[Samba] error NT_STATUS_ACCESS_DENIED
Brown, Steve
Steve.Brown at Level3.com
Tue Sep 27 19:41:22 GMT 2005
Hello
I'm running Samba version 3.0.2a on Solaris 9 and can not get access to
my defined shares. My config is below. I believe my configuration is
good and I can see the server in the Windows Network browser but can not
authenticate. Any one have any ideas?
Thanks
Steve
[global]
netbios name = f2z32-07
workgroup = LEVEL3
server string = %h
# do not change anything in the [global] section beyond this point.
# Security settings to allow operation with Windows domain
credentials.
# Misconfiguration will impact the availability of this system
# and is a severity 3 exposure.
security = domain
password server = *
allow trusted domains = yes
encrypt passwords = yes
client use spnego = yes
# We don't want Samba to become a master browser on the network, and
# never act as the Primary Domain Controller.
# Misconfiguration will impact the stability of the production
# network and is a severity 4 exposure.
local master = no
domain logons = no
domain master = no
# Set up to be a WINS client, but definitely not a WINS server.
# Misconfiguration will impact the availability of this system
# and is a severity 3 exposure.
wins support = no
wins server = 10.1.7.10 10.1.7.11
# Only allow access from internal clients
# Misconfiguration could allow unauthorized access and is a
# severity 3 exposure.
hosts allow = 10.0.0.0/8
hosts deny = ALL
interfaces = 127.0.0.1 10.0.0.0/8
bind interfaces only = yes
# Root is explicitly not allowed access.
# Misconfiguration could allow connection with root privilege
# and is a severity 3 exposure.
invalid users = root
# Only users in the "ntusers" group are allowed access
# Misconfiguration could contribute to allowing access
# to unauthorized users and is a severity 2 exposure.
valid users = @ntusers
# We need to map NT usernames to UNIX usernames
# Misconfiguration could allow unauthorized access and is
# a severity 3 exposure.
username map = /usr/local/samba/lib/usernames.map
# don't allow older, weaker encryption spec to be used
lanman auth = no
# no OS/2 client support is needed
lm announce = no
# NT/2000/XP should all be able to cope, and the added strength is
necessary
min protocol = NT1
# We're on a Local Area Network, so these settings are appropriate
socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY
SO_RCVBUF=8192 SO_SNDBUF=8192
# Logging options, record Create / Delete / Rename / Perm Change /
Open / Close
# Misconfiguration will impact monitoring and is a severity 2
exposure.
vfs objects = extd_audit
log level = 2
; log file = /var/log/samba.log
# Set up umasks for object creation
# Misconfiguration could allow files to be created with undesireable
# permissions and is a severity 2 exposure.
inherit permissions = no
create mask = 0644
directory mask = 0755
# Authenticated access is required to all resources
# Misconfiguration could allow unauthorized access to the resources
and
# is a severity 3 exposure.
guest ok = no
# As a further safety, shares are read only by default.
read only = yes
[public]
path = /home/public
read only = no
#
[lecinv]
guest ok = yes
path = /lecinv
valid users = wfarrell,sbrown
writeable = yes
bash-2.05#
Steve Brown
Unix Systems Administration
Level 3 Communications
1025 Eldorado Blvd
(720)888-3545
Pager Pin 8774636766
steve.brown at level3.com
More information about the samba
mailing list