[Samba] Access Denied using samba 3.0.4 and Solaris 5.10 i386

Hector Lopez hjl4samba at gmail.com
Thu Sep 1 22:27:54 GMT 2005 

Access Denied using samba 3.0.4 and Solaris 5.10 i386

I have some samba machines running freebsd without problems, two running 
Solaris and one Win NT 4 server on the same LAN.
The Solaris was done over two PC machines one a no brand Pentium III (only for 
testing)  and Other a HP Proliant, for production.

The server that has the problem is an HP Proliant ML110 G2 Tower P3.2Ghz Hot 
Plug SATA with RAID SATA controller and two *) GB SATA disks (The production 
one).
The Operating system is a Solaris, SunOS, Release = 5.10, KernelID = Generic, 
Machine = i86pc.
Samba 3.0.4 (The version that Solaris distributes in their software comanion 
cd).

The clients are Windows 2000 and some win 95/98, all can logon to all servers.
The win95/98 has not problems (We use some administrative software that run 
over DOS).
All clients can use the samba shares, upload and download files, create 
directories, etc, not is a permanent problem.

After a period of time "some" Win 2000 clients have problems using the shares 
at the HP server, the error message is Access Denied
But there are two simtoms:

1) You see the shares, you see the disk (for example M:) but you can't see the 
content, the disk don't appear as disconnected.
If you deletes the share (net use j:/delete) and reconnects if (net use j: 
\\server\share) the problem persists.
2) You can see and use the shares, you can access they using Windows, but not 
using DOS. It gives an "Access denied Error".

The only way to fix the situation is closing the current session and open a new 
one. Then you can access the shares without problems.

I detect that all windows 2000 machines logs first as the username/password 
scheme, then after a period of time changes to the guest account.

I change the default autodisconnect time for windows 2000 clients from 10 
minutes to 10 hours with (net config server /autodisconnect:600), this not fix 
the problem.

Anybody has an idea about how to fix this problem ? 

Please take in care that is not the first time that I use samba, and I search 
the web and this list for a solution before post this note.

Very thanks In Advance!!


PD, Samba Configuration and log files.



# Samba config file created using SWAT
# from 10.0.0.10 (10.0.0.10)
# Date: 2005/08/30 15:37:38

# Global parameters
[global]
	workgroup = SAMBA
	netbios name = SAMBA
	netbios aliases = SAMBA
	server string = Server
	interfaces = 127.0.0.1/32, 192.168.32.1/24
	bind interfaces only = Yes
	min passwd length = 6
	guest account = validguest
	passwd program = /usr/bin/passwd
	log file = /var/log/samba/log.%U
	max log size = 50
	time server = Yes
	socket options = SO_KEEPALIVE  SO_BROADCAST TCP_NODELAY SO_RCVBUF=4096 
SO_SNDBUF=4096
	load printers = No
	logon script = %U.bat
	logon path = \\%N\Profiles\%U
	domain logons = Yes
	os level = 65
	preferred master = Yes
	ldap ssl = no
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template shell = /bin/sh
	winbind cache time = 10
	valid users = @staff
	admin users = root 
	read list = @staff
	write list = @staff
	printer admin = @staff
	create mask = 0764
	security mask = 0775
	hosts allow = 127., 192.168.

[netlogon]
	comment = Network Logon Service
	path = /usr/local/samba/lib/netlogon
	browseable = No
	locking = No

[profiles]
	comment = User's Profiles
	path = /usr/local/samba/profiles
	read only = No
	browseable = No

[data]
	comment = datos
	path = /export/home/data
	read list = 
	read only = No
	create mask = 0664
	directory mask = 0775


Username = lionel

User log log.lionel

[2005/08/22 13:43:55, 1] smbd/service.c:(619)
  pclionel (10.0.0.10) connect to service data initially as user lionel (uid=0, 
gid=10) (pid 956)
[2005/08/22 13:44:36, 1] auth/auth_util.c:(822)
  User noacces in passdb, but getpwnam() fails!
[2005/08/22 13:44:36, 1] smbd/service.c:(619)
  pclionel (10.0.0.10) connect to service data initially as user lionel (uid=0, 
gid=10) (pid 956)
[2005/08/22 13:47:53, 1] auth/auth_util.c:(822)
  User noacces in passdb, but getpwnam() fails!
[2005/08/22 13:58:20, 1] smbd/service.c:(801)
  pclionel (10.0.0.10) closed connection to service data


After creating a valid Guest account validguest (I add some lines, not the full 
log) :

[2005/08/29 17:48:20, 10] lib/username.c:(530)
  user_in_list: checking user |lionel| against |@staff|

========================


[2005/08/29 17:48:20, 6] param/loadparm.c:(2665)
  lp_file_list_changed()
  file /etc/sfw/smb.conf -> /etc/sfw/smb.conf  last mod_time: Mon Aug 29 
17:28:09 2005
  


[2005/08/29 17:48:20, 10] lib/username.c:(526)
  user_in_list: checking user lionel in list
[2005/08/29 17:48:20, 10] lib/username.c:(530)
  user_in_list: checking user |lionel| against |@staff|
[2005/08/29 17:48:20, 5] lib/username.c:(315)
  Unable to get default yp domain
[2005/08/29 17:48:20, 5] lib/username.c:(293)
  Finding user lionel
[2005/08/29 17:48:20, 5] lib/username.c:(223)
  Trying _Get_Pwnam(), username as lowercase is lionel
[2005/08/29 17:48:20, 5] lib/username.c:(251)
  Get_Pwnam_internals did find user [lionel]!



[2005/08/29 17:48:20, 5] auth/auth_util.c:(505)
  UNIX token of user 102
  Primary group is 10 and contains 2 supplementary groups
  Group[  0]: 10
  Group[  1]: 100
[2005/08/29 17:48:20, 5] smbd/uid.c:(267)
  change_to_user uid=(0,102) gid=(0,10)
[2005/08/29 17:48:20, 1] smbd/service.c:(619)
  pc-lionel (10.0.0.10) connect to service datos initially as user lionel 
(uid=102, gid=10) (pid 4090)



[2005/08/29 17:48:21, 3] smbd/sesssetup.c:(529)
  Doing spnego session setup
[2005/08/29 17:48:21, 3] smbd/sesssetup.c:(560)
  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
[2005/08/29 17:48:21, 3] libsmb/ntlmssp.c:(615)
  Got user=[] domain=[] workstation=[PC-LIONEL] len1=1 len2=0
[2005/08/29 17:48:21, 6] param/loadparm.c:(2665)
  lp_file_list_changed()
  file /etc/sfw/smb.conf -> /etc/sfw/smb.conf  last mod_time: Mon Aug 29 
17:28:09 2005
  
[2005/08/29 17:48:21, 5] auth/auth_util.c:(225)
  make_user_info_map: Mapping user []\[] from workstation [PC-LIONEL]


[2005/08/29 17:48:21, 3] auth/auth.c:(219)
  check_ntlm_password:  Checking password for unmapped user []\[]@[PC-LIONEL] 
with the new password interface
[2005/08/29 17:48:21, 3] auth/auth.c:(222)
  check_ntlm_password:  mapped user is: [PHTEST]\[]@[PC-LIONEL]
[2005/08/29 17:48:21, 10] auth/auth.c:(231)
  check_ntlm_password: auth_context challenge created by random
[2005/08/29 17:48:21, 10] auth/auth.c:(233)
  challenge is:

More information about the samba mailing list