Ubuntu 16.04 LTS: SMBStatus shows wrong information

Bug #1736940 reported by Gonzalo Porcel Quero on 2017-12-07
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba4 (Ubuntu)
Undecided
Andreas Hasenack

Bug Description

This bug affects Samba 4.3.11 as provided in Ubuntu 16.04 LTS.

Smbstatus does not display correct information for users connected to my server.

This information is known to Samba as it is indeed correctly logged in samba audit module, which I have enabled and the log does show the correct username, group and host.

Here is an example of wrong smbstatus output:

Samba version 4.3.11-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------

21001 nobody nogroup 192.168.11.88 (ipv4:192.168.11.88:53625) Unknown (0x0311)

And here is what it would normally look like:

31691 fsmith marketing 192.168.11.88 (ipv4:192.168.11.88:52582) SMB2_10

If I read the issue correctly, this has already been patched and fixed upstream in in Samba 4.4.0 and higher

https://bugzilla.samba.org/show_bug.cgi?id=11472

Please provide feedback and a possible fix as we use smbstatus all the time to track open files and who they are opened by and for a quick view at opened samba shares.

Thank you.

affects: sddm (Ubuntu) → samba4 (Ubuntu)
ChristianEhrhardt (paelzer) wrote :

Hi Gonzalo,
first of all thank you that seems to be an issue and your help to make Ubuntu better is appreciated. We need to sort out if the change is acceptable as an SRU thou.

First of all the good news - it is not that all users would be broken:
$ sudo smbstatus
Samba version 4.3.11-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
31778 paelzer paelzer 10.7.0.49 (ipv4:10.7.0.49:48802) NT1
Service pid machine Connected at
-------------------------------------------------------
mediashare 31778 10.7.0.49 Fri Dec 8 10:07:03 2017

The linked bug suggests only SMB3_10 or SMB3_11 connections are affected.
I tried with various linux clients and forceing version 3 but never coudl reproduce.
Might i ask what client you use to trigger this issue?

Note: the upstream bug refers to the change affecting output which is meant to be parsed and therefore not meant to be changed in the stable releases. The same argument might affect us in backporting.

@Andreas - I subscribe you so you can consider this in the samba work

Changed in samba4 (Ubuntu):
status: New → Incomplete

Hi Christian,

Thanks for responding. All Windows 10 clients seem to be affected.

I linked to the upstream bug becasue it seemed similar enough, but I could be wrong and this could be a different issue.

I have Windows 7, Windows 10 and Linux clients in my network.

If you need me to perform specific tests, let me know and I will be glad to help.

Sample output of smbstatus:

22070 nobody nogroup 192.168.127.183 (ipv4:192.168.127.183:51550) Unknown (0x0311)
21555 nobody nogroup 192.168.127.159 (ipv4:192.168.127.159:62029) Unknown (0x0311)
21904 nobody nogroup 192.168.127.94 (ipv4:192.168.127.94:63630) Unknown (0x0311)
21514 nobody nogroup 192.168.127.102 (ipv4:192.168.127.102:21733) Unknown (0x0311)

Let me know if there are any other tests or logs that I can submit to help fix this issue.

Andreas Hasenack (ahasenack) wrote :

Taking a look.

Changed in samba4 (Ubuntu):
status: Incomplete → New
assignee: nobody → Andreas Hasenack (ahasenack)
Andreas Hasenack (ahasenack) wrote :

I can see something similar from an ubuntu artful client if I force protocol SMB3:
andreas@nsnx:~$ smbclient //10.0.100.215/ubuntu -U ubuntu%ubuntu -m SMB3
WARNING: The "syslog" option is deprecated
Domain=[XENIAL-SAMBA-SMBSTATUS-1737534] OS=[] Server=[]
smb: \>

server (xenial):
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
3553 ubuntu ubuntu 10.0.100.1 (ipv4:10.0.100.1:41196) Unknown (0x0311)

But just the protocol version is unknown: the username and group are correct.

How are your samba users managed? For this test I used the local tdb database, i.e., I just ran "sudo smbpasswd -a ubuntu" after a default install.

Changed in samba4 (Ubuntu):
status: New → Incomplete

Hi Andreas,

Firts of all, thank you so much for taking the time to respond.

My users are also locally managed and added with smbpasswd and when I print them with "pdbedit -L", they all appear correctly.

The users where imported from a system running Ubuntu 12.04 LTS and afterwards I had to clean up the db which I did by using the attached scripts.

In fact, share access is not a problem at all and the smbaudit module records all needed info correctly. For example:

Dec 13 14:30:56 nautilux smbd_audit: nasaudit|2017/12/13 14:30:56|asmith|192.168.127.196|hp-250-g5-6|UserData|open|ok|r|IMG_20171010_110718.jpg

These reasons lead me to believe that the samba database is OK.

If there is a test that you want me to run to validate correctness of the db, let me know.

Here is the other script I used during the migration.

Andreas Hasenack (ahasenack) wrote :

Sorry, I can't debug those scripts. I don't know why all your users show up as nobody/nogroup in smbstatus, maybe you have a force user setting in smb.conf or something like that?

Regarding the unknown protocol issue, that's a valid bug, but probably at a level of "low".

Hi Andreas,

I did not expect you to debug those scripts. I actually just left them there in the interest of full disclosure.

I have set up a complete VM with Ubuntu 16 LTS and I can reproduce the issue with two newly created users.

If Samba did not know who was writing or opening files, it would not be able to identify those users and log them correctly in the samba audit module.

The problem is not with the tdb database. I belive it is a bug with the way that "smbstatus" is parsing the information or something of that nature.

Thanks.

Andreas Hasenack (ahasenack) wrote :

But you can only reproduce it with windows 10 as the client, right? Not with smbclient and protocol SMB3?

Andreas Hasenack (ahasenack) wrote :

Here I used windows 10 home to access a samba server on ubuntu 16.04. At the moment this snapshot was taken, I had wordpad on windows open a file in the ubuntu share (/home/ubuntu):

root@xenial-samba-smbstatus-1737534:~# smbstatus

Samba version 4.3.11-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
479 ubuntu ubuntu 10.10.9.36 (ipv4:10.10.9.36:50694) Unknown (0x0311)

Service pid machine Connected at
-------------------------------------------------------
ubuntu 479 10.10.9.36 Sun Dec 17 17:24:06 2017

Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
479 1000 DENY_NONE 0x120089 RDONLY EXCLUSIVE+BATCH /home/ubuntu documento simples.odt Sun Dec 17 17:27:06 2017
479 1000 DENY_NONE 0x100081 RDONLY NONE /home/ubuntu . Sun Dec 17 17:26:47 2017
479 1000 DENY_NONE 0x100081 RDONLY NONE /home/ubuntu . Sun Dec 17 17:26:47 2017
479 1000 DENY_NONE 0x100081 RDONLY NONE /home/ubuntu . Sun Dec 17 17:26:47 2017

Username and group are correct (ubuntu/ubuntu), it's just the protocol version that is unknown. Same result as with smbclient from another ubuntu machine specifying the higher protocol version.

Would it be possible for you to attach your smb.conf configuration file?

Hi Andreas,

I cannot show you the share definitions because I use the valid users "settings" which contains the real names of lots of my users, but I can show you the "Global Parameters".

# Global parameters
[global]
        workgroup = OURWORKGROUP
        server string = %h
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        unix extensions = No
        dns proxy = No
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        idmap config * : backend = tdb
       invalid users = root

Could there be a mistake in the configuration of the "idmap config" directive in my smb.conf file?

From the official samba documentation, "this is the mapping mechanism to map POSIX user IDs and group ID to SIDs (Security Identifiers)

Is there something that might have changed from samba3 to samba4?

I mention this because at this stage I have a hard time if this bug is specific to my config or more general.

I appreciate your effort to troubleshoot this with me. I want to reinstall the complete OS and create all users over the Christmas break to see if I can reproduce the issues or not on the same version of Ubuntu, but I am unsure as to when exactly I might be able to do this.

Can we lower the priority of this bug and come back to it once I have had the chance to attempt to reproduce it by recreating all users from the scratch?

I feel the problem must be with the way that smbstatus accesses and validates the user database, but right now it is just a hunch because when I print the list of users with "pdbedit -L", they all appear correctly and everything else works great, including logging of "Share Access" by users.

THANK YOU VERY MUCH FOR YOUR HELP.

Andreas Hasenack (ahasenack) wrote :

> I have set up a complete VM with Ubuntu 16 LTS and I can reproduce the issue
> with two newly created users.

So what we have in common here, possibly:
- the smb.config file in this new VM. Is this one you could share?
- the clients you used to test are the same windows 10 machines that access the "production" server?

Last time this (smbstatus output) was working was with Ubuntu Precise's samba version?

I understand that in the audit logs the users are reported correctly, so somewhere inside samba the information is correct. It could just be that smbstatus is relying on bogus information.

Can you try smbstatus with -v and some extra debug level? Maybe -d 4 and go up from there if you don't see anything interesting?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers