[Samba] Access denied when accessing via hostname

ivenhov iwan.daniel at gmail.com
Thu Jul 31 04:08:15 MDT 2014 

Hi
I'm using Samba 3.6.3 on ubuntu 12.04 as a domain member with AD on Win
Server 2012.
My hare is configured like this:
valid users = @"EVSOFFICE.LOCAL+dangroup"

When I try to connect to a share via IP from Win7 (part of the domain) it
succeeds but when use host name \\node15 I can see shares but double-click
on share shows AccessDenied.

I'm trying to connect as EVSOFFICE.LOCAL\danclone which is part of DanGroup.

When I specify valid users as EVSOFFICE.LOCAL+danclone or
@"EVSOFFICE.LOCAL+Domain Users"
I can connect successfully.
But I want to specify more than one group here, rather than generic "Domain
Users"

So it's only when I use dangroup it fails. 
It looks like it cannot match my username with a group

getent group shows
dangroup:x:100006:dan,danclone

Any help appreciated

Log shows:

[2014/07/31 08:35:48.316386,  3] smbd/process.c:1467(switch_message)
  switch message SMBtconX (pid 18019) conn 0x0
[2014/07/31 08:35:48.316411,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2014/07/31 08:35:48.316434,  5]
../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2014/07/31 08:35:48.316457,  5]
auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2014/07/31 08:35:48.316498,  5] smbd/uid.c:400(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2014/07/31 08:35:48.316529,  4] smbd/reply.c:794(reply_tcon_and_X)
  Client requested device type [?????] for share [NODE15-HOME]
[2014/07/31 08:35:48.316560,  5] smbd/service.c:1321(make_connection)
  making a connection to 'normal' service node15-home
[2014/07/31 08:35:48.316587,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.0.20.247 (10.0.20.247)
[2014/07/31 08:35:48.316615,  3]
../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID @EVSOFFICE.LOCAL+dangroup is not in a valid format
[2014/07/31 08:35:48.316660,  5] auth/user_util.c:148(user_in_netgroup)
  Unable to get default yp domain, let's try without specifying it
[2014/07/31 08:35:48.316686,  5] auth/user_util.c:152(user_in_netgroup)
  looking for user EVSOFFICE+danclone of domain (ANY) in netgroup
EVSOFFICE.LOCAL+dangroup
[2014/07/31 08:35:48.316755,  5] auth/user_util.c:175(user_in_netgroup)
  looking for user evsoffice+danclone of domain (ANY) in netgroup
EVSOFFICE.LOCAL+dangroup
[2014/07/31 08:35:48.316790, 10] passdb/lookup_sid.c:76(lookup_name)
  lookup_name: EVSOFFICE.LOCAL\dangroup => domain=[EVSOFFICE.LOCAL],
name=[dangroup]
[2014/07/31 08:35:48.316817, 10] passdb/lookup_sid.c:77(lookup_name)
  lookup_name: flags = 0x077
[2014/07/31 08:35:48.317957, 10] smbd/share_access.c:219(user_ok_token)
  User EVSOFFICE+danclone not in 'valid users'
[2014/07/31 08:35:48.318010,  2]
smbd/service.c:627(create_connection_session_info)
  user 'EVSOFFICE+danclone' (from session setup) not permitted to access
this share (node15-home)
[2014/07/31 08:35:48.318048,  1] smbd/service.c:770(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2014/07/31 08:35:48.318083,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/reply.c(803) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
[2014/07/31 08:35:48.318109,  5] lib/util.c:332(show_msg)
[2014/07/31 08:35:48.318123,  5] lib/util.c:342(show_msg)

Daniel





--
View this message in context: http://samba.2283325.n4.nabble.com/Access-denied-when-accessing-via-hostname-tp4670083.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list