When accessing a share from a Windows 7 or Windows Server 2008 R2 computer not joined to the domain, the user receives the error "The parameter is incorrect". If the same machine is then joined to the domain, the user is able to browse the share as expected. I similar but related issue also occurs on Windows XP computers. When accessing a share the user can browse normally. However I have observed two odd behaviors. The first, and most common is that the security tab does not appear when a file is right clicked and properties is selected. The other, less common behavior is that the security tab appears, and the user is able to view permissions. However, upon clicking the button to add a new permission, an error dialog appears with the message "The parameter is incorrect". Andrew Bartlett suggested this may be related to bug #8630. Tested Samba Versions: Alpha21, Beta1 with S3FS enabled Test Windows Versions: Windows 7, Windows 2008 R2, Windows XP Steps to reproduce: 2) Check out samba4 Beta1 3) Configure with: ./configure.developer --enable-fhs --prefix=/usr/local/ --with-syslog --with-logfilebase=/var/log/samba --enable-cups --with-pam --with-acl-support 4) Provision with: provision --realm=testdom.lan --domain=TESTDOM --adminpass=AdminPw123 --server-role=dc 5) Configure bind 9.8 do use the DLZ plugin and dynamic updates. 6) Create a new share in smb.conf, and it's associated folder. 7) From a Windows 7 computer that is not joined to the domain, browse to the server and click on the share. You should see an error pop up with the message "The parameter is incorrect". 8) Join the computer to the domain, and re-try step 7. There should be no error, and you can browse the share normally. Here is the debug output from smbd on debug level 6. [2012/06/05 17:05:22.862073, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user [2012/06/05 17:05:22.864062, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user [2012/06/05 17:05:23.131296, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user [2012/06/05 17:05:23.153535, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user [2012/06/05 17:05:23.157871, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user [2012/06/05 17:05:23.161065, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user [2012/06/05 17:05:23.163268, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user [2012/06/05 17:05:23.166431, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user [2012/06/05 17:05:23.168276, 4] ../source3/smbd/sec_ctx.c:315(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/05 17:05:23.168547, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/05 17:05:23.168699, 5] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/05 17:05:23.169007, 5] ../source3/smbd/uid.c:343(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/05 17:05:23.169302, 3] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.0.1.81 (10.0.1.81) [2012/06/05 17:05:23.169783, 3] ../source3/smbd/service.c:631(make_connection_snum) Connect path is '/usr/local/var/lib/samba/sysvol/testdom.lan/scripts' for service [netlogon] [2012/06/05 17:05:23.170265, 3] ../source3/smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2012/06/05 17:05:23.170452, 3] ../source3/smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2012/06/05 17:05:23.170721, 3] ../source3/smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [acl_xattr] [2012/06/05 17:05:23.170919, 5] ../source3/smbd/vfs.c:168(vfs_init_custom) vfs module [acl_xattr] not loaded - trying to load... [2012/06/05 17:05:23.172003, 5] ../lib/util/modules.c:174(do_smb_load_module) Loading module 'acl_xattr' [2012/06/05 17:05:23.172172, 5] ../lib/util/modules.c:188(do_smb_load_module) Loading module 'acl_xattr': Trying to load from /usr/local/lib/samba/vfs/acl_xattr.so [2012/06/05 17:05:23.181741, 2] ../lib/util/modules.c:198(do_smb_load_module) Module 'acl_xattr' loaded [2012/06/05 17:05:23.182123, 5] ../source3/smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'acl_xattr' Successfully loaded vfs module [acl_xattr] with the new modules system [2012/06/05 17:05:23.182592, 5] ../source3/smbd/connection.c:158(claim_connection) claiming [netlogon] [2012/06/05 17:05:23.182664, 5] ../lib/dbwrap/dbwrap.c:156(dbwrap_check_lock_order) used=0, lock_order=1, idx=7 [2012/06/05 17:05:23.182809, 2] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service netlogon [2012/06/05 17:05:23.183585, 5] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 784 - private_data=0x9cc0b30 [2012/06/05 17:05:23.184011, 4] ../source3/smbd/sec_ctx.c:315(set_sec_ctx) setting sec ctx (0, 100) - sec_ctx_stack_ndx = 0 [2012/06/05 17:05:23.184084, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (12): SID[ 0]: S-1-5-21-97711526-666453636-1641050529-500 SID[ 1]: S-1-5-21-97711526-666453636-1641050529-513 SID[ 2]: S-1-5-21-97711526-666453636-1641050529-520 SID[ 3]: S-1-5-21-97711526-666453636-1641050529-572 SID[ 4]: S-1-5-21-97711526-666453636-1641050529-519 SID[ 5]: S-1-5-21-97711526-666453636-1641050529-518 SID[ 6]: S-1-5-21-97711526-666453636-1641050529-512 SID[ 7]: S-1-5-32-544 SID[ 8]: S-1-5-32-545 SID[ 9]: S-1-1-0 SID[ 10]: S-1-5-2 SID[ 11]: S-1-5-11 Privileges (0x 1FFFFF00): Privilege[ 0]: SeTakeOwnershipPrivilege Privilege[ 1]: SeBackupPrivilege Privilege[ 2]: SeRestorePrivilege Privilege[ 3]: SeRemoteShutdownPrivilege Privilege[ 4]: SeSecurityPrivilege Privilege[ 5]: SeSystemtimePrivilege Privilege[ 6]: SeShutdownPrivilege Privilege[ 7]: SeDebugPrivilege Privilege[ 8]: SeSystemEnvironmentPrivilege Privilege[ 9]: SeSystemProfilePrivilege Privilege[ 10]: SeProfileSingleProcessPrivilege Privilege[ 11]: SeIncreaseBasePriorityPrivilege Privilege[ 12]: SeLoadDriverPrivilege Privilege[ 13]: SeCreatePagefilePrivilege Privilege[ 14]: SeIncreaseQuotaPrivilege Privilege[ 15]: SeChangeNotifyPrivilege Privilege[ 16]: SeUndockPrivilege Privilege[ 17]: SeManageVolumePrivilege Privilege[ 18]: SeImpersonatePrivilege Privilege[ 19]: SeCreateGlobalPrivilege Privilege[ 20]: SeEnableDelegationPrivilege Rights (0x 403): Right[ 0]: SeInteractiveLogonRight Right[ 1]: SeNetworkLogonRight Right[ 2]: SeRemoteInteractiveLogonRight [2012/06/05 17:05:23.184723, 5] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 100 and contains 11 supplementary groups Group[ 0]: 100 Group[ 1]: 3000008 Group[ 2]: 3000009 Group[ 3]: 3000010 Group[ 4]: 3000011 Group[ 5]: 3000012 Group[ 6]: 4 Group[ 7]: 3000000 Group[ 8]: 3000001 Group[ 9]: 3000002 Group[ 10]: 3000003 [2012/06/05 17:05:23.184994, 5] ../source3/smbd/uid.c:273(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,100) [2012/06/05 17:05:23.185048, 4] ../source3/smbd/sec_ctx.c:315(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/05 17:05:23.185093, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/05 17:05:23.185135, 5] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/05 17:05:23.185202, 5] ../source3/smbd/uid.c:343(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/05 17:05:23.185477, 1] ../source3/smbd/service.c:880(make_connection_snum) 10.0.1.81 (ipv4:10.0.1.81:49209) connect to service netlogon initially as user TESTDOM\Administrator (uid=0, gid=100) (pid 26123) [2012/06/05 17:05:23.186803, 4] ../source3/smbd/sec_ctx.c:315(set_sec_ctx) setting sec ctx (0, 100) - sec_ctx_stack_ndx = 0 [2012/06/05 17:05:23.186856, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (12): SID[ 0]: S-1-5-21-97711526-666453636-1641050529-500 SID[ 1]: S-1-5-21-97711526-666453636-1641050529-513 SID[ 2]: S-1-5-21-97711526-666453636-1641050529-520 SID[ 3]: S-1-5-21-97711526-666453636-1641050529-572 SID[ 4]: S-1-5-21-97711526-666453636-1641050529-519 SID[ 5]: S-1-5-21-97711526-666453636-1641050529-518 SID[ 6]: S-1-5-21-97711526-666453636-1641050529-512 SID[ 7]: S-1-5-32-544 SID[ 8]: S-1-5-32-545 SID[ 9]: S-1-1-0 SID[ 10]: S-1-5-2 SID[ 11]: S-1-5-11 Privileges (0x 1FFFFF00): Privilege[ 0]: SeTakeOwnershipPrivilege Privilege[ 1]: SeBackupPrivilege Privilege[ 2]: SeRestorePrivilege Privilege[ 3]: SeRemoteShutdownPrivilege Privilege[ 4]: SeSecurityPrivilege Privilege[ 5]: SeSystemtimePrivilege Privilege[ 6]: SeShutdownPrivilege Privilege[ 7]: SeDebugPrivilege Privilege[ 8]: SeSystemEnvironmentPrivilege Privilege[ 9]: SeSystemProfilePrivilege Privilege[ 10]: SeProfileSingleProcessPrivilege Privilege[ 11]: SeIncreaseBasePriorityPrivilege Privilege[ 12]: SeLoadDriverPrivilege Privilege[ 13]: SeCreatePagefilePrivilege Privilege[ 14]: SeIncreaseQuotaPrivilege Privilege[ 15]: SeChangeNotifyPrivilege Privilege[ 16]: SeUndockPrivilege Privilege[ 17]: SeManageVolumePrivilege Privilege[ 18]: SeImpersonatePrivilege Privilege[ 19]: SeCreateGlobalPrivilege Privilege[ 20]: SeEnableDelegationPrivilege Rights (0x 403): Right[ 0]: SeInteractiveLogonRight Right[ 1]: SeNetworkLogonRight Right[ 2]: SeRemoteInteractiveLogonRight [2012/06/05 17:05:23.187410, 5] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 100 and contains 11 supplementary groups Group[ 0]: 100 Group[ 1]: 3000008 Group[ 2]: 3000009 Group[ 3]: 3000010 Group[ 4]: 3000011 Group[ 5]: 3000012 Group[ 6]: 4 Group[ 7]: 3000000 Group[ 8]: 3000001 Group[ 9]: 3000002 Group[ 10]: 3000003 [2012/06/05 17:05:23.187618, 5] ../source3/smbd/uid.c:273(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,100) [2012/06/05 17:05:23.188608, 4] ../source3/smbd/uid.c:295(change_to_user) Skipping user change - already user
This same issue occurs with NTVFS on beta2. I did not test NTVFS on Alpha21, and Beta1, so I can't confirm if it also happened on those versions.
closing, s4 beta and ntvfs are past