Fedora
samba package

[jaunty] samba 3.3.2 denies access to roaming profiles

Bug #397699 reported by Mark Hannon
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Fedora)
Won't Fix
High
samba (Ubuntu)
Fix Released
Medium
Unassigned
Jaunty
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: samba

Faulty package = samba-2:3.3.2-1ubuntu3
Working package = samba-2:3.2.3-1ubuntu3 (from intrepid)

I recently upgraded my samba PDC from 8.10 to 9.04. After this upgrade, roaming profiles which had been working for a number of years with this configuration started to fail.

The windows clients complained of 'ACCESS DENIED' and permission problems.

Reviewing the changelog for samba I noted that 3.3.2 introduced a fix:
  * debian/patches/fix-upstream-bug-6186.patch: Fix for data loss
    with roaming profiles. (https://bugzilla.samba.org/show_bug.cgi?id=6186)

I reverted to the samba version from intrepid and roaming profiles are working again.

Further information:

From smb.conf:

        [profile]
 comment = Windows User profiles
 path = /home
 read only = no
 profile acls = Yes
 create mask = 0600
 directory mask = 0700
 browseable = No

I store my profiles under the user $HOME as ~/.WinXP or ~/.Vista.V2 depending upon the client version.

Revision history for this message
In , Alexandre (alexandre-redhat-bugs) wrote :

Description of problem:

Version-Release number of selected component (if applicable):
Samba 3.3.2-0.33.fc11
Fedora Core 11 with all update

How reproducible:
Ever

Steps to Reproduce:
1. Start samba as PDC (nmb, smb)
2. Login from windows
3. Error writing roaming profile

Actual results:
Not update roaming profile

Expected results:
update roaming profile

Additional info:
After upgrade to fedora 11 i don't upgrade my roaming profile from Windows XP station. I have this message:

Your roaming profile is not available. You
are logged on with the locally stored
profile. Changes to the profile will not be
copied to the server. Possible causes of
this error include network problems or
insufficient security rights. If this problem
persists, contact your network
administrator.

DETAIL - Access is denied.

My configuration is exactly the same of fedora 10

More detail in:
http://forums.fedoraforum.org/showthread.php?p=1234918#post1234918

PS: Excuse my poor english!

Wouter Stomp (wouterstomp-deactivatedaccount)
tags: added: regression-release
Revision history for this message
In , Guenther (guenther-redhat-bugs) wrote :

This is fixed with
samba-3.4.0-0.39.fc11 which has been submitted as an update candidate for Fedora 11.
http://admin.fedoraproject.org/updates/samba-3.4.0-0.39.fc11

Could you please verify and provide feedback there ?

Revision history for this message
In , Alexandre (alexandre-redhat-bugs) wrote :

This release fix the problem !!!
But ... is needed libtalloc 1.3.1 from fedora update testing repository, else smb do not start and testparm show this error:
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
testparm: symbol lookup error: testparm: undefined symbol: _talloc_get_type_abort

Thank you!

Revision history for this message
Thierry Carrez (ttx) wrote :

I'm not sure the specific "map readonly" fix is the cause of the issue.

Could you be more precise on how the configuration started to fail ? What specific errors you get ? Any sure way to reproduce the issue ? Anything showing in the samba log files ?

Changed in samba (Ubuntu):
status: New → Incomplete
Revision history for this message
Mark Hannon (markhannon) wrote : RE: [Bug 397699] Re: samba fixes for roaming profiles introduce regressions
Download full text (3.7 KiB)

Hi Thierry,

With the jaunty samba the failure mode was shown by the inability of
the windows client to download the user's windows profile.

On a WindowsXP client, when the user HOME.LAN\thomas logged in he was
shown a popup warning about unavailable roaming profile and a
temporary profile was created. In the windows event log the
following details were shown.

   Event Type: Error
   Event Source: Userenv
   Event Category: None
   Event ID: 1506
   Date: 9/07/2009
   Time: 9:28:06 AM
   User: HOME.LAN\thomas
   Computer: PUTTE
   Description:
   Your roaming profile is not available. You are logged on with the
   locally stored profile. Changes to the profile will not be copied to
   the server. Possible causes of this error include network problems or
   insufficient security rights. If this problem persists, contact your
   network administrator.

    DETAIL - Access is denied.

     For more information, see Help and Support Center at
      http://go.microsoft.com/fwlink/events.asp.

Checking the samba server logs at the same time shows nothing unusual:

  [2009/07/09 09:48:11, 1] smbd/service.c:make_connection_snum(1111)
    tbird (192.168.1.5) connect to service profile initially as user thomas (uid=1003, gid=1003) (pid 937)
  [2009/07/09 09:48:46, 1] smbd/service.c:close_cnum(1323)
    tbird (192.168.1.5) closed connection to service profile
  [2009/07/09 09:48:46, 1] smbd/service.c:make_connection_snum(1111)
    tbird (192.168.1.5) connect to service netlogon initially as user thomas (uid=1003, gid=1003) (pid 940)
  [2009/07/09 09:48:46, 1] smbd/service.c:make_connection_snum(1111)
    tbird (192.168.1.5) connect to service thomas initially as user thomas (uid=1003, gid=1003) (pid 940)
  [2009/07/09 09:48:51, 1] smbd/service.c:make_connection_snum(1111)
    tbird (192.168.1.5) connect to service profile initially as user thomas (uid=1003, gid=1003) (pid 940)

The samba server is the PDC for the HOME.LAN domain.

