[Samba] RC4 valid users problem

Vincent.Badier at alcatel.fr Vincent.Badier at alcatel.fr
Tue Sep 16 13:14:22 GMT 2003


First, many thanks for all who have already help me.

I finally success to connect to a share from another computer after
searching a lot. Arg isn't this marvellous? ;-)

However, i succeed this while removing my account from the valid user in
the share declaration.
In the following example, authentification for mylogon success in both
case. But i can only connect on myshare, while having a
NT_STATUS_ACCESS_DENIED in the other case (secondshare).

I hope i didn't made any trivial mistake, if so let me know please. In
other case, any help or idea would be great

Vincent.
 PS : the windind separator warn about possible problem. Which would be the
best one to allow recursive search in group membership (ie user in one
group which is part of another, and this another declared in the share
declaration?)

# /usr/local/samba/bin/testparm /usr/local/samba/etc/samba/smb.conf
Load smb config files from /usr/local/samba/etc/samba/smb.conf
Processing section "[myshare]"
Processing section "[secondshare]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

# Global parameters
[global]
        workgroup = MYAD
        realm = MYAD.AD.MYDOMAIN.COM
        netbios name = servername
        server string = %h server (Samba %v)
        security = ADS
        update encrypted = Yes
        password server = ip.of.my.dc
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        client lanman auth = No
        client plaintext auth = No
        log level = 3 passdb:5 auth:10 winbind:2
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 8000
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        wins server = ip.of.my.dc
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = +
        invalid users = root

[myshare]
        path = /mnt/share
        read only = No

[secondshare]
        path = /mnt/share
        valid users = MYAD+mylogon
        read only = No

What i tried :

wks01:/home# smbclient //172.26.123.121/myshare -U mylogon -W MYAD
Password:
smb: \> quit
wks01:/home# smbclient //172.26.123.121/masters -U mylogon -W MYAD
Password:
tree connect failed: NT_STATUS_ACCESS_DENIED





More information about the samba mailing list