[Samba] Samba 4 AD share: Access denied
Ryan Ashley
ryana at reachtechfp.com
Mon Jul 28 08:00:35 MDT 2014
Odd, but it says I am using 4.2.0, which is higher than 4.1.8.
root at fs01:/usr/src/samba-master# samba-tool -V
4.2.0pre1-GIT-d097898
root at fs01:/usr/src/samba-master# winbindd -V
Version 4.2.0pre1-GIT-d097898
root at fs01:/usr/src/samba-master# nmbd -V
Version 4.2.0pre1-GIT-d097898
root at fs01:/usr/src/samba-master#
I normally clone, configure, and build. Is the stable branch not
default? Am I building a testing branch? Should I checkout on the stable
branch?
On 07/28/2014 09:50 AM, Rowland Penny wrote:
> On 28/07/14 14:41, Ryan Ashley wrote:
>> Alright, I was poking around this morning trying to make this work,
>> and noticed something odd. Loads of zombie nmbd processes. Check out
>> the dump below and tell me, what is going on here? Is this my problem?
>>
>> root at fs01:~# ps x
>> PID TTY STAT TIME COMMAND
>> 1 ? Ss 0:02 init [2]
>> 2 ? S 0:00 [kthreadd]
>> 3 ? S 0:00 [ksoftirqd/0]
>> 5 ? S 0:00 [kworker/u:0]
>> 6 ? S 0:00 [migration/0]
>> 7 ? S 0:01 [watchdog/0]
>> 8 ? S< 0:00 [cpuset]
>> 9 ? S< 0:00 [khelper]
>> 10 ? S 0:00 [kdevtmpfs]
>> 11 ? S< 0:00 [netns]
>> 12 ? S 0:00 [xenwatch]
>> 13 ? S 0:00 [xenbus]
>> 14 ? S 0:01 [sync_supers]
>> 15 ? S 0:00 [bdi-default]
>> 16 ? S< 0:00 [kintegrityd]
>> 17 ? S< 0:00 [kblockd]
>> 19 ? S 0:00 [khungtaskd]
>> 20 ? S 0:00 [kswapd0]
>> 21 ? SN 0:00 [ksmd]
>> 22 ? SN 0:00 [khugepaged]
>> 23 ? S 0:00 [fsnotify_mark]
>> 24 ? S< 0:00 [crypto]
>> 173 ? S 0:00 [jbd2/xvda1-8]
>> 174 ? S< 0:00 [ext4-dio-unwrit]
>> 183 ? S 0:00 [kworker/u:1]
>> 313 ? Ss 0:00 udevd --daemon
>> 420 ? S 0:00 udevd --daemon
>> 425 ? S 0:00 udevd --daemon
>> 433 ? S 0:00 [khubd]
>> 438 ? S< 0:00 [kpsmoused]
>> 445 ? S< 0:00 [ata_sff]
>> 471 ? S 0:00 [scsi_eh_0]
>> 472 ? S 0:00 [scsi_eh_1]
>> 1295 ? S 0:00 [jbd2/xvda2-8]
>> 1296 ? S< 0:00 [ext4-dio-unwrit]
>> 1297 ? S 0:01 [flush-202:0]
>> 1298 ? S 0:00 [jbd2/xvda9-8]
>> 1299 ? S< 0:00 [ext4-dio-unwrit]
>> 1300 ? S 0:00 [jbd2/xvda10-8]
>> 1301 ? S< 0:00 [ext4-dio-unwrit]
>> 1302 ? S 0:00 [jbd2/xvda8-8]
>> 1303 ? S< 0:00 [ext4-dio-unwrit]
>> 1307 ? S 0:00 [jbd2/xvda11-8]
>> 1308 ? S< 0:00 [ext4-dio-unwrit]
>> 1309 ? S 0:00 [jbd2/xvda3-8]
>> 1310 ? S< 0:00 [ext4-dio-unwrit]
>> 1311 ? S 0:00 [jbd2/xvda4-8]
>> 1312 ? S< 0:00 [ext4-dio-unwrit]
>> 1313 ? S 0:00 [jbd2/xvda5-8]
>> 1314 ? S< 0:00 [ext4-dio-unwrit]
>> 1315 ? S 0:00 [jbd2/xvda6-8]
>> 1316 ? S< 0:00 [ext4-dio-unwrit]
>> 1317 ? S 0:00 [jbd2/xvda7-8]
>> 1318 ? S< 0:00 [ext4-dio-unwrit]
>> 1319 ? S 0:00 [jbd2/xvdb1-8]
>> 1320 ? S< 0:00 [ext4-dio-unwrit]
>> 1780 ? Sl 0:00 /usr/sbin/rsyslogd -c5
>> 1811 ? Ss 0:00 /usr/sbin/acpid
>> 1903 ? Ss 0:00 /usr/sbin/cron
>> 1998 ? Ss 0:00 /usr/sbin/sshd
>> 2022 tty1 Ss+ 0:00 /sbin/getty 38400 tty1
>> 2023 tty2 Ss+ 0:00 /sbin/getty 38400 tty2
>> 2024 tty3 Ss+ 0:00 /sbin/getty 38400 tty3
>> 2025 tty4 Ss+ 0:00 /sbin/getty 38400 tty4
>> 2026 tty5 Ss+ 0:00 /sbin/getty 38400 tty5
>> 2027 tty6 Ss+ 0:00 /sbin/getty 38400 tty6
>> 2041 ? Ss 0:03 nmbd
>> 2043 ? Ss 0:03 smbd
>> 2045 ? Ss 0:00 winbindd
>> 2046 ? S 0:02 winbindd
>> 2047 ? S 0:00 winbindd
>> 2048 ? S 0:00 winbindd
>> 2049 ? S 0:00 smbd
>> 2067 ? Z 0:00 [nmbd] <defunct>
>> 2085 ? Z 0:00 [nmbd] <defunct>
>> 2109 ? Z 0:00 [nmbd] <defunct>
>> 2127 ? Z 0:00 [nmbd] <defunct>
>> 2145 ? Z 0:00 [nmbd] <defunct>
>> 2163 ? Z 0:00 [nmbd] <defunct>
>> 2185 ? Z 0:00 [nmbd] <defunct>
>> 2203 ? Z 0:00 [nmbd] <defunct>
>> 2223 ? Z 0:00 [nmbd] <defunct>
>> 2241 ? Z 0:00 [nmbd] <defunct>
>> 2263 ? Z 0:00 [nmbd] <defunct>
>> 2281 ? Z 0:00 [nmbd] <defunct>
>> 2299 ? Z 0:00 [nmbd] <defunct>
>> 2317 ? Z 0:00 [nmbd] <defunct>
>> 2339 ? Z 0:00 [nmbd] <defunct>
>> 2357 ? Z 0:00 [nmbd] <defunct>
>> 2375 ? Z 0:00 [nmbd] <defunct>
>> 2393 ? Z 0:00 [nmbd] <defunct>
>> 2415 ? Z 0:00 [nmbd] <defunct>
>> 2433 ? Z 0:00 [nmbd] <defunct>
>> 2451 ? Z 0:00 [nmbd] <defunct>
>> 2469 ? Z 0:00 [nmbd] <defunct>
>> 2491 ? Z 0:00 [nmbd] <defunct>
>> 2509 ? Z 0:00 [nmbd] <defunct>
>> 2527 ? Z 0:00 [nmbd] <defunct>
>> 2545 ? Z 0:00 [nmbd] <defunct>
>> 2567 ? Z 0:00 [nmbd] <defunct>
>> 2585 ? Z 0:00 [nmbd] <defunct>
>> 2603 ? Z 0:00 [nmbd] <defunct>
>> 2621 ? Z 0:00 [nmbd] <defunct>
>> 2643 ? Z 0:00 [nmbd] <defunct>
>> 2661 ? Z 0:00 [nmbd] <defunct>
>> 2679 ? Z 0:00 [nmbd] <defunct>
>> 2697 ? Z 0:00 [nmbd] <defunct>
>> 2719 ? Z 0:00 [nmbd] <defunct>
>> 2737 ? Z 0:00 [nmbd] <defunct>
>> 2755 ? Z 0:00 [nmbd] <defunct>
>> 2773 ? Z 0:00 [nmbd] <defunct>
>> 2795 ? Z 0:00 [nmbd] <defunct>
>> 2813 ? Z 0:00 [nmbd] <defunct>
>> 2831 ? Z 0:00 [nmbd] <defunct>
>> 2849 ? Z 0:00 [nmbd] <defunct>
>> 2871 ? Z 0:00 [nmbd] <defunct>
>> 2889 ? Z 0:00 [nmbd] <defunct>
>> 2907 ? Z 0:00 [nmbd] <defunct>
>> 2925 ? Z 0:00 [nmbd] <defunct>
>> 2946 ? Z 0:00 [nmbd] <defunct>
>> 2964 ? Z 0:00 [nmbd] <defunct>
>> 2982 ? Z 0:00 [nmbd] <defunct>
>> 3000 ? Z 0:00 [nmbd] <defunct>
>> 3022 ? Z 0:00 [nmbd] <defunct>
>> 3040 ? Z 0:00 [nmbd] <defunct>
>> 3058 ? Z 0:00 [nmbd] <defunct>
>> 3076 ? Z 0:00 [nmbd] <defunct>
>> 3098 ? Z 0:00 [nmbd] <defunct>
>> 3116 ? Z 0:00 [nmbd] <defunct>
>> 3134 ? Z 0:00 [nmbd] <defunct>
>> 3152 ? Z 0:00 [nmbd] <defunct>
>> 3174 ? Z 0:00 [nmbd] <defunct>
>> 3192 ? Z 0:00 [nmbd] <defunct>
>> 3210 ? Z 0:00 [nmbd] <defunct>
>> 3228 ? Z 0:00 [nmbd] <defunct>
>> 3250 ? Z 0:00 [nmbd] <defunct>
>> 3268 ? Z 0:00 [nmbd] <defunct>
>> 3285 ? Z 0:00 [nmbd] <defunct>
>> 3303 ? Z 0:00 [nmbd] <defunct>
>> 3325 ? Z 0:00 [nmbd] <defunct>
>> 3343 ? Z 0:00 [nmbd] <defunct>
>> 3361 ? Z 0:00 [nmbd] <defunct>
>> 3380 ? Z 0:00 [nmbd] <defunct>
>> 3402 ? Z 0:00 [nmbd] <defunct>
>> 3420 ? Z 0:00 [nmbd] <defunct>
>> 3438 ? Z 0:00 [nmbd] <defunct>
>> 3456 ? Z 0:00 [nmbd] <defunct>
>> 3574 ? Z 0:00 [nmbd] <defunct>
>> 3592 ? Z 0:00 [nmbd] <defunct>
>> 3610 ? Z 0:00 [nmbd] <defunct>
>> 3628 ? Z 0:00 [nmbd] <defunct>
>> 3650 ? Z 0:00 [nmbd] <defunct>
>> 3668 ? Z 0:00 [nmbd] <defunct>
>> 3686 ? Z 0:00 [nmbd] <defunct>
>> 3704 ? Z 0:00 [nmbd] <defunct>
>> 3726 ? Z 0:00 [nmbd] <defunct>
>> 3744 ? Z 0:00 [nmbd] <defunct>
>> 3762 ? Z 0:00 [nmbd] <defunct>
>> 3780 ? Z 0:00 [nmbd] <defunct>
>> 3802 ? Z 0:00 [nmbd] <defunct>
>> 3820 ? Z 0:00 [nmbd] <defunct>
>> 3838 ? Z 0:00 [nmbd] <defunct>
>> 3856 ? Z 0:00 [nmbd] <defunct>
>> 3878 ? Z 0:00 [nmbd] <defunct>
>> 3896 ? Z 0:00 [nmbd] <defunct>
>> 3914 ? Z 0:00 [nmbd] <defunct>
>> 3932 ? Z 0:00 [nmbd] <defunct>
>> 3954 ? Z 0:00 [nmbd] <defunct>
>> 3972 ? Z 0:00 [nmbd] <defunct>
>> 3990 ? Z 0:00 [nmbd] <defunct>
>> 4008 ? Z 0:00 [nmbd] <defunct>
>> 4030 ? Z 0:00 [nmbd] <defunct>
>> 4048 ? Z 0:00 [nmbd] <defunct>
>> 4066 ? Z 0:00 [nmbd] <defunct>
>> 4084 ? Z 0:00 [nmbd] <defunct>