HOME.LAN\thomas is a non priveleged user

  Z:\>net user /domain thomas
  The request will be processed at a domain controller for domain HOME.LAN.

  User name thomas
  Full Name Thomas Hannon
  Comment
  User's comment
  Country code 000 (System Default)
  Account active Yes
  Account expires Never

  Password last set 2/18/2009 7:05 AM
  Password expires Never
  Password changeable 2/18/2009 7:05 AM
  Password required Yes
  User may change password Yes

  Workstations allowed All
  Logon script thomas.bat
  User profile \\hal\profile\thomas\.WinXP
  Home directory \\hal\profile\thomas\.WinXP
  Last logon Never

  Logon hours allowed All

  Local Group Memberships
  Global Group memberships *Domain Users
  The command completed successfully.

To test this scenario remove the roaming profile completely from a
windows client and attempt a login.

Regards/Mark

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Thierry Carrez
Sent: Tuesday, 21 July 2009 ...

Read more...

Thierry Carrez (ttx)
summary: - samba fixes for roaming profiles introduce regressions
+ [jaunty] samba 3.3.2 denies access to roaming profiles
Changed in samba (Ubuntu):
status: Incomplete → New
Bug Watch Updater (bug-watch-updater)
Changed in samba (Fedora):
status: Unknown → In Progress
Revision history for this message
Thierry Carrez (ttx) wrote :

Probably fixed in 3.3.4, interesting workaround suggestions in http://forums.fedoraforum.org/showthread.php?p=1228623

Changed in samba (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Thierry Carrez (ttx) wrote :

I'll try to prepare a patched version of samba with Simo Sorce's patch for testing in my jaunty PPA. Do you think you'd be able to test that ?

Revision history for this message
Mark Hannon (markhannon) wrote : RE: [Bug 397699] Re: [jaunty] samba 3.3.2 denies access to roaming profiles

Of course. Give me a shout when it's ready.
Rgds/mark

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Thierry Carrez
Sent: Monday, 27 July 2009 10:58 PM
To: <email address hidden>
Subject: [Bug 397699] Re: [jaunty] samba 3.3.2 denies access to roaming profiles

I'll try to prepare a patched version of samba with Simo Sorce's patch
for testing in my jaunty PPA. Do you think you'd be able to test that ?

** Attachment added: "posix_acls.c.patch"
   http://launchpadlibrarian.net/29569375/posix_acls.c.patch

--
[jaunty] samba 3.3.2 denies access to roaming profiles
https://bugs.launchpad.net/bugs/397699
You received this bug notification because you are a direct subscriber
of the bug.

Revision history for this message
Thierry Carrez (ttx) wrote :

Could you test samba_3.3.2-1ubuntu3.1~ppa1 from my PPA at:
https://launchpad.net/~ttx/+archive/ppa
Thanks !

Revision history for this message
Mark Hannon (markhannon) wrote :

Tested PPA package with several users, both normal and members of the 'Domain Administrators' group and
with both Windows XP and Vista clients. Roaming profiles working properly again.

Thanks,
Mark

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Thierry Carrez
Sent: Tuesday, 28 July 2009 12:10 AM
To: <email address hidden>
Subject: [Bug 397699] Re: [jaunty] samba 3.3.2 denies access to roaming profiles

Could you test samba_3.3.2-1ubuntu3.1~ppa1 from my PPA at:
https://launchpad.net/~ttx/+archive/ppa
Thanks !

--
[jaunty] samba 3.3.2 denies access to roaming profiles
https://bugs.launchpad.net/bugs/397699
You received this bug notification because you are a direct subscriber
of the bug.

Revision history for this message
Thierry Carrez (ttx) wrote :

Thanks Mark for this invaluable testing ! We might need your help again to test jaunty-proposed packages, as it's a non-trivial setup to test :)

Marking this fixed in development release (as 3.4.x contains the fix), and nominating for a Jaunty SRU.

Changed in samba (Ubuntu):
status: Confirmed → Fix Released
Changed in samba (Ubuntu Jaunty):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
In , Andrew (andrew-redhat-bugs) wrote :

I can only reiterate Alexandre. I am running Fedora core 11 and all of a sudden, on 14th October, samba stop working. I looked all over the internet and could not find a solution until I came here. I had the same error when running testparm.

I ran yum update libtalloc and it resolved the problem. I can only assume that there was a bug in an update that I picked up that date.

Revision history for this message
Chuck Short (zulcss) wrote :

This should already be fixed for jaunty.

Regards
chuck

Changed in samba (Ubuntu Jaunty):
status: Triaged → Fix Released
Revision history for this message
In , Bug (bug-redhat-bugs) wrote :

This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 11 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Revision history for this message
In , Bug (bug-redhat-bugs) wrote :

Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Bug Watch Updater (bug-watch-updater)
Changed in samba (Fedora):
importance: Unknown → High
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.