Access Denied using samba 3.0.4 and Solaris 5.10 i386

Wed Sep 28 18:36:00 GMT 2005

Access Denied using samba 3.0.4 and Solaris 5.10 i386

I have some samba machines running freebsd without problems, two running
Solaris and one Win NT 4 server on the same LAN.
The Solaris was done over two PC machines one a no brand Pentium III (only
for testing) and Other a HP Proliant, for production.

The server that has the problem is an HP Proliant ML110 G2 Tower P3.2Ghz Hot
Plug SATA with RAID SATA controller and two *) GB SATA disks (The production
one).
The Operating system is a Solaris, SunOS, Release = 5.10, KernelID =
Generic, Machine = i86pc.
Samba 3.0.4 (The version that Solaris distributes in their software comanion
cd).

The clients are Windows 2000 and some win 95/98, all can logon to all
servers.
The win95/98 has not problems (We use some administrative software that run
over DOS).
All clients can use the samba shares, upload and download files, create
directories, etc, not is a permanent problem.

After a period of time "some" Win 2000 clients have problems using the
shares at the HP server, the error message is Access Denied
But there are two simtoms:

1) You see the shares, you see the disk (for example M:) but you can't see
the content, the disk don't appear as disconnected.
If you deletes the share (net use j:/delete) and reconnects if (net use j:
\\server\share) the problem persists.
2) You can see and use the shares, you can access they using Windows, but
not using DOS. It gives an "Access denied Error".

The only way to fix the situation is closing the current session and open a
new one. Then you can access the shares without problems.

I detect that all windows 2000 machines logs first as the username/password
scheme, then after a period of time changes to the guest account.

I change the default autodisconnect time for windows 2000 clients from 10
minutes to 10 hours with (net config server /autodisconnect:600), this not
fix the problem.

Anybody has an idea about how to fix this problem ?

Please take in care that is not the first time that I use samba, and I
search the web and this list for a solution before post this note.

Very thanks In Advance!!

PD, Samba Configuration and log files.

# Samba config file created using SWAT
# from 10.0.0.10 <http://10.0.0.10> (10.0.0.10 <http://10.0.0.10>)
# Date: 2005/08/30 15:37:38

# Global parameters
[global]
workgroup = SAMBA
netbios name = SAMBA
netbios aliases = SAMBA
server string = Server
interfaces = 127.0.0.1/32 <http://127.0.0.1/32>,
192.168.32.1/24<http://192.168.32.1/24>
bind interfaces only = Yes
min passwd length = 6
guest account = validguest
passwd program = /usr/bin/passwd
log file = /var/log/samba/log.%U
max log size = 50
time server = Yes
socket options = SO_KEEPALIVE SO_BROADCAST TCP_NODELAY SO_RCVBUF=4096
SO_SNDBUF=4096
load printers = No
logon script = %U.bat
logon path = \\%N\Profiles\%U
domain logons = Yes
os level = 65
preferred master = Yes
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/sh
winbind cache time = 10
valid users = <at> staff
admin users = root
read list = <at> staff
write list = <at> staff
printer admin = <at> staff
create mask = 0764
security mask = 0775
hosts allow = 127., 192.168.

[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
browseable = No
locking = No

[profiles]
comment = User's Profiles
path = /usr/local/samba/profiles
read only = No
browseable = No

[data]
comment = datos
path = /export/home/data
read list =
read only = No
create mask = 0664
directory mask = 0775

Username = lionel

User log log.lionel

[2005/08/22 13:43:55, 1] smbd/service.c:(619)
pclionel (10.0.0.10 <http://10.0.0.10>) connect to service data initially as
user lionel (uid=0,
gid=10) (pid 956)
[2005/08/22 13:44:36, 1] auth/auth_util.c:(822)
User noacces in passdb, but getpwnam() fails!
[2005/08/22 13:44:36, 1] smbd/service.c:(619)
pclionel (10.0.0.10 <http://10.0.0.10>) connect to service data initially as
user lionel (uid=0,
gid=10) (pid 956)
[2005/08/22 13:47:53, 1] auth/auth_util.c:(822)
User noacces in passdb, but getpwnam() fails!
[2005/08/22 13:58:20, 1] smbd/service.c:(801)
pclionel (10.0.0.10 <http://10.0.0.10>) closed connection to service data

After creating a valid Guest account validguest (I add some lines, not the
full
log) :

[2005/08/29 17:48:20, 10] lib/username.c:(530)
user_in_list: checking user |lionel| against | <at> staff|

========================

[2005/08/29 17:48:20, 6] param/loadparm.c:(2665)
lp_file_list_changed()
file /etc/sfw/smb.conf -> /etc/sfw/smb.conf last mod_time: Mon Aug 29
17:28:09 2005

[2005/08/29 17:48:20, 10] lib/username.c:(526)
user_in_list: checking user lionel in list
[2005/08/29 17:48:20, 10] lib/username.c:(530)
user_in_list: checking user |lionel| against | <at> staff|
[2005/08/29 17:48:20, 5] lib/username.c:(315)
Unable to get default yp domain
[2005/08/29 17:48:20, 5] lib/username.c:(293)
Finding user lionel
[2005/08/29 17:48:20, 5] lib/username.c:(223)
Trying _Get_Pwnam(), username as lowercase is lionel
[2005/08/29 17:48:20, 5] lib/username.c:(251)
Get_Pwnam_internals did find user [lionel]!

[2005/08/29 17:48:20, 5] auth/auth_util.c:(505)
UNIX token of user 102
Primary group is 10 and contains 2 supplementary groups
Group[ 0]: 10
Group[ 1]: 100
[2005/08/29 17:48:20, 5] smbd/uid.c:(267)
change_to_user uid=(0,102) gid=(0,10)
[2005/08/29 17:48:20, 1] smbd/service.c:(619)
pc-lionel (10.0.0.10 <http://10.0.0.10>) connect to service datos initially
as user lionel
(uid=102, gid=10) (pid 4090)

[2005/08/29 17:48:21, 3] smbd/sesssetup.c:(529)
Doing spnego session setup
[2005/08/29 17:48:21, 3] smbd/sesssetup.c:(560)
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2005/08/29 17:48:21, 3] libsmb/ntlmssp.c:(615)
Got user=[] domain=[] workstation=[PC-LIONEL] len1=1 len2=0
[2005/08/29 17:48:21, 6] param/loadparm.c:(2665)
lp_file_list_changed()
file /etc/sfw/smb.conf -> /etc/sfw/smb.conf last mod_time: Mon Aug 29
17:28:09 2005

[2005/08/29 17:48:21, 5] auth/auth_util.c:(225)
make_user_info_map: Mapping user []\[] from workstation [PC-LIONEL]

[2005/08/29 17:48:21, 3] auth/auth.c:(219)
check_ntlm_password: Checking password for unmapped user []\[] <at>
[PC-LIONEL]
with the new password interface
[2005/08/29 17:48:21, 3] auth/auth.c:(222)
check_ntlm_password: mapped user is: [PHTEST]\[] <at> [PC-LIONEL]
[2005/08/29 17:48:21, 10] auth/auth.c:(231)
check_ntlm_password: auth_context challenge created by random
[2005/08/29 17:48:21, 10] auth/auth.c:(233)
challenge is: