9 replies to this topic

[MiNe]

Hi,

I'm trying to configure Samba on my ET8000 to offer shares without using the root user.

First I added two new user accounts (adduser), then I added the user to the Samba data base (smbpasswd -a).

For the first changes in the Samba config I changed to "security = user" and changed the "valid users" of one share.

cat /etc/samba/smb.conf
[global]
   load printers = no
   guest account = root
   log file = /tmp/smb.log
   log level = 1
   security = user
   encrypt passwords = yes
   server string = Fileserver
   workgroup = Anstandswauwau
   netbios name = %h
   case sensitive=yes
   preserve case=yes
   short preserve case=yes
   socket options = TCP_NODELAY
   preferred master = yes
#   oplocks = no

#[Root]
#  comment = Everything - take care!
#  path = /
#  read only = no
#  public = yes
#  guest ok = yes

[Harddisk]
  comment = The harddisk
  path = /media/hdd
  read only = no
  public = yes
  guest ok = no
  browseable = yes
  valid users = mine

 

As soon as I try accessing the server with any user I get the following lines in my log:

 

[2014/04/10 17:16:49, 0] lib/util_sec.c:assert_gid(119)
  Failed to set gid privileges to (-1,1000) now set to (0,0) uid=(0,0)
[2014/04/10 17:16:49, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 16280): failed to set gid
 
[2014/04/10 17:16:49, 0] lib/util.c:log_stack_trace(1737)
  BACKTRACE: 1 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x40) [0x778aca58]
[2014/04/10 17:16:49, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/cores/smbd
[2014/04/10 17:16:49, 0] lib/util_sec.c:assert_gid(119)
  Failed to set gid privileges to (-1,1000) now set to (0,0) uid=(0,0)
[2014/04/10 17:16:49, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 16281): failed to set gid
 
[2014/04/10 17:16:49, 0] lib/util.c:log_stack_trace(1737)
  BACKTRACE: 1 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x40) [0x778aca58]
[2014/04/10 17:16:49, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/cores/smbd
[2014/04/10 17:17:04, 0] lib/util_sec.c:assert_gid(119)
  Failed to set gid privileges to (-1,1000) now set to (0,0) uid=(0,0)
[2014/04/10 17:17:04, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 16286): failed to set gid
 
[2014/04/10 17:17:04, 0] lib/util.c:log_stack_trace(1737)
  BACKTRACE: 1 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x40) [0x778aca58]
[2014/04/10 17:17:04, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/cores/smbd

 

Is there any way of using Samba in a proper way? I mean, without doing all as root and some user management?

 

Thanks,

MiNe

[delavega]

i tried to do that for a while but it never worked...

[Pr2]

By default the HDD is already shared with samba for everybody the only "problem" is that they use another workgroup name by default.

So change the workgroup name back to "WORKGROUP" in the config file smb.conf restart and your ET8000 will join easily your home network.

 

No need to play with user or whatever.

[MiNe]

By default the HDD is already shared with samba for everybody the only "problem" is that they use another workgroup name by default.

So change the workgroup name back to "WORKGROUP" in the config file smb.conf restart and your ET8000 will join easily your home network.

 

No need to play with user or whatever.

Thanks for your replay.

But that's not the point. Sharing generally works. But I would like to use my ET8000 as a NAS. Therefore I would like to have some user management. Unfortunately the only user that is working is root.

 

But fortunately I have an idea what the problem could be:

Before compiling Samba, you need to issue the "./configure" command. That command sets configurations and variables for the later compilation. A lot of variables get set by informations from the environment. But when using a cross compiler, like it has been done for the Samba binary for MIPS, it can happen that these variables get set wrongly because it the "./configure" command is not run in the correct environment.

 

On the Samba mailinglist [1] I found the info, that a #define in a header file might be set wrongly.

So the question now is: could please one developer take a look into that? I think that issue could be solved quite easily.

 

Michael

 

[1] http://lists.samba.o...ary/016759.html

[MiNe]

Now I posted this issue to the OE-Core mailing list. I think that's a better place than here.

 

MiNe

Edited by MiNe, 13 April 2014 - 18:57.

[MiNe]

Unfortunately I got no response on the mailing list. I also got the feeling that this forum could in fact be the correct place for this issue. On the OpnePli Git repo I saw, that you are doing Samba recipe by your own.

 

So could please anyone of the devs, maybe MiLo, take a look into that issue? It would be very important for me to get the user management in Samba working.

