 0x0, type= 0x3, fi le_id = 1231, uid = 901, flags = 0, dev = 0xfd00, inode = 223313943 [2009/02/27 18:25:11, 10] locking/locking.c:parse_share_modes(623) parse_share_modes: share_mode_entry[1]: UNUSED pid = 6656, share_access = 0x7, private_options = 0x0, access_mask = 0x100080, mid = 0x0, type= 0 x40, file_id = 1233, uid = 901, flags = 0, dev = 0xfd00, inode = 223313943 [2009/02/27 18:25:11, 10] smbd/oplock_linux.c:linux_release_kernel_oplock(149) linux_release_kernel_oplock: file 15_oa/03_lease/lease.xls, dev = fd00, inode = 223313943 file_id = 1231 has kernel oplock state of 1. [2009/02/27 18:25:11, 10] locking/posix.c:get_windows_lock_ref_count(545) get_windows_lock_count for file 15_oa/03_lease/lease.xls = 0 [2009/02/27 18:25:11, 10] locking/posix.c:delete_windows_lock_ref_count(559) delete_windows_lock_ref_count for file 15_oa/03_lease/lease.xls [2009/02/27 18:25:11, 2] smbd/close.c:close_normal_file(406) samba closed file 15_oa/03_lease/lease.xls (numopen=1) NT_STATUS_OK [2009/02/27 18:25:11, 5] smbd/files.c:file_free(454) freed files structure 12690 (2 used) -- smb.conf -- [global] dos charset = cp932 unix charset = eucjp-ms display charset = cp932 workgroup = DOM server string = file-sv1 passdb backend = ldapsam:"ldap://10.110.1.80:389 ldap://10.110.1.90:389" max log size = 15000 # For debugging 2008/11/6 log level = 1 log file = /usr/local/samba/var/new/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = Yes security = user encrypt passwords = Yes server schannel = auto os level = 64 preferred master = Yes domain master = Yes local master = Yes wins server = 10.110.1.80 ldap ssl = no ldap admin dn = cn=Manager,dc=dom ldap delete dn = Yes ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap suffix = dc=dom ldap user suffix = ou=Users ldap passwd sync = yes nt acl support = No host msdfs = Yes keepalive = 300 [GROUP] path = /samba_home/DFS_ROOT_GROUP_FILE-SV1 msdfs root = Yes [2_SOUMU] path = /samba_home/sda1/GROUP/b_SOUMU/2_SOUMU browseable = No read only = No valid users = @g00205, @g00206, @g00001,@g00002, @"Domain Admins" write list = @g00205, @"Domain Admins" read list = @g00206,@g00001,@g00002 force user = samba delete readonly = Yes create mask = 664 directory mask = 775 cd /samba_home/DFS_ROOT_SHONAI_FILE-SV1/b_SOUMU ls -al 2_SOUMU -> msdfs:file-sv1\2_SOUMU cd /samba_home/DFS_ROOT_SHONAI_FILE-SV1/b_SOUMU ls -al drwxrwsr-x 27 samba g00205 4096 Feb 27 18:49 2_SOUMU This problem happened samba 3.0.22,too.
I'm so sorry. I found the cause. This is my big mistake. Some SIDs are duplicated.