6703 – smbstatus fails with NT_STATUS_ACCESS_DENIED

Bug 6703 - smbstatus fails with NT_STATUS_ACCESS_DENIED

Summary: smbstatus fails with NT_STATUS_ACCESS_DENIED

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.3
Classification:	Unclassified
Component:	Client tools (show other bugs)
Version:	3.3.6
Hardware:	x86 Linux

Importance:	P3 normal
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-09-09 22:31 UTC by Lesley Walker (dead mail address)
Modified:	2011-08-27 08:08 UTC (History)
CC List:	0 users

See Also:

Attachments
Patch for 3.4 (1.43 KB, patch) 2009-09-18 11:35 UTC, Volker Lendecke	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lesley Walker (dead mail address) 2009-09-09 22:31:28 UTC

When smbstatus is run as a non-privileged user, the following output is received:

ERROR: Failed to initialise messages database: Permission denied
messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED
messaging_init failed

Works normally when run as root. Used to work for any non-root user in our previous version (which was 3.0.25c)

-------- Operating system ----------
Distributor ID: Debian
Description:    Debian GNU/Linux 4.0 (etch)
Release:        4.0
Codename:       etch

-------- Compile flags ----------
  export CUPS_CONFIG=/opt/cups/bin/cups-config
  export SMB_DIR=samba
  export PATH=/usr/bin:/bin:/usr/sbin:$PATH
 
  # Versions of software installed and being built
  export LDAP_VERSION="openldap-2.4.11"
  export SAMBA_VERSION="$SMB_DIR-3.3.6"
 
  # Configure...
  env CPPFLAGS="$CPPFLAGS -I/opt/$LDAP_VERSION/include -I/opt/cups/include" \
      LDFLAGS="$LDFLAGS -L/opt/$LDAP_VERSION/lib -L/opt/cups/lib" \
      ./configure --prefix=/opt/$SAMBA_VERSION \
                  --localstatedir=/var/local/$SAMBA_VERSION \
                  --with-logfilebase=/var/local/$SAMBA_VERSION/logs \
                  --with-configdir=/opt/$SAMBA_VERSION/etc \
                  --with-lockdir=/var/local/$SAMBA_VERSION/locks \
                  --with-swatdir=/opt/$SAMBA_VERSION/swat \
                  --with-privatedir=/opt/$SAMBA_VERSION/etc/private \
                  --enable-cups \
                  --with-ldap \
                  --with-sys-quotas \
                  --with-acl-support \
                  --with-libsmbclient \
                  --with-cifsmount \
                  --enable-socket-wrapper \
                  --enable-nss-wrapper


-------- Simple patch to work around bug #5886 ----------
--- samba-3.3.6/source/passdb/pdb_ldap.c.orig   2009-06-23 21:35:13.000000000 +1200
+++ samba-3.3.6/source/passdb/pdb_ldap.c        2009-08-11 09:57:33.000000000 +1200
@@ -1733,7 +1733,7 @@
                if ((ber_printf (ber, "{") < 0) ||
                    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
                    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
-                   (ber_printf (ber, "n}") < 0)) {
+                   (ber_printf (ber, "N}") < 0)) {
                        DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
                        ber_free(ber,1);
                        SAFE_FREE(utf8_dn);


-------- Debug 10 output ----------
[grlrw0@zzsv01:/var/local/samba/locks/lrw] smbstatus -d 10
INFO: Current debug levels:                               
  all: True/10                                            
  tdb: False/0                                            
  printdrivers: False/0                                   
  lanman: False/0                                         
  smb: False/0                                            
  rpc_parse: False/0                                      
  rpc_srv: False/0                                        
  rpc_cli: False/0                                        
  passdb: False/0                                         
  sam: False/0                                            
  auth: False/0                                           
  winbind: False/0                                        
  vfs: False/0                                            
  idmap: False/0                                          
  quota: False/0                                          
  acls: False/0                                           
  locking: False/0                                        
  msdfs: False/0                                          
  dmapi: False/0                                          
  registry: False/0                                       
lp_load_ex: refreshing parameters                         
Initialising global parameters                            
params.c:pm_process() - Processing configuration file "/opt/samba-3.3.6/etc/smb.conf"
Processing section "[global]"                                                        
doing parameter include = /opt/samba/etc/machine.conf                                
params.c:pm_process() - Processing configuration file "/opt/samba/etc/machine.conf"  
doing parameter interfaces = 10.0.4.31/255.255.252.0                                 
doing parameter netbios name = ZZSV01                                                
handle_netbios_name: set global_myname to: ZZSV01                                    
doing parameter server string = Etch Development Office, Wellington, NZ              
doing parameter workgroup = OPUS.CO.NZ                                               
doing parameter display charset = UTF8                                               
Attempting to register new charset UCS-2LE                                           
Registered charset UCS-2LE                                                           
Attempting to register new charset UTF-16LE                                          
Registered charset UTF-16LE                                                          
Attempting to register new charset UCS-2BE                                           
Registered charset UCS-2BE                                                           
Attempting to register new charset UTF-16BE                                          
Registered charset UTF-16BE                                                          
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
doing parameter lock directory = /var/local/samba/locks
doing parameter pid directory = /var/local/samba/locks
doing parameter passdb backend = ldapsam:ldap://localhost
doing parameter ldap admin dn = "uid=sambaBDC,ou=Accounts,dc=opus,dc=co,dc=nz"
doing parameter ldap passwd sync = yes
doing parameter ldap ssl = no
doing parameter ldap suffix = dc=opus,dc=co,dc=nz
doing parameter ldap user suffix = ou=People
doing parameter ldap group suffix = ou=Group
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap idmap suffix = ou=Idmap
doing parameter guest account = nobody
doing parameter enable privileges = yes
doing parameter log level = 1
doing parameter max log size = 1024
doing parameter debug prefix timestamp = yes
doing parameter debug pid = yes
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter cups connection timeout = 30
doing parameter display charset = UTF8
doing parameter domain master = no
doing parameter local master = yes
doing parameter preferred master = no
doing parameter os level = 65
doing parameter time server = true
doing parameter wins server = 10.0.56.1
doing parameter enhanced browsing = no
doing parameter domain logons = yes
doing parameter encrypt passwords = yes
doing parameter security = user
doing parameter null passwords = yes
doing parameter logon drive = z:
doing parameter logon home = \\%L\%U
doing parameter logon path =
doing parameter host msdfs = yes
doing parameter comment = OpusNet %T
doing parameter dont descend = /proc,/dev,/devices,/kernel,/etc,lost+found,/sbin,/bin
doing parameter writeable = yes
doing parameter create mask = 0771
doing parameter map hidden = yes
doing parameter map system = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_BDC
tdb(unnamed): tdb_open_ex: could not open file /var/local/samba/locks/messages.tdb: Permission denied
ERROR: Failed to initialise messages database: Permission denied
messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED
messaging_init failed
[grlrw0@zzsv01:/var/local/samba/locks/lrw]

Comment 1 Volker Lendecke 2009-09-18 11:35:30 UTC

Created attachment 4715 [details]
Patch for 3.4

Attached find a patch that fixes the issue for me for the non-clustering case.

Jeremy, can you ack it for 3.4.2 and reassign to Karolin?

Thanks,

Volker

Comment 2 Jeremy Allison 2009-09-18 11:37:21 UTC

+1 - obviously good fix !
Karolin please merge for 3.4.2.
Thanks !
Jeremy.

Comment 3 Karolin Seeger 2009-09-19 11:36:17 UTC

Pushed. Will be included in 3.4.2.
Closing out bug report.

Thanks!