>> 4106 ? Z 0:00 [nmbd] <defunct>
>> 4124 ? Z 0:00 [nmbd] <defunct>
>> 4142 ? Z 0:00 [nmbd] <defunct>
>> 4160 ? Z 0:00 [nmbd] <defunct>
>> 4182 ? Z 0:00 [nmbd] <defunct>
>> 4200 ? Z 0:00 [nmbd] <defunct>
>> 4220 ? Z 0:00 [nmbd] <defunct>
>> 4238 ? Z 0:00 [nmbd] <defunct>
>> 4261 ? Z 0:00 [nmbd] <defunct>
>> 4279 ? Z 0:00 [nmbd] <defunct>
>> 4297 ? Z 0:00 [nmbd] <defunct>
>> 4315 ? Z 0:00 [nmbd] <defunct>
>> 4337 ? Z 0:00 [nmbd] <defunct>
>> 4355 ? Z 0:00 [nmbd] <defunct>
>> 4373 ? Z 0:00 [nmbd] <defunct>
>> 4391 ? Z 0:00 [nmbd] <defunct>
>> 4413 ? Z 0:00 [nmbd] <defunct>
>> 4431 ? Z 0:00 [nmbd] <defunct>
>> 4449 ? Z 0:00 [nmbd] <defunct>
>> 4467 ? Z 0:00 [nmbd] <defunct>
>> 4489 ? Z 0:00 [nmbd] <defunct>
>> 4507 ? Z 0:00 [nmbd] <defunct>
>> 4525 ? Z 0:00 [nmbd] <defunct>
>> 4543 ? Z 0:00 [nmbd] <defunct>
>> 4565 ? Z 0:00 [nmbd] <defunct>
>> 4583 ? Z 0:00 [nmbd] <defunct>
>> 4601 ? Z 0:00 [nmbd] <defunct>
>> 4619 ? Z 0:00 [nmbd] <defunct>
>> 4641 ? Z 0:00 [nmbd] <defunct>
>> 4659 ? Z 0:00 [nmbd] <defunct>
>> 4677 ? Z 0:00 [nmbd] <defunct>
>> 4694 ? Z 0:00 [nmbd] <defunct>
>> 4716 ? Z 0:00 [nmbd] <defunct>
>> 4734 ? Z 0:00 [nmbd] <defunct>
>> 4752 ? Z 0:00 [nmbd] <defunct>
>> 4770 ? Z 0:00 [nmbd] <defunct>
>> 4792 ? Z 0:00 [nmbd] <defunct>
>> 4811 ? Z 0:00 [nmbd] <defunct>
>> 4829 ? Z 0:00 [nmbd] <defunct>
>> 4847 ? Z 0:00 [nmbd] <defunct>
>> 4869 ? Z 0:00 [nmbd] <defunct>
>> 4887 ? Z 0:00 [nmbd] <defunct>
>> 4905 ? Z 0:00 [nmbd] <defunct>
>> 4923 ? Z 0:00 [nmbd] <defunct>
>> 4945 ? Z 0:00 [nmbd] <defunct>
>> 4963 ? Z 0:00 [nmbd] <defunct>
>> 4981 ? Z 0:00 [nmbd] <defunct>
>> 4999 ? Z 0:00 [nmbd] <defunct>
>> 5021 ? Z 0:00 [nmbd] <defunct>
>> 5039 ? Z 0:00 [nmbd] <defunct>
>> 5057 ? Z 0:00 [nmbd] <defunct>
>> 5075 ? Z 0:00 [nmbd] <defunct>
>> 5097 ? Z 0:00 [nmbd] <defunct>
>> 5115 ? Z 0:00 [nmbd] <defunct>
>> 5133 ? Z 0:00 [nmbd] <defunct>
>> 5151 ? Z 0:00 [nmbd] <defunct>
>> 5173 ? Z 0:00 [nmbd] <defunct>
>> 5191 ? Z 0:00 [nmbd] <defunct>
>> 5209 ? Z 0:00 [nmbd] <defunct>
>> 5227 ? Z 0:00 [nmbd] <defunct>
>> 5249 ? Z 0:00 [nmbd] <defunct>
>> 5267 ? Z 0:00 [nmbd] <defunct>
>> 5285 ? Z 0:00 [nmbd] <defunct>
>> 5303 ? Z 0:00 [nmbd] <defunct>
>> 5325 ? Z 0:00 [nmbd] <defunct>
>> 5343 ? Z 0:00 [nmbd] <defunct>
>> 5361 ? Z 0:00 [nmbd] <defunct>
>> 5379 ? Z 0:00 [nmbd] <defunct>
>> 5525 ? Z 0:00 [nmbd] <defunct>
>> 5543 ? Z 0:00 [nmbd] <defunct>
>> 5571 ? Z 0:00 [nmbd] <defunct>
>> 5589 ? Z 0:00 [nmbd] <defunct>
>> 5611 ? Z 0:00 [nmbd] <defunct>
>> 5630 ? Z 0:00 [nmbd] <defunct>
>> 5648 ? Z 0:00 [nmbd] <defunct>
>> 5666 ? Z 0:00 [nmbd] <defunct>
>> 5688 ? Z 0:00 [nmbd] <defunct>
>> 5706 ? Z 0:00 [nmbd] <defunct>
>> 5724 ? Z 0:00 [nmbd] <defunct>
>> 5742 ? Z 0:00 [nmbd] <defunct>
>> 5764 ? Z 0:00 [nmbd] <defunct>
>> 5782 ? Z 0:00 [nmbd] <defunct>
>> 5800 ? Z 0:00 [nmbd] <defunct>
>> 5818 ? Z 0:00 [nmbd] <defunct>
>> 5840 ? Z 0:00 [nmbd] <defunct>
>> 5858 ? Z 0:00 [nmbd] <defunct>
>> 5876 ? Z 0:00 [nmbd] <defunct>
>> 5894 ? Z 0:00 [nmbd] <defunct>
>> 5916 ? Z 0:00 [nmbd] <defunct>
>> 5934 ? Z 0:00 [nmbd] <defunct>
>> 5952 ? Z 0:00 [nmbd] <defunct>
>> 5970 ? Z 0:00 [nmbd] <defunct>
>> 5992 ? Z 0:00 [nmbd] <defunct>
>> 6010 ? Z 0:00 [nmbd] <defunct>
>> 6028 ? Z 0:00 [nmbd] <defunct>
>> 6046 ? Z 0:00 [nmbd] <defunct>
>> 6068 ? Z 0:00 [nmbd] <defunct>
>> 6086 ? Z 0:00 [nmbd] <defunct>
>> 6104 ? Z 0:00 [nmbd] <defunct>
>> 6122 ? Z 0:00 [nmbd] <defunct>
>> 6144 ? Z 0:00 [nmbd] <defunct>
>> 6161 ? Z 0:00 [nmbd] <defunct>
>> 6179 ? Z 0:00 [nmbd] <defunct>
>> 6197 ? Z 0:00 [nmbd] <defunct>
>> 6219 ? Z 0:00 [nmbd] <defunct>
>> 6238 ? Z 0:00 [nmbd] <defunct>
>> 6256 ? Z 0:00 [nmbd] <defunct>
>> 6274 ? Z 0:00 [nmbd] <defunct>
>> 6296 ? Z 0:00 [nmbd] <defunct>
>> 6314 ? Z 0:00 [nmbd] <defunct>
>> 6332 ? Z 0:00 [nmbd] <defunct>
>> 6350 ? Z 0:00 [nmbd] <defunct>
>> 6372 ? Z 0:00 [nmbd] <defunct>
>> 6390 ? Z 0:00 [nmbd] <defunct>
>> 6408 ? Z 0:00 [nmbd] <defunct>
>> 6426 ? Z 0:00 [nmbd] <defunct>
>> 6448 ? Z 0:00 [nmbd] <defunct>
>> 6466 ? Z 0:00 [nmbd] <defunct>
>> 6484 ? Z 0:00 [nmbd] <defunct>
>> 6502 ? Z 0:00 [nmbd] <defunct>
>> 6524 ? Z 0:00 [nmbd] <defunct>
>> 6542 ? Z 0:00 [nmbd] <defunct>
>> 6560 ? Z 0:00 [nmbd] <defunct>
>> 6578 ? Z 0:00 [nmbd] <defunct>
>> 6600 ? Z 0:00 [nmbd] <defunct>
>> 6618 ? Z 0:00 [nmbd] <defunct>
>> 6636 ? Z 0:00 [nmbd] <defunct>
>> 6654 ? Z 0:00 [nmbd] <defunct>
>> 6676 ? Z 0:00 [nmbd] <defunct>
>> 6694 ? Z 0:00 [nmbd] <defunct>
>> 6712 ? Z 0:00 [nmbd] <defunct>