 

Thanks,

MiNe

[SpaceRat]

I've tried hard to compile a proper Samba and failed.

Regardless of wether I set
samba_cv_USE_SETREUID=yes
or
samba_cv_USE_SETRESUID=yes
and different variants of it, the Samba is always broken.

This is how for I could get:

[global]
   load printers = no
   guest account = root
   log file = /tmp/smb.log
   log level = 1
   security = user
   server string = OpenPLi %h network services
   workgroup = WORKGROUP
   netbios name = %h
   case sensitive=yes
   preserve case=yes
   short preserve case=yes
   socket options = TCP_NODELAY
   preferred master = no
   oplocks = no

   username map = /etc/samba/users.map
   smb passwd file = /etc/samba/smbpasswd
   encrypt passwords = true
   passdb backend = smbpasswd
   obey pam restrictions = yes
   unix charset = UTF8
   max stat cache size = 64
   mangled names = no
   #bind interfaces only = yes
   #interfaces = lan lan:0
   null passwords = yes
   domain master = no
   local master = no
   preferred master = no

[Root]
  comment = Everything - take care!
  path = /
  read only = no
  public = yes
  guest ok = no
  username = root
  valid users = root
  create mask = 0777
  force create mode = 0777
  directory mask = 0777
  force directory mode = 0777
  veto files = /Schlafzimmer/Wohnzimmer/Server/
  
[Harddisk]
  comment = The harddisk
  path = /media/hdd
  read only = no
  public = yes
  guest ok = no
  username = root
  valid users = root
  create mask = 0777
  force create mode = 0777
  directory mask = 0777
  force directory mode = 0777
  veto files = /Schlafzimmer/Wohnzimmer/Server/

So the guest user is still root, but however guest logins are disabled.
I copied the /etc/samba/smbpasswd from another machine which already had a proper password for root inside (Later I added /usr/bin/smbpasswd to the samba server package, so passwords could be created on the box as well).

users.map contains one entry:

root = "Karl Dall"

where "Karl Dall" is in fact replaced with my Windows user name.

The veto files /Schlafzimmer/Wohnzimmer/Server/ serve a simple purpose:
It no longer possible to change into those directories preventing the receiver inside the living room (Wohnzimmer) to change into the directory "living room" on the share from the sleeping room (Schlafzimmer), or in other words it stops receivers exposing their shares to other boxes.

This prevents my wife from causing useless traffic between other nodes than needed by changing directories this way:
Receiver A -> Receiver B -> Server
or even worse:
Receiver A -> Receiver B -> Receiver A -> Server

The above config is good enough to require a login to open shares but it doesn't implement proper user management.
On the other hand, the question is if you really want this, because Linux rights management using "owner, group, others" and "read, write, execute" is a pain in the ass and E2 isn't really prepared to find files with different owners.

[SpaceRat]

I'm now pretty sure that the bug doesn't actually reside in the Samba binaries.

I've built Samba using the same patchset as used in Freetz (Firmware-Addon for AVM Fritz!Box) and it has the same problem. I even modified Freetz in order to compile Samba with "normal" default directories and compiled Samba within Freetz, still the same error.
And inside Freetz it works with heaps of users so it must be related to something else in the image.

[MiNe]

Hi,

finally I got Smaba 3.6.22 compiled and until now everything seem to be working without problems. Also the user management is working :-)

 

But unfortunately I have problems uploading it here because when compressing it with zip it has about 15 MB and the limitation here is 10 MB.

When compressing it with 7z it has about 6 MB, but I'm not allowed to upload files with that extension. So please refer to my upload at the OpenATV forum [1].

 

MiNe

 

[1] http://www.opena.tv/...ull=1#post52600

[skortela]

Hi,

finally I got Smaba 3.6.22 compiled and until now everything seem to be working without problems. Also the user management is working :-)

 

But unfortunately I have problems uploading it here because when compressing it with zip it has about 15 MB and the limitation here is 10 MB.

When compressing it with 7z it has about 6 MB, but I'm not allowed to upload files with that extension. So please refer to my upload at the OpenATV forum [1].

 

MiNe

 

[1] http://www.opena.tv/...ull=1#post52600

 

Hi,

 

I got same problem on OpenVix when trying to configure samba to user security.

Your link was not working anymore, could you give instructions how you get it compiled?

I have cross-compile environment set up, and found samba_3.0.37.bb recipe file.