samba в sarge, security=server и пробемы
Добрый день!
Черт дернул меня обновляться с woody до sarge. После
апгрейда немного потестил со своей машины - все вроде как
работает, а сегодня пришел на работу и вот такая фигня
твориться - некоторые юзеры не могут даже посмотреть список
шар на моей самбе - нет доступа и такой запрос не
поддерживается. И это не на всех машинах, а на некоторых,
2003, ХР, 2000. Сама самба не в домене, просто security = server
Мне кажется так проще и легче. Сейчас сервер честично не рабочий.
Ранее обновлял еще одну машину, но там самба не так нагружена как
на этом сервере, поэтому эту проблему вовремя не увидел.
Т.е. на 2х серверах одинаковые проблемы.
Что у меня наворочено:
/etc/samba/smb.conf
[global]
panic action = /usr/share/samba/panic-action %d
workgroup = JPKNEW
server string = %h
load printers = no
invalid users = root
max log size = 1000
syslog = 5
security = server
password server = station
encrypt passwords = yes
passdb backend = smbpasswd guest
socket options = TCP_NODELAY
local master = no
os level = 0
domain master = no
preferred master = no
wins support = no
wins server = 192.168.100.10
dns proxy = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
obey pam restrictions = yes
unix charset = koi8-r
dos charset = CP866
create mode = 644
directory mode = 755
log level = 3
username map = /etc/samba/username.map
[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700
[orig]
comment = Origs
path = /mount/big/orig
browseable = yes
writeable = yes
# public = yes
valid users = sova,yak01,gra,smi04,ter
create mode = 664
directory mode = 775
force group = +origrw
Вот такой вот конфиг - один в один с woody, ничего не
менял.
Прикол в том, что например пользователь admin с ХР может зайти
и все посмотреть, а пользователи yak01,smi04,ter c 2003 не
могут.
Увеличил log level до 5. Появилась вот такая байда:
[2006/05/10 10:24:46, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2006/05/10 10:24:46, 3] smbd/oplock.c:init_oplocks(1351)
[2006/05/10 10:24:46, 3] smbd/connection.c:yield_connection(76)
open_oplock_ipc: opening loopback UDP socket.
yield_connection: tdb_delete for name failed with error Record does not exist.
[2006/05/10 10:24:46, 3] smbd/oplock.c:init_oplocks(1382)
open_oplock ipc: pid = 13696, global_oplock_port = 35475
[2006/05/10 10:24:46, 3] smbd/process.c:process_smb(1091)
Transaction 0 of length 137
[2006/05/10 10:24:46, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 13696) conn 0x0
[2006/05/10 10:24:46, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/05/10 10:24:46, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2006/05/10 10:24:46, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2006/05/10 10:24:46, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Windows for Workgroups 3.1a]
[2006/05/10 10:24:46, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2006/05/10 10:24:46, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN2.1]
[2006/05/10 10:24:46, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [NT LM 0.12]
[2006/05/10 10:24:46, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2006/05/10 10:24:46, 3] smbd/negprot.c:reply_negprot(555)
Selected protocol NT LM 0.12
[2006/05/10 10:24:46, 3] smbd/process.c:process_smb(1091)
Transaction 1 of length 270
[2006/05/10 10:24:46, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 13696) conn 0x0
[2006/05/10 10:24:46, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/05/10 10:24:46, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2006/05/10 10:24:46, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2006/05/10 10:24:46, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2006/05/10 10:24:46, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2]
[2006/05/10 10:24:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2006/05/10 10:24:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 40
[2006/05/10 10:24:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe2088297
[2006/05/10 10:24:46, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.100.6 at port 445
[2006/05/10 10:24:46, 3] smbd/server.c:exit_server(652)
Server exit (process_smb: send_smb failed.)
[2006/05/10 10:24:47, 3] auth/auth_server.c:server_cryptkey(75)
connected to password server STATION
[2006/05/10 10:24:47, 3] auth/auth_server.c:server_cryptkey(100)
got session
[2006/05/10 10:24:47, 3] auth/auth_server.c:server_cryptkey(133)
password server OK
[2006/05/10 10:24:47, 3] auth/auth_server.c:auth_get_challenge_server(183)
using password server validation
[2006/05/10 10:24:47, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 270
[2006/05/10 10:24:47, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 13696) conn 0x0
[2006/05/10 10:24:47, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/05/10 10:24:47, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2006/05/10 10:24:47, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2006/05/10 10:24:47, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2006/05/10 10:24:47, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2]
[2006/05/10 10:24:47, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2006/05/10 10:24:47, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 40
[2006/05/10 10:24:47, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe2088297
[2006/05/10 10:24:47, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.100.6 at port 445
[2006/05/10 10:24:47, 3] auth/auth_server.c:server_cryptkey(75)
connected to password server STATION
[2006/05/10 10:24:47, 3] auth/auth_server.c:server_cryptkey(100)
got session
[2006/05/10 10:24:47, 3] auth/auth_server.c:server_cryptkey(133)
password server OK
[2006/05/10 10:24:47, 3] auth/auth_server.c:auth_get_challenge_server(183)
using password server validation
[2006/05/10 10:24:47, 3] smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
[2006/05/10 10:24:47, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/05/10 10:24:47, 2] smbd/server.c:exit_server(609)
Closing connections
[2006/05/10 10:24:47, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2006/05/10 10:24:47, 3] smbd/server.c:exit_server(652)
Server exit (normal exit)
[2006/05/10 10:24:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Ну думаю загуглю ка я вот это smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
и будет полный порядок, думал что 3я самба-то давно вышла и вылизана уже.
Курение гугла не момогло, проблема появляется, но решения нигде не нашел.
Может кто сталкивался с такой проблемой? ввести самбу в домен можно,
но не вижу смысла. Если это 100% поможет решить пробему - введу в домен.
--
Sova aka Ilya S. Sapytsky Don't worry, be happy!
Reply to: