Bug 6703 - smbstatus fails with NT_STATUS_ACCESS_DENIED
Summary: smbstatus fails with NT_STATUS_ACCESS_DENIED
Alias: None
Product: Samba 3.3
Classification: Unclassified
Component: Client tools (show other bugs)
Version: 3.3.6
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-09-09 22:31 UTC by Lesley Walker (dead mail address)
Modified: 2011-08-27 08:08 UTC (History)
0 users

See Also:

Patch for 3.4 (1.43 KB, patch)
2009-09-18 11:35 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Lesley Walker (dead mail address) 2009-09-09 22:31:28 UTC
When smbstatus is run as a non-privileged user, the following output is received:

ERROR: Failed to initialise messages database: Permission denied
messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED
messaging_init failed

Works normally when run as root. Used to work for any non-root user in our previous version (which was 3.0.25c)

-------- Operating system ----------
Distributor ID: Debian
Description:    Debian GNU/Linux 4.0 (etch)
Release:        4.0
Codename:       etch

-------- Compile flags ----------
  export CUPS_CONFIG=/opt/cups/bin/cups-config
  export SMB_DIR=samba
  export PATH=/usr/bin:/bin:/usr/sbin:$PATH
  # Versions of software installed and being built
  export LDAP_VERSION="openldap-2.4.11"
  export SAMBA_VERSION="$SMB_DIR-3.3.6"
  # Configure...
  env CPPFLAGS="$CPPFLAGS -I/opt/$LDAP_VERSION/include -I/opt/cups/include" \
      LDFLAGS="$LDFLAGS -L/opt/$LDAP_VERSION/lib -L/opt/cups/lib" \
      ./configure --prefix=/opt/$SAMBA_VERSION \
                  --localstatedir=/var/local/$SAMBA_VERSION \
                  --with-logfilebase=/var/local/$SAMBA_VERSION/logs \
                  --with-configdir=/opt/$SAMBA_VERSION/etc \
                  --with-lockdir=/var/local/$SAMBA_VERSION/locks \
                  --with-swatdir=/opt/$SAMBA_VERSION/swat \
                  --with-privatedir=/opt/$SAMBA_VERSION/etc/private \
                  --enable-cups \
                  --with-ldap \
                  --with-sys-quotas \
                  --with-acl-support \
                  --with-libsmbclient \
                  --with-cifsmount \
                  --enable-socket-wrapper \

-------- Simple patch to work around bug #5886 ----------
--- samba-3.3.6/source/passdb/pdb_ldap.c.orig   2009-06-23 21:35:13.000000000 +1200
+++ samba-3.3.6/source/passdb/pdb_ldap.c        2009-08-11 09:57:33.000000000 +1200
@@ -1733,7 +1733,7 @@
                if ((ber_printf (ber, "{") < 0) ||
                    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
                    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
-                   (ber_printf (ber, "n}") < 0)) {
+                   (ber_printf (ber, "N}") < 0)) {
                        DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));

-------- Debug 10 output ----------
[grlrw0@zzsv01:/var/local/samba/locks/lrw] smbstatus -d 10
INFO: Current debug levels:                               
  all: True/10                                            
  tdb: False/0                                            
  printdrivers: False/0                                   
  lanman: False/0                                         
  smb: False/0                                            
  rpc_parse: False/0                                      
  rpc_srv: False/0                                        
  rpc_cli: False/0                                        
  passdb: False/0                                         
  sam: False/0                                            
  auth: False/0                                           
  winbind: False/0                                        
  vfs: False/0                                            
  idmap: False/0                                          
  quota: False/0                                          
  acls: False/0                                           
  locking: False/0                                        
  msdfs: False/0                                          
  dmapi: False/0                                          
  registry: False/0                                       
lp_load_ex: refreshing parameters                         
Initialising global parameters                            
params.c:pm_process() - Processing configuration file "/opt/samba-3.3.6/etc/smb.conf"
Processing section "[global]"                                                        
doing parameter include = /opt/samba/etc/machine.conf                                
params.c:pm_process() - Processing configuration file "/opt/samba/etc/machine.conf"  
doing parameter interfaces =                                 
doing parameter netbios name = ZZSV01                                                
handle_netbios_name: set global_myname to: ZZSV01                                    
doing parameter server string = Etch Development Office, Wellington, NZ              
doing parameter workgroup = OPUS.CO.NZ                                               
doing parameter display charset = UTF8                                               
Attempting to register new charset UCS-2LE                                           
Registered charset UCS-2LE                                                           
Attempting to register new charset UTF-16LE                                          
Registered charset UTF-16LE                                                          
Attempting to register new charset UCS-2BE                                           
Registered charset UCS-2BE                                                           
Attempting to register new charset UTF-16BE                                          
Registered charset UTF-16BE                                                          
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
doing parameter lock directory = /var/local/samba/locks
doing parameter pid directory = /var/local/samba/locks
doing parameter passdb backend = ldapsam:ldap://localhost
doing parameter ldap admin dn = "uid=sambaBDC,ou=Accounts,dc=opus,dc=co,dc=nz"
doing parameter ldap passwd sync = yes
doing parameter ldap ssl = no
doing parameter ldap suffix = dc=opus,dc=co,dc=nz
doing parameter ldap user suffix = ou=People
doing parameter ldap group suffix = ou=Group
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap idmap suffix = ou=Idmap
doing parameter guest account = nobody
doing parameter enable privileges = yes
doing parameter log level = 1
doing parameter max log size = 1024
doing parameter debug prefix timestamp = yes
doing parameter debug pid = yes
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter cups connection timeout = 30
doing parameter display charset = UTF8
doing parameter domain master = no
doing parameter local master = yes
doing parameter preferred master = no
doing parameter os level = 65
doing parameter time server = true
doing parameter wins server =
doing parameter enhanced browsing = no
doing parameter domain logons = yes
doing parameter encrypt passwords = yes
doing parameter security = user
doing parameter null passwords = yes
doing parameter logon drive = z:
doing parameter logon home = \\%L\%U
doing parameter logon path =
doing parameter host msdfs = yes
doing parameter comment = OpusNet %T
doing parameter dont descend = /proc,/dev,/devices,/kernel,/etc,lost+found,/sbin,/bin
doing parameter writeable = yes
doing parameter create mask = 0771
doing parameter map hidden = yes
doing parameter map system = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_BDC
tdb(unnamed): tdb_open_ex: could not open file /var/local/samba/locks/messages.tdb: Permission denied
ERROR: Failed to initialise messages database: Permission denied
messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED
messaging_init failed
Comment 1 Volker Lendecke 2009-09-18 11:35:30 UTC
Created attachment 4715 [details]
Patch for 3.4

Attached find a patch that fixes the issue for me for the non-clustering case.

Jeremy, can you ack it for 3.4.2 and reassign to Karolin?


Comment 2 Jeremy Allison 2009-09-18 11:37:21 UTC
+1 - obviously good fix !
Karolin please merge for 3.4.2.
Thanks !
Comment 3 Karolin Seeger 2009-09-19 11:36:17 UTC
Pushed. Will be included in 3.4.2.
Closing out bug report.