Ubuntu
gvfs package

gvfsd-smb mounting requires / to be accessible to the user and should not

Bug #223372 reported by mikelehen
6
Affects Status Importance Assigned to Milestone
gvfs
Fix Released
Medium
gvfs (Ubuntu)
Fix Released
High
Ubuntu Desktop Bugs
Hardy
Invalid
High
Ubuntu Desktop Bugs

Bug Description

Binary package hint: gvfs

This may be the root cause for 206439 and/or 209520.

Repro steps:
1) apt-get install samba gvfs-bin
2) Set a samba password for yourself: sudo smbpasswd <your username>
3) Add a share to your smb.conf like so:
[foo]
    path = /tmp/foo
    guest ok = yes

4) mkdir /tmp/foo
5) chmod 700 /tmp/foo (so the guest account doesn't have permission to access the share)
6) gvfs-mount smb://<server name>/foo
    Enter your username and password when prompted.

Expected behavior: for the share to be mounted successfully using the credentials you specified.
Actual behavior: You get "Error mounting location: Failed to mount Windows share"

Note: If you set "guest ok = no" for the share, then it mounts successfully.
Also: Using smbclient works fine, as does accessing the share from a Windows machine.

I'm no SMB expert, but I took a quick packet trace. With "guest ok = no" (the working case), I see the following exchange ("AARDVARK" is my server name, "youngoat" is my username):

 --> Session Setup AndX Request, User: anonymous
 <-- Session Setup AndX Response (STATUS_SUCCESS)
 --> Tree Connect AndX Request, Path: \\AARDVARK\FOO
 <-- Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED
 [I get prompted for username / password]
 --> Session Startup AndX Request, NTLMSSP_NEGOTIATE
 <-- Session Startup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
 --> Session Startup AndX Request, NTLMSSP_AUTH, User: WORKGROUP\youngoat
 <-- Session Startup AndX Response (STATUS_SUCCESS)
 --> Tree Connect AndX Request, Path: \\AARDVARK\FOO
 <-- Tree Connect AndX Response (STATUS_SUCCESS)
 --> Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path:
 <-- Trans2 Response, QUERY_PATH_INFO (STATUS_SUCCESS)

If I set "guest ok = yes" (the broken case), I see the following exchange:

 --> Session Setup AndX Request, User: anonymous
 <-- Session Setup AndX Response, STATUS_SUCCESS
 -->Tree Connect AndX Request, Path: \\AARDVARK\FOO
 <-- Tree Connect AndX Response (STATUS_SUCCESS)
 --> Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path:
 <-- Trans2 Response, QUERY_PATH_INFO, Error: STATUS_NETWORK_ACCESS_DENIED
[I get prompted for username / password]
 --> Session Startup AndX Request, NTLMSSP_NEGOTIATE
 <-- Session Startup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
 --> Session Startup AndX Request, NTLMSSP_AUTH, User: WORKGROUP\youngoat
 <-- Session Startup AndX Response (STATUS_SUCCESS)
 --> Tree Connect AndX Request, Path: \\AARDVARK\FOO
 <-- Tree Connect AndX Response (STATUS_SUCCESS)
 --> Tree Disconnect Request
 <-- Tree Disconnect Response (STATUS_SUCCESS)

The difference seems to be that with "guest account = yes" (the broken case):
1) Instead of the anonymous attempt failing at "Tree Connect", it fails at "Trans2 Request, QUERY_PATH_INFO."
2) Then after it authenticates with my credentials (WORKGROUP\youngoat) successfully, it *DOESN't* try to do a "Trans2 Request, QUERY_PATH_INFO".

I suspect this last item is the issue. I don't know why it immediately does a "Tree Disconnect Request" instead of doing "Trans2 Request QUERY_PATH_INFO".

Hopefully this is enough information to track down the bug, but please let me know if there's anything else I can provide.

Revision history for this message
mikelehen (mikelehen) wrote :

Oops. When I said "guest account = yes" in the 3rd to last paragraph, I of course meant "guest ok = yes"

Revision history for this message
mikelehen (mikelehen) wrote :

Oh, and this is on ubuntu 8.04:

gvfs 0.2.3-0ubuntu4
samba 3.0.28a-1ubuntu4

Revision history for this message
Peter Kerekfy (kerekfyp) wrote :

I have a very similar problem:

Given a samba share on debian server which allows READ ONLY access to anonymous and READ WRITE access to my named user: kpeter.

There is no way to write on this share because gvfs always connects as anonymous, there is no way to specify my user/pass.

If I mount manually with explicit username things became stanger:

Let say:
$ gvfs-mount smb://kpeter@duron/projects/

It works, I can see the mounted share on my desktop.
$ gvfs-mount -l
Mount(0): projects ezen: duron -> smb://duron/projects/

After opening the share with nautilus a second mount appears on the desktop:
$ gvfs-mount -l
Mount(0): projects ezen: duron -> smb://duron/projects/
Mount(1): projects ezen: duron -> smb://duron/projects/

I think that this second mount is anonymous and it is very bad...

Revision history for this message
Sebastien Bacher (seb128) wrote :

There is 2 different issues there most likely, one is http://bugzilla.gnome.org/show_bug.cgi?id=529365 which is about the credential used, the other one is http://bugzilla.gnome.org/show_bug.cgi?id=529277 which is that the mounting fails if the / directory is no accessible to the user on the server, which seems to be the issue described there

Changed in gvfs:
assignee: nobody → desktop-bugs
importance: Undecided → High
milestone: none → ubuntu-8.04.1
status: New → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in gvfs:
status: Unknown → New
Sebastien Bacher (seb128)
Changed in gvfs:
assignee: nobody → desktop-bugs
importance: Undecided → High
status: New → Confirmed
Steve Langasek (vorlon)
Changed in gvfs:
milestone: none → ubuntu-8.04.1
milestone: ubuntu-8.04.1 → none
Revision history for this message
Sebastien Bacher (seb128) wrote :

does using smbclient works on the broken configuration? we did some testing and it doesn't success to use the directory either

Steve Langasek (vorlon)
Changed in gvfs:
milestone: ubuntu-8.04.1 → none
Revision history for this message
mikelehen (mikelehen) wrote :

Sorry for the very late reply, but I just double-checked and yes this definitely works with smbclient:

youngoat@aardvark:~$ smbclient //aardvark/foo
Password: < I enter my password >
Domain=[AARDVARK] OS=[Unix] Server=[Samba 3.0.28a]
smb: \>

My system is fully up-to-date.

Bug Watch Updater (bug-watch-updater)
Changed in gvfs:
status: New → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote :

could you try if that's still an issue in intrepid or jaunty?

Changed in gvfs:
status: Triaged → Incomplete
Revision history for this message
Sebastien Bacher (seb128) wrote :

that should be fixed in jaunty, closing the bug, you can reopen if you still get the issue though

Changed in gvfs:
status: Incomplete → Fix Released
Cosmox101 (gerardolcuesta)
Changed in gvfs (Ubuntu):
status: Fix Released → Confirmed
Revision history for this message
Chris Coulson (chrisccoulson) wrote :

Cosmox101 - please don't just randomly change the bug status without leaving any explanation or comment

Changed in gvfs (Ubuntu):
status: Confirmed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in gvfs:
importance: Unknown → Medium
Revision history for this message
Mörgæs (moergaes) wrote :

Closing as this concerns an obsolete release of Ubuntu.
If the problem persists in the latest release please open a new report.

Changed in gvfs (Ubuntu Hardy):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.