[Samba] Authenticates right on AD server, but still no access...

Anders Berg andersb at vg.no
Thu May 6 15:39:50 GMT 2004 

I have a linux (redhat 8.0) samba server that is a part of a Windows ADS.
I have gotten user authentication to work fine (I THINK), but still I have 
some problems with access to share.

The strange thing is that I can access the share from smbclient (on the 
linux server:

#smbclient -d4 //Bones/share -U foo

where user foo has no user on the linux box itself, so the authentication 
is done on/with the ADS server. Cut from log:

[2004/05/06 16:23:12, 1] smbd/service.c:make_connection_snum(619)
bones (10.221.32.80) connect to service vgdesk initially as user FIRM+foo 
(uid=15006, gid=15000) (pid 5811)

And I can access the share from a windows XP computer where I have logged 
in on the XP machine locally first, then accessed the share with 
authentication (user foo). Then like the linux client test, I am all good. 
Cut from log:

[2004/05/06 16:04:29, 1] smbd/service.c:make_connection_snum(619)
hoth3 (10.221.32.20) connect to service vgdesk initially as user FIRM+foo 
(uid=15006, gid=15000) (pid 5512)

But then I try accessing the share from a windows XP computer where I have 
logged in from the start (the machine is in the ADS domain) as an ADS user 
(foo). When I then try to access the share it does not ask me for 
authentication (which is shouldn't) but it does not give me any access to 
the share. There is only an error message (No need to tell you exactly what 
is says, since It is a non-english Windows OS), that tells me I do not have 
access to the share. If I right click the share it tells me under 
properties that I (foo) have no rights at all on the folder (and this I had 
on the examples over). Strange part is that it seems like it has 
autenticated alright to... Cut from log:

[2004/05/06 16:17:00, 1] smbd/service.c:make_connection_snum(619)
vg-andersb (10.221.75.121) connect to service vgdesk initially as user 
FIRM+foo (uid=15006, gid=15000) (pid 5749)

So as you can see it looks like it has authenticated alright, but still no 
access to the same folder I have access to from 2 other machines. FYI: 
There is no TCP wrapper that blocks that machine (10.221.75.121) or anything.

Here is the smb.conf file (foo is in VGMM group, ADS server = 10.221.1.202):

[global]
workgroup = FIRM
server string = Bones
security = ads
encrypt passwords = yes
realm = FIRM.LOCAL
#auth methods = sam, winbind
password server = 10.221.1.202
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
local master = No
wins server = pluto
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
use sendfile = Yes

[vgdesk]
path = /samba/shared/vgdesk
valid users = @VGMM
write list = @VGMM
read only = No
create mask = 0664
directory mask = 0775
inherit permissions = Yes
hide unreadable = Yes
writeable = yes

Samba version: 3.0.3

Anybody have a clue?

YS
TheBog



*****************************************************************
Denne fotnoten bekrefter at denne e-postmeldingen ble
skannet av MailSweeper og funnet fri for virus.
*****************************************************************
This footnote confirms that this email message has been swept by
MailSweeper for the presence of computer viruses.
*****************************************************************

More information about the samba mailing list