Web lists-archives.com

[Samba] explorer.exe crashes on security tab access




The OS is Windows 7 Enterprise (build 7601, SP1). Samba version 4.8.3,
compiled on Centos 7.4.

smb.conf:
# Global parameters
[global]
        dns forwarder = none
        log level = 1
        netbios name = DC1
        realm = SAMDOM.TEST
        server role = active directory domain controller
        workgroup = SAMDOM
        idmap_ldb:use rfc2307 = yes

[netlogon]
path = /usr/local/samba/var/locks/sysvol/samdom.test/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[Demo]
      path = /srv/samba/Demo
        read only = No
        create mask = 0666
        directory mask = 0777
        inherit permissions = Yes
        inherit acls = Yes
        browsable = Yes

The shared directory looks like this:
[root@dc1 Demo]# ls -la /srv/samba/Demo
total 0
drwxr-xr-x. 2 root root 31 Aug 16 19:54 .
drwxr-xr-x. 3 root root 18 Aug 16 19:49 ..
-rw-r--r--. 1 root root  0 Aug 16 19:54 alpha
-rw-r--r--. 1 root root  0 Aug 16 19:54 beta

getfacl returns:
[root@dc1 Demo]# getfacl /srv/samba/Demo/alpha
# file: alpha
# owner: root
# group: root
user::rw-
group::r--
other::r--

The crash only happens when a local unix group (in this case root) is set
as the group for the shared file.

/ Kacper



>>  By primary group I mean the group that is set by chgrp. that is the
>>  group returned after the pound key (#) from getfacl. In other words
>>  the Unix group and not the one managed by ACLs.
>>

>>> That is not necessarily the users primary group, the users primary
>>>  group is the one displayed by 'getent passwd username' e.g.
>>>
>>>  root at dc4:~# getent passwd SAMDOM\\rowland
>>>  SAMDOM\rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
>>>
>>>  The second number is the users primary group, in this case '10000',
>>>  which is:
>>>
>>>  root at dc4:~# getent group 10000
>>>  SAMDOM\domain users:x:10000:
>>>
>>>  But if I create a file in a share and ensure it belongs to the user
>>>  with a group that isn't the users primary group (which seems to be what
>>>  you are describing), I get:
>>>
>>>  root at dc4:~# ls -la /srv/samba/Demo/test.txt
>>>  -rw-rwxr--+ 1 SAMDOM\rowland SAMDOM\unixgroup 0 Aug 16 11:29
/srv/samba/Demo/test.txt
>>>
>>>  And getfacl shows:
>>>
>>>  root at dc4:~# getfacl /srv/samba/Demo/test.txt
>>>  getfacl: Removing leading '/' from absolute path names
>>>  # file: srv/samba/Demo/test.txt
>>>  # owner: SAMDOM\134rowland
>>>  # group: SAMDOM\134unixgroup
>>>  user::rw-
>>>  user:root:rw-
>>>  user:SAMDOM\134rowland:rw-
>>>  group::r--
>>>  group:SAMDOM\134unixgroup:r--
>>>  group:SAMDOM\134unix\040admins:rw-
>>>  mask::rwx
>>>  other::r--
>>>
>>>  If I now go to a Win7 machine, log in as 'rowland', open explorer and
>>>  navigate to the file, right click it, select 'Properties' ->
>>>  'Security', it opens correctly (without crashing) and displays the
>>>  owners etc.
>>>
>>>  The share in smb.conf is this:
>>>  [Demo]
>>>         path = /srv/samba/Demo/
>>>         read only = no
>>>
>>>  If it is crashing for you, we need to know why.
>>>  What OS ?
>>>  What version of Samba ?
>>>  What is in your smb.conf ?
>>>  What is the DC ?
>>>
>>>  Rowland
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba