HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Samba on Non Stop
Operating System - Linux
1830345
Members
2683
Online
110001
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 10:39 AM
01-13-2009 10:39 AM
Samba on Non Stop
I am trying to get info on why Samba logons on a Non Stop system go in as Floss.nobody instead of the user I log into. I can see/edit oss files, and can see guardian files but get "ACCESS DENIED" because logged on as FLOSS.NOBODY instead of the user I logged into as.
Is there a Forum someone can steer me too?
Is there a Forum someone can steer me too?
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 11:58 AM
01-13-2009 11:58 AM
Re: Samba on Non Stop
Shalom,
This is the correct forum for Linux based OS.
Have you checked your smbpasswd file?
What security settings are there in smb.conf
?
uname -a
# I would like to get a handle on the OS and such.
SEP
This is the correct forum for Linux based OS.
Have you checked your smbpasswd file?
What security settings are there in smb.conf
?
uname -a
# I would like to get a handle on the OS and such.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 01:20 PM
01-13-2009 01:20 PM
Re: Samba on Non Stop
$ uname -a
NONSTOP_KERNEL stltan2 G06 24 NSR-Z
So, not sure if you are familiar with Non Stop...Tandem add a unix OS on top of it's proprietary system. The unix side of samba is fine, it is the tandem or guardian files that cannot be opened. Standard Tandem files have a code 101, and if I do a fup secure, code 180 command...then I can open the files.
I can't really give out the smbpasswd info, for security reasons, but I can say it is there with user I created and the id is not the 65535 id, which is reported by Samba to be a problem. In all user log files, I get the error "Warning: You appear to have a trapdoor uid system".
I believe the smbpasswd file is correct and I ran through some of the tools to check the smb.conf file, and it was fine.
If you like, send me your email address, and I may give you more info ...it is security you know and I surely don't want to post it on a public web site.
NONSTOP_KERNEL stltan2 G06 24 NSR-Z
So, not sure if you are familiar with Non Stop...Tandem add a unix OS on top of it's proprietary system. The unix side of samba is fine, it is the tandem or guardian files that cannot be opened. Standard Tandem files have a code 101, and if I do a fup secure
I can't really give out the smbpasswd info, for security reasons, but I can say it is there with user I created and the id is not the 65535 id, which is reported by Samba to be a problem. In all user log files, I get the error "Warning: You appear to have a trapdoor uid system".
I believe the smbpasswd file is correct and I ran through some of the tools to check the smb.conf file, and it was fine.
If you like, send me your email address, and I may give you more info ...it is security you know and I surely don't want to post it on a public web site.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 03:40 PM
01-13-2009 03:40 PM
Re: Samba on Non Stop
I found a description on "trapdoor UIDs" here:
http://books.google.com/books?pg=PA112&lpg=PA112&dq="trapdoor+uid"&sig=kBhzjMcMHcNtPaQ4Y4ESzhozTOA&ct=result&id=mdpJY6-BESIC&ots=L9tELyj3v4&output=html
Summary:
Samba requires that its sub-process (which actually serves the client's request) must be able to change its identity from the privileged user to non-privileged _and back_. When a process in a trapdoor UID system releases its privileges, they're gone for good. NonStop's Unix compatibility layer seems to work like this, and it presents a problem for Samba.
-----
For security reasons, Samba does all its communication with the clients using non-privileged processes. The process that receives your Samba login information (or your first buffer overflow attempt, if you're an intruder) is running as the "nobody" user (which translates into FLOSS.NOBODY in NonStop lingo). After the login information is verified, this non-privileged process should then take on the identity of the user that is trying to log in... but NonStop does not allow that, and the process remains as FLOSS.NOBODY.
The Unix compatibility layer of NonStop seems to be especially thin on matters related to user identity. If the underlying Guardian system fundamentally does not allow something, the compatibility layer cannot make it possible. You would need a version of Samba that is modified to work in a different, NonStop-friendly fashion. This would probably be a major modification.
The ITUG Forums would be the "standard" forum for the NonStop users and admins, but it looks rather quiet in there:
http://www.itug.org/forums/forum/
MK
http://books.google.com/books?pg=PA112&lpg=PA112&dq="trapdoor+uid"&sig=kBhzjMcMHcNtPaQ4Y4ESzhozTOA&ct=result&id=mdpJY6-BESIC&ots=L9tELyj3v4&output=html
Summary:
Samba requires that its sub-process (which actually serves the client's request) must be able to change its identity from the privileged user to non-privileged _and back_. When a process in a trapdoor UID system releases its privileges, they're gone for good. NonStop's Unix compatibility layer seems to work like this, and it presents a problem for Samba.
-----
For security reasons, Samba does all its communication with the clients using non-privileged processes. The process that receives your Samba login information (or your first buffer overflow attempt, if you're an intruder) is running as the "nobody" user (which translates into FLOSS.NOBODY in NonStop lingo). After the login information is verified, this non-privileged process should then take on the identity of the user that is trying to log in... but NonStop does not allow that, and the process remains as FLOSS.NOBODY.
The Unix compatibility layer of NonStop seems to be especially thin on matters related to user identity. If the underlying Guardian system fundamentally does not allow something, the compatibility layer cannot make it possible. You would need a version of Samba that is modified to work in a different, NonStop-friendly fashion. This would probably be a major modification.
The ITUG Forums would be the "standard" forum for the NonStop users and admins, but it looks rather quiet in there:
http://www.itug.org/forums/forum/
MK
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 04:31 PM
01-13-2009 04:31 PM
Re: Samba on Non Stop
Shalom,
I'm familiar enough with samba to help.
Check the smbpasswd file yourself, if you are using it. I did not ask you to post it. I asked you to check it.
Samba is open source, simple and the same over all unix/linux platforms. How the investigation goes depends on the smb.conf file security statement.
If security=user then you are using a smbpasswd file and that is where to look for trouble. samba logs are helpful and that can vary OS to OS.
if security=ads or domain for example then the source of your issue may be incorrect integration with windows domain controller or problem off system.
All I've given you is a methodology to diagnose the problem. Knowing the OS is helpful but not required for a samba problem.
SEP
I'm familiar enough with samba to help.
Check the smbpasswd file yourself, if you are using it. I did not ask you to post it. I asked you to check it.
Samba is open source, simple and the same over all unix/linux platforms. How the investigation goes depends on the smb.conf file security statement.
If security=user then you are using a smbpasswd file and that is where to look for trouble. samba logs are helpful and that can vary OS to OS.
if security=ads or domain for example then the source of your issue may be incorrect integration with windows domain controller or problem off system.
All I've given you is a methodology to diagnose the problem. Knowing the OS is helpful but not required for a samba problem.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2009 09:43 AM
01-14-2009 09:43 AM
Re: Samba on Non Stop
Thanks MK, I kinda think you hit the nail on the head. The source was downloaded at HP, from http://h71028.www7.hp.com/enterprise/cache/600067-0-0-0-121.html , for samba3.
I look in the source and it looks like this has been modified for Tandem (if def Tandem statements all over the source area, and the libs), so I assume the samba server smb is also compiled against the source they provide. I did find a doc that briefly mentions modifying and compiling open source to fit Non Stop needs:
http://h20223.www2.hp.com/NonStopComputing/downloads/Open_source_WP.pdf
Although the example is on a different version of source, I do see what they are doing.
I am kinda to the point where I may call HP and ask for some help.
Steven...not sure this is helpable, given the NONSTOP OS system...FYI, the security=user, and it does exist in smbpasswd file. Like MK says, Non stop won't allow the switch of user from FLOSS.NOBODY back to the user you logged into. Unless you have some ideas to try? I see you are in Israel...My company is HQ'd there...sure you are familiar with it...
I look in the source and it looks like this has been modified for Tandem (if def Tandem statements all over the source area, and the libs), so I assume the samba server smb is also compiled against the source they provide. I did find a doc that briefly mentions modifying and compiling open source to fit Non Stop needs:
http://h20223.www2.hp.com/NonStopComputing/downloads/Open_source_WP.pdf
Although the example is on a different version of source, I do see what they are doing.
I am kinda to the point where I may call HP and ask for some help.
Steven...not sure this is helpable, given the NONSTOP OS system...FYI, the security=user, and it does exist in smbpasswd file. Like MK says, Non stop won't allow the switch of user from FLOSS.NOBODY back to the user you logged into. Unless you have some ideas to try? I see you are in Israel...My company is HQ'd there...sure you are familiar with it...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2009 04:50 PM
01-14-2009 04:50 PM
Re: Samba on Non Stop
Here is some feedback from the lab:
As far as I know, Samba is not officially supported on NonStop even though there may be some bootleg versions that we have running internally.
So it seems like other than this thread, you are on your own.
As far as I know, Samba is not officially supported on NonStop even though there may be some bootleg versions that we have running internally.
So it seems like other than this thread, you are on your own.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP