[Samba] Network_access_denied and no group in domain

Bill Ing wing at ingmedia.com
Sun Feb 22 06:19:47 GMT 2004 

Was: RE: [Samba] samba 3.0 and freebsd 5.1

Hi Aaron,

I deinstalled the 3.0.1 port and got the source tarball for 3.0.2a and
installed from there.  I also swapped out 3.0.1 for 3.0.2 on the domain
controller when I discovered the second problem.

I can now use smbclient to log into a file share on the member server,
giving an " smb: \> " prompt but doing ls gives an error of:

"NT_STATUS_NETWORK_ACCESS_DENIED listing \*"

The Windows machine pops up an error that the directory is not
accessible when clicking on it.

This happens if I specify in smb.conf, valid users = specific user names
on the domain controller.

Does this have anything to do with the unix group ownership on the share
folders?

The new problem.... if I list @unixgroup or +unixgroup in the member
server's smb.conf, winbind apparently looks it up and reports no such
group in the domain.

Nsswitch.com lists a " group: files winbind ".

Here is the log from winbind when trying to access a folder set with an
@group as valid user.

********************************
[2004/02/22 00:49:59, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [19643]: request interface version
[2004/02/22 00:49:59, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [19643]: request location of privileged pipe
[2004/02/22 00:49:59, 3] nsswitch/winbindd_misc.c:winbindd_ping(238)
  [19643]: ping
[2004/02/22 00:49:59, 3]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(291)
  [19643]: pam auth crap domain: DOM user: bill
[2004/02/22 00:49:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(122)
  [19643]: getpwnam admin'\'bill
[2004/02/22 00:49:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(122)
  [19643]: getpwnam ADMIN'\'bill
[2004/02/22 00:49:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(122)
  [19643]: getpwnam ADMIN'\'BILL
[2004/02/22 00:49:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(122)
  [19643]: getpwnam bill
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(290)
  rpc: name_to_sid name=bill
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(299)
  name_to_sid [rpc] bill for domain DOM
[2004/02/22 00:49:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(122)
  [19643]: getpwnam bill
[2004/02/22 00:49:59, 3]
nsswitch/winbindd_sid.c:winbindd_gid_to_sid(385)
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(290)
  [19643]: gid to sid 10004
  rpc: name_to_sid name=bill
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(299)
  name_to_sid [rpc] bill for domain DOM
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:query_user(382)
  rpc: query_user rid=S-1-5-21-3648978000-1548753113-311820641-3002
[2004/02/22 00:49:59, 3]
nsswitch/winbindd_group.c:winbindd_getgrnam(232)
  [19643]: getgrnam ntadmin
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(290)
  rpc: name_to_sid name=ntadmin
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(299)
  name_to_sid [rpc] ntadmin for domain DOM
[2004/02/22 00:49:59, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(283)
  group ntadmin in domain DOM does not exist
[2004/02/22 00:49:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(122)
  [19643]: getpwnam bill
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(290)
  rpc: name_to_sid name=bill
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(299)
  name_to_sid [rpc] bill for domain DOM
[2004/02/22 00:49:59, 3]
nsswitch/winbindd_group.c:winbindd_getgrnam(232)
  [19643]: getgrnam ntadmin
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(290)
  rpc: name_to_sid name=ntadmin
[2004/02/22 00:49:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(299)
  name_to_sid [rpc] ntadmin for domain DOM
[2004/02/22 00:49:59, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(283)
  group ntadmin in domain DOM does not exist

******************************************


> -----Original Message-----
> From: Aaron Collins [mailto:hellfire at fastq.com]
> Sent: February 21, 2004 7:40 PM
> To: 'Bill Ing'
> Subject: RE: [Samba] samba 3.0 and freebsd 5.1
>
>
> Actually, I wrote the fix for this area, I then submitted my
> code and it's part of the samba 3.0.1 and higher.  If you
> follow my howto and are still lost, let me know, you may be
> using a 3.0.1-pre version where they broke my code importing it.
>
http://hellfire.homeunix.net:81/Docs/Configuring%20FreeBSD%205.htm

-Singned,
Aaron Collins

-----Original Message-----
From: samba-bounces+hellfire=fastq.com at lists.samba.org
[mailto:samba-bounces+hellfire=fastq.com at lists.samba.org] On Behalf Of
Bill Ing
Sent: Saturday, February 21, 2004 10:49 AM
To: samba at lists.samba.org
Subject: [Samba] samba 3.0 and freebsd 5.1

Hi Aaron,

I found your message in lists.samba.org and didn't notice anyone had
replied to it.

Just wondering if you were able to figure things out and how you went
about doing it.

...or did you upgrade to samba 3.0.2 for the bsd nsswitch fix?

Cheers


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list