Univention Bugzilla – Bug 30311
Samba4 Slave installed with wizzard: import listener module samba4-idmap.py failed
Last modified: 2013-02-15 17:51:14 CET
In a distributed UCS@school 3.1 environment (master without samba) with Samba4 on two joined DC slaves, the users get an access denied when loading their windows profiles. Analysis of the problem showed that the idmap.ldb on the DC slaves does not contain the official UCS UIDs. The listenr log shows, that there was an error durint import of the module samba4-idmap.py: =============================================================================== 06.02.13 15:06:05.680 LISTENER ( ERROR ) : replication flatmode activated: False params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/shares.conf": Permission denied 06.02.13 15:06:06.742 LISTENER ( ERROR ) : import of filename=/usr/lib/univention-directory-listener/system/samba4-idmap.py failed Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/samba4-idmap.py", line 54, in <module> lp.load('/etc/samba/smb.conf') RuntimeError: Unable to load file /etc/samba/smb.conf 06.02.13 15:06:06.742 LISTENER ( ERROR ) : import of filename=/usr/lib/univention-directory-listener/system/samba4-idmap.py failed in module_import() =============================================================================== Looks like the user "listener" cannot load the /etc/samba/smb.conf: =============================================================================== listener@slave53:~$ /usr/lib/univention-directory-listener/system/samba4-idmap.py params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/shares.conf": Permission denied Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/samba4-idmap.py", line 54, in <module> lp.load('/etc/samba/smb.conf') RuntimeError: Unable to load file /etc/samba/smb.conf listener@slave53:~$ less /etc/samba/shares.conf /etc/samba/shares.conf: Keine Berechtigung =============================================================================== Maybe it would be best to adjust the listener module to load the smb.conf with a priviledged uid. Or it needs to be assured that *all* files ever included into smb.conf are readable by everyone (viz "lizener").
Looks like the umask inherited from the UMC wizzard restricts the file permissions: root@slave53:~# ls -ld /etc/samba/* -rw-r--r-- 1 root root 1504 6. Feb 14:30 /etc/samba/base.conf -rw-r--r-- 1 root root 8 12. Nov 2011 /etc/samba/gdbcommands -rw-r--r-- 1 root root 1 6. Feb 14:24 /etc/samba/local.config.conf drwxr-xr-x 2 root root 4096 4. Feb 18:54 /etc/samba/local.config.d -rw-r--r-- 1 root nogroup 48 6. Feb 14:30 /etc/samba/printers.conf drwx------ 2 root nogroup 4096 6. Feb 14:29 /etc/samba/printers.conf.d -rw------- 1 root nogroup 542 6. Feb 14:35 /etc/samba/shares.conf drwx------ 2 root nogroup 4096 6. Feb 14:35 /etc/samba/shares.conf.d -rw-r--r-- 1 root root 5181 6. Feb 14:30 /etc/samba/smb.conf
The umask in the UCS@school installation wizard has been reset to 0022. No changelog entry neccessary.
Ok, file permissions are fixed, user profiles are loaded again as expected.
UCS@school 3.1 has been released: http://forum.univention.de/viewtopic.php?f=26&t=2364 If this error occurs again, please use "Clone This Bug".