[Samba] Samba Shares Still Not Quite

[E Hines]

I've still not quite got things right.  I'm running FC3 with Samba v
3.0.14a, and I'm trying to implement Example 2.4 from JHT's 2004 ed. of
Samba-3 by Example.  I have lserver1 as my Linux box and jupiter (user
annlee) and mustelidae (ehines) as Win2k boxes.  ehines has access to
his share (path /archive/ehines (/archive/%U in smb.conf)), but annlee
does not to her share (/archive/annlee).  If I add annlee as a valid
user to master, though, she does have access.  Without annlee as a valid
user of share master, then when she tries to access her share from
jupiter, she gets a dialog box inviting her to log in, and this fails
("Incorrect password or unknown user name").  Both user annlee and her
UNIX password exist identically in smbpasswd and passwd--I was most
careful about this, and she gets in without being invited to log in when
annlee is a valid user of master.  Further, when she gets the login
failure and ehines attempts to login with his password, he gets,
correctly, an access denied message.  The problem with this last is that
whenever annlee attempts to get into her share anytime after ehines'
failed login, she gets the access denied message directly, without even
the intervening login dialog.  jupiter must be rebooted to clear this.

I've run the diagnostics, et al., from the Terpstra and Vernooij Samba
HOWTO book with the following results:
    nmbd, smbd, and winbindd are all running, and all the nmblookups
work correctly (per the Samba Checklist).
    getent passwd ehines (or annlee) work correctly.
    testparm says my smb.conf is syntactically correct.
    the logs don't indicate any error that I can recognize with my
neophyte eyes (log.smbd does say that, as lserver1 booted up
nsswitch/winbindd had a missing/invalid idmap uid range and winbidd
exited, but this seems to have cleared, as winbindd is running under two
processes per ps; nsswitch/winbindd couldn't init idmap and did a
netlogon proxy only; and nsswitch/winbindd could not fetch the sid for
the domain ASTRA_ENT (the name of the workgroup of this little LAN and
the name entered into smb.conf).  And log.smbd immediately after the
above shows jupiter connecting to service master as annlee (those times
after when I had user annlee as a valid user of master).  this log,
however, is silent on the failed attempts when annlee was not a valid
user of master.  log.winbindd shows no errors at all, including, in
particular the errors mentioned above in log.smbd.  The time stamp on
winbindd's successful start is the same as that for the above errors.
It would seem that the above errors are normal start-up errors that get
cleared as enough "stuff" comes up that winbindd can, in fact, effect a
normal start.
    smbclient //lserver1/master works for both users ehines and annlee;
however, smbclient //lserver1/files and
smbclient //lserver1/master/files both fail with "tree connect failed:
NT_STATUS_ACCESS_DENIED" and "tree connect failed:
NT_STATUS_BAD_NETWORK_NAME" errors, respectively.  I don't have mixed
case passwords, I have run smbpasswd -s username (and correctly), and,
as I said above, testparm checks smb.conf OK.  I'm using shadow
passwords on the UNIX side, but I believe this is operating correctly in
smbd as annlee is able to get into her share (under master--nobody can
get into files, for some reason) when she's a valid user of master.  The
valid users config is set up correctly as far as I can tell--it matches
the example--it at least seems "partially correct" as, again, when she's
a valid user of master, she can get into her share OK.
    net view works from both PCs, as does net use \\lserver1\master.
However, when I try ...\files or ...\master\files, I get access denied
(for any user) and network path not found, respectively.
    I've run ethereal to capture the two PCs booting up and joining the
network after lserver1 has already been up, and a network engineer sees
nothing untoward in the capture and no essential differences between
mustelidae and jupiter as they join the network.

The essential parts of my smb.conf follow.  I apologize for the long
post.

Eric Hines

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/04/30 10:18:53

# Global parameters
[global]
        workgroup = ASTRA_ENT
        log file = /var/log/samba/log.smbd
        max log size = 500
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        show add printer wizard = No
        ldap ssl = no

[files]
        comment = The actual backups
        path = /archive/%U
        valid users = %S
        read only = No

[master]
        comment = Master work area
        path = /archive
        valid users = ehines, annlee
        read only = No