>> 6730 ? Z 0:00 [nmbd] <defunct>
>> 6752 ? Z 0:00 [nmbd] <defunct>
>> 6770 ? Z 0:00 [nmbd] <defunct>
>> 6789 ? Z 0:00 [nmbd] <defunct>
>> 6807 ? Z 0:00 [nmbd] <defunct>
>> 6829 ? Z 0:00 [nmbd] <defunct>
>> 6847 ? Z 0:00 [nmbd] <defunct>
>> 6852 ? S 0:01 [kworker/0:0]
>> 6867 ? Z 0:00 [nmbd] <defunct>
>> 6885 ? Z 0:00 [nmbd] <defunct>
>> 6906 ? Z 0:00 [nmbd] <defunct>
>> 6924 ? Z 0:00 [nmbd] <defunct>
>> 6942 ? Z 0:00 [nmbd] <defunct>
>> 6960 ? Z 0:00 [nmbd] <defunct>
>> 6982 ? Z 0:00 [nmbd] <defunct>
>> 7000 ? Z 0:00 [nmbd] <defunct>
>> 7018 ? Z 0:00 [nmbd] <defunct>
>> 7036 ? Z 0:00 [nmbd] <defunct>
>> 7058 ? Z 0:00 [nmbd] <defunct>
>> 7076 ? Z 0:00 [nmbd] <defunct>
>> 7094 ? Z 0:00 [nmbd] <defunct>
>> 7112 ? Z 0:00 [nmbd] <defunct>
>> 7134 ? Z 0:00 [nmbd] <defunct>
>> 7152 ? Z 0:00 [nmbd] <defunct>
>> 7170 ? Z 0:00 [nmbd] <defunct>
>> 7188 ? Z 0:00 [nmbd] <defunct>
>> 7210 ? Z 0:00 [nmbd] <defunct>
>> 7228 ? Z 0:00 [nmbd] <defunct>
>> 7246 ? Z 0:00 [nmbd] <defunct>
>> 7264 ? Z 0:00 [nmbd] <defunct>
>> 7286 ? Z 0:00 [nmbd] <defunct>
>> 7304 ? Z 0:00 [nmbd] <defunct>
>> 7322 ? Z 0:00 [nmbd] <defunct>
>> 7340 ? Z 0:00 [nmbd] <defunct>
>> 7458 ? Z 0:00 [nmbd] <defunct>
>> 7476 ? Z 0:00 [nmbd] <defunct>
>> 7494 ? Z 0:00 [nmbd] <defunct>
>> 7512 ? Z 0:00 [nmbd] <defunct>
>> 7534 ? Z 0:00 [nmbd] <defunct>
>> 7552 ? Z 0:00 [nmbd] <defunct>
>> 7569 ? Z 0:00 [nmbd] <defunct>
>> 7587 ? Z 0:00 [nmbd] <defunct>
>> 7609 ? Z 0:00 [nmbd] <defunct>
>> 7627 ? Z 0:00 [nmbd] <defunct>
>> 7645 ? Z 0:00 [nmbd] <defunct>
>> 7665 ? Z 0:00 [nmbd] <defunct>
>> 7676 ? S 0:00 [kworker/0:2]
>> 7687 ? Z 0:00 [nmbd] <defunct>
>> 7697 ? Ss 0:00 sshd: root at pts/0
>> 7699 pts/0 Ss 0:00 -bash
>> 7711 ? S 0:00 [kworker/0:1]
>> 7718 ? S 0:00 [flush-202:16]
>> 7721 pts/0 R+ 0:00 ps x
>>
>> On 07/28/2014 09:18 AM, Ryan Ashley wrote:
>>> I have never even played with apparmor. I do my Debian installs
>>> using a net CD and doing the expert 64bit install. I disable
>>> recommended and suggested packages and install only exactly what I
>>> need, so I do not have apparmor or selinux. Good thought though. I
>>> also tried disabling the firewall on a test PC and still no go. This
>>> has NEVER happened before so I am lost.
>>>
>>> So where else should I look? The system in question is a domain
>>> member server, can resolve users and groups, and can set ACLs with
>>> user and groups from AD. It is simply denying access to group
>>> members of said shares.
>>>
>>> On 07/28/2014 05:02 AM, Rowland Penny wrote:
>>>> On 27/07/14 16:28, Ryan Ashley wrote:
>>>>> I understand and I should have stated more clearly that I have
>>>>> been going through those results for over a week now. Nothing
>>>>> seems to help. Funny thing is that creating a second virtual
>>>>> file-server and using share authentication works fine. Yet another
>>>>> reason I am leaning towards group issues. If the file-server is
>>>>> share-level the Windows 7 boxes are happy. As soon as it goes AD
>>>>> and uses AD groups, they stop working. I have not tried user-level
>>>>> security yet. Then again I may have user-level and share-level
>>>>> confused. It has been a long week. I will keep searching but so
>>>>> far nothing I have found and tried works.
>>>>>
>>>>> Is there a way to get an actual reason for the denial? If it
>>>>> flat-out told me a reason I could troubleshoot. Right now I am
>>>>> just shooting in random directions hoping to hit something since
>>>>> all I get is "Access Denied". Is it possible to see is S4 is
>>>>> denying the connection via a log or something, or if Windows 7 is
>>>>> being stupid... again?
>>>>>
>>>>> On 7/27/2014 10:57 AM, Rowland Penny wrote:
>>>>>> On 27/07/14 15:15, Ryan Ashley wrote:
>>>>>>> That solution is for Windows 8. That also is not our issue. The
>>>>>>> WIndows 7 Pro 64bit workstations see the server and shares, and
>>>>>>> they map the shares according to group policy, but then
>>>>>>> everybody gets access denied, despite being in the domain groups
>>>>>>> for which the shares were created. Funny thing is that if I
>>>>>>> logon as domain admin, I get to access the shares. Due to this,
>>>>>>> I fully believe the S4 server is ignoring or not accounting for
>>>>>>> group membership. The "reachfp" account is the domain admin.
>>>>>>> This is also the default owner of files on the shares. The group
>>>>>>> "administration" contains many members and does not grant
>>>>>>> access, despite the group being granted full control. This lead
>>>>>>> e into believing I am still dealing with a permissions issue and
>>>>>>> not another issue. If it was the other issue, I would assume
>>>>>>> domain admin could not see the share or access it. Is that about
>>>>>>> right?
>>>>>>>
>>>>>>>
>>>>>> You are missing the point, I probably could have chosen a better
>>>>>> target but I only spent about 30secs on the search:
>>>>>>
>>>>>> windows 7 64 bit access denied samba
>>>>>>
>>>>>> This returns About 116,000 results, here's another one:
>>>>>>
>>>>>> http://www.sevenforums.com/network-sharing/242602-can-t-connect-samba-share-win-7-ultimate-64-bit.html
>>>>>>
>>>>>>
>>>>>> Try looking into this before dismissing it out of hand and
>>>>>> insisting that samba is the problem.
>>>>>>
>>>>>> Rowland
>>>>>
>>>> OK, after more thought and re-reading your posts, a thought has
>>>> popped into my head, apparmor, do you have this running on the
>>>> server ?
>>>> I have been caught out by this a few times, not being allowed to do
>>>> things that I thought I should be able to do, or packages not
>>>> running correctly because they were not allowed access, in every
>>>> case it was apparmor. As I could never get apparmor to play ball
>>>> with me (I thought that I had found all rights that needed modding
>>>> and then another one would pop its head up and what is in the logs
>>>> bares no resemblance to what you need to put in the conf file), I
>>>> now disable apparmor straight after installing a new system.
>>>>
>>>> Rowland
>>>>
>>>
>>
> Somebody else reported this problem, he went to 4.1.8 and the zombie
> nmbd problem went away, if you upgrade to the latest samba4 you may
> hit two birds with one stone, the nmbd problem and your group problem ;-)
>
> Rowland
More information about the samba
mailing list