[Pkg-samba-maint] Bug#633651: Bug#633651: samba: Regression after security update - linux client unable to delete files

Peter Tuhársky tuharsky at misbb.sk
Wed Jul 13 06:29:34 UTC 2011

Hallo, Christian

thank You for quick response.

During 8+ years of contact with reporting systems, I have learned that
excesive log/config postings are seldom invited for first glance.
Maintainer usually asks for the very piece of information he needs.
Moreover, the bug could already be known somehow.

I will of course provide any information needed.

Samba operates in security = domain and takes the records from OpenLDAP,
if this is what You asked. Under the term "samba client" I meant other
Debian Squeeze or Ubuntu 11.04 machine, fully updated.

Please, send me an example of command, how to correctly downgrade the
whole samba.

Yes, I have investigated the logs and found nothing special (although I
don't understand how is the SID supposedly "invalid".)

Here I connected to share, created the file and attempted to delete
(failed with "Permission denied"):

[2011/07/13 08:04:13.493244,  2] smbd/sesssetup.c:1391(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2011/07/13 08:04:13.521472,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [zalohydata] ->
[zalohydata] -> [zalohydata] succeeded
[2011/07/13 08:04:13.521737,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2011/07/13 08:04:13.523745,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: zalohydata
[2011/07/13 08:04:13.524448,  2]
  init_group_from_ldap: Entry found for group: 10014
[2011/07/13 08:04:13.524779,  2]
  init_group_from_ldap: Entry found for group: 10014
[2011/07/13 08:04:13.525612,  0] passdb/passdb.c:627(lookup_global_sam_name)
  User zalohydata with invalid SID
S-1-5-21-2222734727-3523169228-4078589058-21129 in passdb
[2011/07/13 08:04:13.528430,  2] lib/access.c:406(check_access)
  Allowed connection from  (::ffff:
[2011/07/13 08:04:13.531242,  1] smbd/service.c:1070(make_connection_snum)
  __ffff_10.2.2.1 (::ffff: connect to service zalohyhome
initially as user zalohydata (uid=10129, gid=10014) (pid 7784)
[2011/07/13 08:04:22.498552,  2] smbd/open.c:633(open_file)
  zalohydata opened file test.txt read=No write=Yes (numopen=1)
[2011/07/13 08:04:22.499191,  2] smbd/close.c:656(close_normal_file)
  zalohydata closed file test.txt (numopen=0) NT_STATUS_OK
[2011/07/13 08:04:27.612872,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: zalohydata
[2011/07/13 08:05:33.298169,  1] smbd/service.c:1251(close_cnum)
  __ffff_10.2.2.1 (::ffff: closed connection to service zalohyhome


Dňa 12.07.2011 18:51, Christian PERRIER  wrote / napísal(a):
> Quoting tuharsky (tuharsky at misbb.sk):
>> Package: samba
>> Version: 2:3.5.6~dfsg-3squeeze4
>> Severity: important
>> Recently I have installed security upgrade that has replaced version ...squeeze2 by ...squeeze4. I have not run the installation automatic script over samba config files because they are split to several parts.
>> Now I cannot delete any file from samba share using linux samba client, even the file that has been created by the same user and the same client just before. I don't use any extended ACLs, sticky bits or so.
> Have you tried investigating in the log files of the samba server
> before reporting this "regression"?
> As we'requite far away from having divination skills, there is no way
> we can help with so few information. 
> No idea about the context (operation mode of the samba server, for
> instance...or what is "linux samba client"). No log information. No
> mention of attempting to revert to squeeze2...
> We really can't do anything with that bug report, sorry.

More information about the Pkg-samba-maint mailing list