[Samba] error NT_STATUS_ACCESS_DENIED

Brown, Steve Steve.Brown at Level3.com
Tue Sep 27 19:41:22 GMT 2005


Hello

I'm running Samba version 3.0.2a on Solaris 9 and can not get access to
my defined shares.  My config is below.  I believe my configuration is
good and I can see the server in the Windows Network browser but can not
authenticate.  Any one have any ideas?

Thanks

Steve

 

[global]

 

  netbios name  = f2z32-07

  workgroup     = LEVEL3

  server string = %h

 

  # do not change anything in the [global] section beyond this point.

 

  # Security settings to allow operation with Windows domain
credentials.

  # Misconfiguration will impact the availability of this system

  #   and is a severity 3 exposure.

  security              = domain

  password server       = *

  allow trusted domains = yes

  encrypt passwords     = yes

  client use spnego     = yes

 

  # We don't want Samba to become a master browser on the network, and

  # never act as the Primary Domain Controller.

  # Misconfiguration will impact the stability of the  production

  #   network and is a severity 4 exposure.

  local master  = no

  domain logons = no

  domain master = no

 

  # Set up to be a WINS client, but definitely not a WINS server.

  # Misconfiguration will impact the availability of this system

  #   and is a severity 3 exposure.

  wins support  = no

  wins server   = 10.1.7.10 10.1.7.11

 

  # Only allow access from internal clients

  # Misconfiguration could allow unauthorized access and is a

  #   severity 3 exposure.

  hosts allow = 10.0.0.0/8

  hosts deny  = ALL

  interfaces  = 127.0.0.1 10.0.0.0/8

  bind interfaces only = yes

 

 

  # Root is explicitly not allowed access.

  # Misconfiguration could allow connection with root privilege

  #   and is a severity 3 exposure.

  invalid users = root

 

  # Only users in the "ntusers" group are allowed access

  # Misconfiguration could contribute to allowing access

  #   to unauthorized users and is a severity 2 exposure.

  valid users = @ntusers

 

  # We need to map NT usernames to UNIX usernames

  # Misconfiguration could allow unauthorized access and is

  #   a severity 3 exposure.

  username map = /usr/local/samba/lib/usernames.map

 

  # don't allow older, weaker encryption spec to be used

  lanman auth = no

 

  # no OS/2 client support is needed

  lm announce = no

 

  # NT/2000/XP should all be able to cope, and the added strength is
necessary

  min protocol = NT1

 

  # We're on a Local Area Network, so these settings are appropriate

  socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY
SO_RCVBUF=8192 SO_SNDBUF=8192

 

  # Logging options, record Create / Delete / Rename / Perm Change /
Open / Close

  # Misconfiguration will impact monitoring and is a severity 2
exposure.

  vfs objects = extd_audit

  log level = 2

  ; log file = /var/log/samba.log

 

  # Set up umasks for object creation

  # Misconfiguration could allow files to be created with undesireable

  #   permissions and is a severity 2 exposure.

  inherit permissions = no

  create mask         = 0644

  directory mask      = 0755

 

  # Authenticated access is required to all resources

  # Misconfiguration could allow unauthorized access to the resources
and

  #   is a severity 3 exposure.

  guest ok = no

 

  # As a further safety, shares are read only by default.

  read only = yes

 

[public]

  path = /home/public

  read only = no

 

#

 

[lecinv]

    guest ok          = yes

    path              = /lecinv

    valid users       = wfarrell,sbrown

    writeable         = yes

bash-2.05#

 

Steve Brown

Unix Systems Administration

Level 3 Communications

1025 Eldorado Blvd

(720)888-3545

Pager Pin 8774636766

steve.brown at level3.com

 



More information about the samba mailing list