8986 – S3FS "The parameter is incorrect" on Win7

Bug 8986 - S3FS "The parameter is incorrect" on Win7

Summary: S3FS "The parameter is incorrect" on Win7

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	unspecified
Hardware:	All Windows 7

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Tridgell
QA Contact:	samba4-qa@samba.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-06-07 14:52 UTC by Brendan Powers
Modified:	2020-05-09 11:12 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brendan Powers 2012-06-07 14:52:34 UTC

When accessing a share from a Windows 7 or Windows Server 2008 R2 computer not joined to the domain, the user receives the error "The parameter is incorrect". If the same machine is then joined to the domain, the user is able to browse the share as expected.

I similar but related issue also occurs on Windows XP computers. When accessing a share the user can browse normally. However I have observed two odd behaviors. The first, and most common is that the security tab does not appear when a file is right clicked and properties is selected. The other, less common behavior is that the security tab appears, and the user is able to view permissions. However, upon clicking the button to add a new permission, an error dialog appears with the message "The parameter is incorrect".

Andrew Bartlett suggested this may be related to bug #8630.

Tested Samba Versions: Alpha21, Beta1 with S3FS enabled
Test Windows Versions: Windows 7, Windows 2008 R2, Windows XP

Steps to reproduce:
2) Check out samba4 Beta1
3) Configure with: ./configure.developer --enable-fhs
--prefix=/usr/local/ --with-syslog --with-logfilebase=/var/log/samba
--enable-cups --with-pam --with-acl-support
4) Provision with: provision --realm=testdom.lan --domain=TESTDOM
--adminpass=AdminPw123 --server-role=dc
5) Configure bind 9.8 do use the DLZ plugin and dynamic updates.
6) Create a new share in smb.conf, and it's associated folder.
7) From a Windows 7 computer that is not joined to the domain, browse to the server and click on the share. You should see an error pop up with the message "The parameter is incorrect".
8) Join the computer to the domain, and re-try step 7. There should be no error, and you can browse the share normally.

Here is the debug output from smbd on debug level 6.
[2012/06/05 17:05:22.862073,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user
[2012/06/05 17:05:22.864062,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user
[2012/06/05 17:05:23.131296,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user
[2012/06/05 17:05:23.153535,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user
[2012/06/05 17:05:23.157871,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user
[2012/06/05 17:05:23.161065,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user
[2012/06/05 17:05:23.163268,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user
[2012/06/05 17:05:23.166431,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user
[2012/06/05 17:05:23.168276,  4] ../source3/smbd/sec_ctx.c:315(set_sec_ctx)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/05 17:05:23.168547,  5]
../libcli/security/security_token.c:53(security_token_debug)
 Security token: (NULL)
[2012/06/05 17:05:23.168699,  5]
../source3/auth/token_util.c:528(debug_unix_user_token)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2012/06/05 17:05:23.169007,  5]
../source3/smbd/uid.c:343(smbd_change_to_root_user)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2012/06/05 17:05:23.169302,  3] ../source3/lib/access.c:338(allow_access)
 Allowed connection from 10.0.1.81 (10.0.1.81)
[2012/06/05 17:05:23.169783,  3]
../source3/smbd/service.c:631(make_connection_snum)
 Connect path is
'/usr/local/var/lib/samba/sysvol/testdom.lan/scripts' for service
[netlogon]
[2012/06/05 17:05:23.170265,  3] ../source3/smbd/vfs.c:102(vfs_init_default)
 Initialising default vfs hooks
[2012/06/05 17:05:23.170452,  3] ../source3/smbd/vfs.c:128(vfs_init_custom)
 Initialising custom vfs hooks from [/[Default VFS]/]
 Successfully loaded vfs module [/[Default VFS]/] with the new modules system
[2012/06/05 17:05:23.170721,  3] ../source3/smbd/vfs.c:128(vfs_init_custom)
 Initialising custom vfs hooks from [acl_xattr]
[2012/06/05 17:05:23.170919,  5] ../source3/smbd/vfs.c:168(vfs_init_custom)
 vfs module [acl_xattr] not loaded - trying to load...
[2012/06/05 17:05:23.172003,  5] ../lib/util/modules.c:174(do_smb_load_module)
 Loading module 'acl_xattr'
[2012/06/05 17:05:23.172172,  5] ../lib/util/modules.c:188(do_smb_load_module)
 Loading module 'acl_xattr': Trying to load from
/usr/local/lib/samba/vfs/acl_xattr.so
[2012/06/05 17:05:23.181741,  2] ../lib/util/modules.c:198(do_smb_load_module)
 Module 'acl_xattr' loaded
[2012/06/05 17:05:23.182123,  5] ../source3/smbd/vfs.c:92(smb_register_vfs)
 Successfully added vfs backend 'acl_xattr'
 Successfully loaded vfs module [acl_xattr] with the new modules system
[2012/06/05 17:05:23.182592,  5]
../source3/smbd/connection.c:158(claim_connection)
 claiming [netlogon]
[2012/06/05 17:05:23.182664,  5]
../lib/dbwrap/dbwrap.c:156(dbwrap_check_lock_order)
 used=0, lock_order=1, idx=7
[2012/06/05 17:05:23.182809,  2]
../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
 connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service netlogon
[2012/06/05 17:05:23.183585,  5]
../source3/lib/messages.c:293(messaging_register)
 Registering messaging pointer for type 784 - private_data=0x9cc0b30
[2012/06/05 17:05:23.184011,  4] ../source3/smbd/sec_ctx.c:315(set_sec_ctx)
 setting sec ctx (0, 100) - sec_ctx_stack_ndx = 0
[2012/06/05 17:05:23.184084,  5]
../libcli/security/security_token.c:63(security_token_debug)
 Security token SIDs (12):
   SID[  0]: S-1-5-21-97711526-666453636-1641050529-500
   SID[  1]: S-1-5-21-97711526-666453636-1641050529-513
   SID[  2]: S-1-5-21-97711526-666453636-1641050529-520
   SID[  3]: S-1-5-21-97711526-666453636-1641050529-572
   SID[  4]: S-1-5-21-97711526-666453636-1641050529-519
   SID[  5]: S-1-5-21-97711526-666453636-1641050529-518
   SID[  6]: S-1-5-21-97711526-666453636-1641050529-512
   SID[  7]: S-1-5-32-544
   SID[  8]: S-1-5-32-545
   SID[  9]: S-1-1-0
   SID[ 10]: S-1-5-2
   SID[ 11]: S-1-5-11
  Privileges (0x        1FFFFF00):
   Privilege[  0]: SeTakeOwnershipPrivilege
   Privilege[  1]: SeBackupPrivilege
   Privilege[  2]: SeRestorePrivilege
   Privilege[  3]: SeRemoteShutdownPrivilege
   Privilege[  4]: SeSecurityPrivilege
   Privilege[  5]: SeSystemtimePrivilege
   Privilege[  6]: SeShutdownPrivilege
   Privilege[  7]: SeDebugPrivilege
   Privilege[  8]: SeSystemEnvironmentPrivilege
   Privilege[  9]: SeSystemProfilePrivilege
   Privilege[ 10]: SeProfileSingleProcessPrivilege
   Privilege[ 11]: SeIncreaseBasePriorityPrivilege
   Privilege[ 12]: SeLoadDriverPrivilege
   Privilege[ 13]: SeCreatePagefilePrivilege
   Privilege[ 14]: SeIncreaseQuotaPrivilege
   Privilege[ 15]: SeChangeNotifyPrivilege
   Privilege[ 16]: SeUndockPrivilege
   Privilege[ 17]: SeManageVolumePrivilege
   Privilege[ 18]: SeImpersonatePrivilege
   Privilege[ 19]: SeCreateGlobalPrivilege
   Privilege[ 20]: SeEnableDelegationPrivilege
  Rights (0x             403):
   Right[  0]: SeInteractiveLogonRight
   Right[  1]: SeNetworkLogonRight
   Right[  2]: SeRemoteInteractiveLogonRight
[2012/06/05 17:05:23.184723,  5]
../source3/auth/token_util.c:528(debug_unix_user_token)
 UNIX token of user 0
 Primary group is 100 and contains 11 supplementary groups
 Group[  0]: 100
 Group[  1]: 3000008
 Group[  2]: 3000009
 Group[  3]: 3000010
 Group[  4]: 3000011
 Group[  5]: 3000012
 Group[  6]: 4
 Group[  7]: 3000000
 Group[  8]: 3000001
 Group[  9]: 3000002
 Group[ 10]: 3000003
[2012/06/05 17:05:23.184994,  5]
../source3/smbd/uid.c:273(change_to_user_internal)
 Impersonated user: uid=(0,0), gid=(0,100)
[2012/06/05 17:05:23.185048,  4] ../source3/smbd/sec_ctx.c:315(set_sec_ctx)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/05 17:05:23.185093,  5]
../libcli/security/security_token.c:53(security_token_debug)
 Security token: (NULL)
[2012/06/05 17:05:23.185135,  5]
../source3/auth/token_util.c:528(debug_unix_user_token)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2012/06/05 17:05:23.185202,  5]
../source3/smbd/uid.c:343(smbd_change_to_root_user)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2012/06/05 17:05:23.185477,  1]
../source3/smbd/service.c:880(make_connection_snum)
 10.0.1.81 (ipv4:10.0.1.81:49209) connect to service netlogon
initially as user TESTDOM\Administrator (uid=0, gid=100) (pid 26123)
[2012/06/05 17:05:23.186803,  4] ../source3/smbd/sec_ctx.c:315(set_sec_ctx)
 setting sec ctx (0, 100) - sec_ctx_stack_ndx = 0
[2012/06/05 17:05:23.186856,  5]
../libcli/security/security_token.c:63(security_token_debug)
 Security token SIDs (12):
   SID[  0]: S-1-5-21-97711526-666453636-1641050529-500
   SID[  1]: S-1-5-21-97711526-666453636-1641050529-513
   SID[  2]: S-1-5-21-97711526-666453636-1641050529-520
   SID[  3]: S-1-5-21-97711526-666453636-1641050529-572
   SID[  4]: S-1-5-21-97711526-666453636-1641050529-519
   SID[  5]: S-1-5-21-97711526-666453636-1641050529-518
   SID[  6]: S-1-5-21-97711526-666453636-1641050529-512
   SID[  7]: S-1-5-32-544
   SID[  8]: S-1-5-32-545
   SID[  9]: S-1-1-0
   SID[ 10]: S-1-5-2
   SID[ 11]: S-1-5-11
  Privileges (0x        1FFFFF00):
   Privilege[  0]: SeTakeOwnershipPrivilege
   Privilege[  1]: SeBackupPrivilege
   Privilege[  2]: SeRestorePrivilege
   Privilege[  3]: SeRemoteShutdownPrivilege
   Privilege[  4]: SeSecurityPrivilege
   Privilege[  5]: SeSystemtimePrivilege
   Privilege[  6]: SeShutdownPrivilege
   Privilege[  7]: SeDebugPrivilege
   Privilege[  8]: SeSystemEnvironmentPrivilege
   Privilege[  9]: SeSystemProfilePrivilege
   Privilege[ 10]: SeProfileSingleProcessPrivilege
   Privilege[ 11]: SeIncreaseBasePriorityPrivilege
   Privilege[ 12]: SeLoadDriverPrivilege
   Privilege[ 13]: SeCreatePagefilePrivilege
   Privilege[ 14]: SeIncreaseQuotaPrivilege
   Privilege[ 15]: SeChangeNotifyPrivilege
   Privilege[ 16]: SeUndockPrivilege
   Privilege[ 17]: SeManageVolumePrivilege
   Privilege[ 18]: SeImpersonatePrivilege
   Privilege[ 19]: SeCreateGlobalPrivilege
   Privilege[ 20]: SeEnableDelegationPrivilege
  Rights (0x             403):
   Right[  0]: SeInteractiveLogonRight
   Right[  1]: SeNetworkLogonRight
   Right[  2]: SeRemoteInteractiveLogonRight
[2012/06/05 17:05:23.187410,  5]
../source3/auth/token_util.c:528(debug_unix_user_token)
 UNIX token of user 0
 Primary group is 100 and contains 11 supplementary groups
 Group[  0]: 100
 Group[  1]: 3000008
 Group[  2]: 3000009
 Group[  3]: 3000010
 Group[  4]: 3000011
 Group[  5]: 3000012
 Group[  6]: 4
 Group[  7]: 3000000
 Group[  8]: 3000001
 Group[  9]: 3000002
 Group[ 10]: 3000003
[2012/06/05 17:05:23.187618,  5]
../source3/smbd/uid.c:273(change_to_user_internal)
 Impersonated user: uid=(0,0), gid=(0,100)
[2012/06/05 17:05:23.188608,  4] ../source3/smbd/uid.c:295(change_to_user)
 Skipping user change - already user

Comment 1 Brendan Powers 2012-06-28 21:05:14 UTC

This same issue occurs with NTVFS on beta2. I did not test NTVFS on Alpha21, and Beta1, so I can't confirm if it also happened on those versions.

Comment 2 Björn Jacke 2020-05-09 11:12:44 UTC

closing, s4 beta and ntvfs are past