Red Hat Bugzilla – Bug 208718
Update 3.0.23c-1.fc5 cannot understand "@group" in smb.conf
Last modified: 2014-08-31 19:28:34 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:22.214.171.124) Gecko/20060909 Firefox/126.96.36.199
Description of problem:
I discovered, for an exemple, if you have a user group with 3 members (Alan, Baker, Clive), before 3.0.23c this line at smb.conf worked fine:
valid users = @user
But with 3.0.23c update it doesn't work anymore.
You have to replace the line like this:
valid users = Alan, Baker, Clive
I mean, replace the "@groupname" with the complete userlist of the group separated by commas.
It´s a quick solution, but some groups are big and it´s kind of hard to do that with all of them.
Apparently, other people are experiencing the same problem, as related at fedora forum (http://www.fedoraforum.org/forum/showthread.php?t=125460).
I´d appreciate any help or comments.
Attached my smb.conf and logs.
The workstation I´m trying to access the shares from is a Windows XP one, and it´s name is "rbsm204".
The user is "felipe" and he belongs to "admin" group.
I found this at my workstation log (attached):
[2006/09/30 14:58:35, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid @admin does not start with 'S-'.
[2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(423)
Unable to get default yp domain, let's try without specifying it [2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(427)
looking for user felipe of domain (ANY) in netgroup admin [2006/09/30 14:58:35, 0] lib/fault.c:fault_report(41)
[2006/09/30 14:58:35, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 11 in pid 13861 (3.0.23c-1.fc5)
Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/09/30 14:58:35, 0] lib/fault.c:fault_report(44)
[2006/09/30 14:58:35, 0] lib/fault.c:fault_report(45)
[2006/09/30 14:58:35, 0] lib/util.c:smb_panic(1614)
PANIC (pid 13861): internal error
[2006/09/30 14:58:35, 0] lib/util.c:log_stack_trace(1721)
BACKTRACE: 19 stack frames:
#0 smbd(log_stack_trace+0x2d) [0x8a78ad]
#1 smbd(smb_panic+0x5d) [0x8a79dd]
#2 smbd [0x89351a]
#4 /lib/libc.so.6(__strdup+0x1f) [0x346893]
#5 /lib/libnsl.so.1(nis_list+0x5d2) [0xc64b5f]
#6 /lib/libnss_nisplus.so.2(_nss_nisplus_setnetgrent+0x8f) [0x51262e]
#7 /lib/libc.so.6(innetgr+0xb2) [0x3c1d05]
#8 smbd(user_in_netgroup+0x65) [0x6de1e5]
#9 smbd(token_contains_name_in_list+0x23d) [0x6e0bdd]
#10 smbd(change_to_user+0x4d2) [0x71f642]
#11 smbd [0x73eb38]
#12 smbd(make_connection+0x194) [0x73ffa4]
#13 smbd(reply_tcon_and_X+0x21d) [0x7038ed]
#14 smbd [0x73b0e0]
#15 smbd(smbd_process+0x7ab) [0x73c21b]
#16 smbd(main+0xbd0) [0x955f90]
#17 /lib/libc.so.6(__libc_start_main+0xdc) [0x2f24e4]
#18 smbd [0x6c6701]
[2006/09/30 14:58:35, 0] lib/fault.c:dump_core(173)
dumping core in /var/log/samba/cores/smbd
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Insert, for example, any groups at smb.conf, such as valid users = @marketing
2. Everything works fine.
3. Update to samba 3.0.23c-1.fc5
4. Try to access the share containing the "@" from Windows XP
5. It wont´t access the share, altough it´s visible from explorer at Windows XP
6. Remove the "@" sign from smb.conf and replace it with the actual users from the group, separated by commas, such as "clive, celina, owen"
7. Access the share. It will work.
"The share you specified is not accessible anymore"
See the content
Created attachment 137487 [details]
Log saved in /var/log/samba related to the workstation
Windows XP machine name is "rbsm204".
User trying to access the shares is "felipe"
User "felipe" belongs to "admin"
Created attachment 137488 [details]
samba configuration file
my smb.conf file, where you can see the "@" groups assigned
Created attachment 137489 [details]
smb daemon log
I'm having the exact same issue, with the exact same error / stack trace. I'm
glad your were able to narrow it down to the @group, though. All my shares
reference @group so I thought all of samba was broken! This is a pretty serious
I agree with you. The reason I put it as a "normal" bug was that I could
workaround it... Hope the developers fix it as soon as possible. Cheers.
See samba mailing list thread:
I duplicate the problem perfectly.
Will port patch from mailing list context, build RPM, test, and report back.
Created attachment 138360 [details]
Patch to fix @groups crash
Patch to fix @groups crash ported from mailing list
Created attachment 138362 [details]
Diff against 3.0.23-1.fc5 spec file
Diff against 3.0.23-1.fc5 spec file to integrate previous patch into RPM build.
Obviously this needs further work to get into dist as it's labelled with my
Patch is in Samba SVN:
Various comments in the RELEASE tree state "Staging for 3.0.23d..."
First of all thanks for the efforts.
Are you 100% sure that this patch does the job?
I ask it because I had previously contacted Volker Lendeck, from samba.org, and
he said the patch contained at the mentioned mailing list had nothing to do with
this problem with groups:
My message for him
"... Anyway, googleing I saw a discussion where you've posted a patch for samba
Unfortunatelly, I have no idea how to use or apply the patch... Worse, I have no
idea how to port it to fedora core 5...
I´d would really appreciate any comments or help.
Thank you very much for the attention."
And his answer was:
"Please post your problems with more detailed info like your smb.conf and debug
level 10 logs of smbd to firstname.lastname@example.org.
The patch I've posted for sure has nothing to do with your problem.
I´d appreciate any comments!
Thanks again for your help!
Interesting - principally because although Volker told you it has "nothing to do
with your problem", my segfaults matched those of the OP in the Samba ML thread
and the patch makes them go away.
Coincidence? Maybe. But it definitely WORKSFORME.
Great, Graeme. Thanks once more for your great help!!!
Created attachment 139099 [details]
Proof of concept for innetgr() crash
Created attachment 139100 [details]
System info and gdb output for innetgr() PoC crash
[First off, Graeme, I don't believe that mailing list thread/patch has anything
to with this bug.]
Since my machine doesn't need NIS, one workaround is to edit /etc/nsswitch.conf
and change the "netgroup" line from "nisplus" to "files". After that, smbd works
fine with "valid users = @group".
The crash is due to glibc's innetgr() eventually calling strdup(NULL). It looks
like it tries to find group information using NIS-related functions, but one of
the sub-lookups fails in a way the caller doesn't expect (an array element is
NULL instead of the array pointer being NULL).
The bug is reproducible independently of Samba using the attached PoC (see also
gdb info), under Fedora Core 5 with glibc-2.4-11 and "netgroup: nisplus" in
/etc/nsswitch.conf. The user and group can be anything, including nonexistent ones.
Changing the netgroup entry to "files" simply hides the bug and allows smbd to
work on machines that use local files for group information.
Bug filed with glibc bugzilla (http://sourceware.org/bugzilla/show_bug.cgi?id=3411).
*** This bug has been marked as a duplicate of 206483 ***