[Samba] Denying access to shares from time to time

Jose Miguel Lopez Coronado jmlopez at cect.org
Tue Nov 25 03:13:37 MST 2014 

Dear Rowland:

smb.conf

[global]
     workgroup = CECTGROUP
     netbios aliases = mox3virt1
     server string = %h server
     map to guest = Bad User
     obey pam restrictions = Yes
     pam password change = Yes
     passwd program = /usr/bin/passwd %u
     passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
     unix password sync = Yes
     syslog = 0
     log file = /var/log/samba/log.%m
     max log size = 1000
     read raw = No
     write raw = No
     dns proxy = No
     default service = homes
     usershare allow guests = Yes
     panic action = /usr/share/samba/panic-action %d
     idmap config * : backend = tdb

[etiquetas]
     comment = Etiquetas para todos
     path = /var/samba/etiquetas
     valid users = @samba
     force group = samba
     read only = No
     create mask = 0777
     force create mode = 0777
     directory mask = 0777
     force directory mode = 0777
     oplocks = No
     level2 oplocks = No


The permissions of /var/samba/etiquetas are:
drwxrwxr-x  23 root samba           4096 Jul  7 12:53 etiquetas/


Finally, it seems I do not have getfacl installed in my system (turnkey 
linux openvz in proxmox server).

Chemi.



------------------------------------------------------------------------

El 25/11/14 a las 11:04, Rowland Penny escribió:
> On 25/11/14 09:33, Jose Miguel Lopez Coronado wrote:
>> Dear all.
>>
>> I've been having problems with people accessing shares in my samba 
>> 3.6.6. The point is that when the server has started everybody can 
>> access the requested shares, but after a while (next day in some 
>> cases). People are not allowed to access common shares. The only clue 
>> I can obtain from the log file is:
>> [2014/11/25 09:06:00.910024,  2] auth/auth.c:309(check_ntlm_password)
>>   check_ntlm_password:  authentication for user [avila] -> [avila] -> 
>> [avila] succeeded
>> [2014/11/25 09:06:00.914197,  2] 
>> smbd/service.c:627(create_connection_session_info)
>>   user 'avila' (from session setup) not permitted to access this 
>> share (etiquetas)
>> [2014/11/25 09:06:00.914277,  1] 
>> smbd/service.c:805(make_connection_snum)
>>   create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
>>
>> The authentification succeded but the system denies access. In fact 
>> the user avila is allowed to access the share etiquetas. When I 
>> restart the server (service samba restart) everything works all right 
>> again until the next time.
>>
>> Any idea?
>>
>> Thanks in advande and best wishes.
> Can you post your smb.conf, the unix permisions for the share and what 
> 'getfacl /path/to/share' returns
>
> Rowland
>

More information about the samba mailing list