[Samba] Win2K unable to connect to 3.0.1 shares
Brian Spiegel
BSpiegel at Matchnet.com
Thu Dec 18 02:58:31 GMT 2003
I've been having an issue that's been discussed at some length here on the
list, but I haven't found a definitive solution to it. The problem is the
Win2k connection failing when attempting to connect to Samba 3.0.1 shares in
a Win2k3 Active Directory domain.
I've installed MIT-Kerberos 1.3.1 and done all the configuration. I'm
running winbindd. The following commands work fine from the Samba server:
wbinfo -u
wbinfo -g
getent -u
getent -g
smbclient -L winserver -k
smbclient //winserver/share -k
However, Win2k clients prompt for password when attempting to connect to the
share with netbios name. Using the IP address of the Samba server allows
viewing of the shares, but I get the following in log.smb when I attempt to
access the shares:
[2003/12/17 16:34:59, 3] smbd/service.c:make_connection_snum(543)
Connect path is '/home/bspiegel/samba_setup/' for service [Samba]
[2003/12/17 16:34:59, 3] lib/util_seaccess.c:se_access_check(251)
[2003/12/17 16:34:59, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1699881384-1462387219-1540833222-7294
...
se_access_check: also S-1-5-21-1699881384-1462387219-1540833222-2102
[2003/12/17 16:34:59, 3] smbd/vfs.c:vfs_init_default(201)
Initialising default vfs hooks
[2003/12/17 16:34:59, 3] lib/util_seaccess.c:se_access_check(251)
[2003/12/17 16:34:59, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1699881384-1462387219-1540833222-7294
...
se_access_check: also S-1-5-21-1699881384-1462387219-1540833222-2102
[2003/12/17 16:34:59, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (10000, 10000) - sec_ctx_stack_ndx = 0
[2003/12/17 16:34:59, 0] smbd/service.c:make_connection_snum(677)
'/home/bspiegel/samba_setup/' does not exist or is not a directory, when
connecting to [Samba]
See below for how I've got my shares setup in smb.conf (you can find full
versions of my configs at the bottom of this email):
A pop-up window indicates the following error:
\\<ipaddr>\Samba is not accessible.
The network name cannot be found.
The path has full permissions (chmod 0777) in the filesystem and still no
dice. I know some of you have been able to view and access shares through
the IP address even though you cannot through the netbios name. Do any of
you have any idea why my shares are inaccessible even though I've enabled
every access option I can think of?
The full smb.conf and krb5.conf files:
smb.conf:
[global]
log level = 3
server string = [Samba Server %v]
workgroup = FOO
security = ADS
realm = FOO.COM
local master = no
domain master = no
preferred master = no
os level = 0
idmap uid = 10000-20000
idmap gid = 10000-20000
[Samba]
comment = Samba Configuration and Setup
path = /home/bspiegel/samba_setup/
read only = no
browsable = yes
writable = yes
guest ok = yes
[test]
comment = Samba functionality test directory
path = /home/bspiegel/test/
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FOO.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
FOO.COM = {
kdc = bhdc01.foo.com:88
admin_server = bhdc01.foo.com:749
default_domain = foo.com
}
[domain_realm]
.foo.com = foo.COM
foo.com = foo.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
More information about the samba
mailing list