[Samba] smbclient can't write to windows share with domain account
Andrew Boling
aboling at examservices.us
Thu Apr 6 16:47:35 GMT 2006
Samba version: 3.0.22
netbios for my PC: abolingbox
netbios for my colinux sandbox, running on the same PC: fileserver2
domain: USWA2
I have a colinux sandbox on my PC (Win XP Professional) which I'm using as a domain controller. This lets me test my PDC configuration without putting it live in our production environment. I've successfully ported our old smbpasswd database to pdbsam and created group mappings for Domain Admins, Domain Users, and Domain Guests.
I've created a share on abolingbox called "stuff". On this share, I've assigned full control to the user "USWA2\llarue". This user can only access the share if the proper domain password is provided, which tells me that the domain authentication is working to some extent. However, if I attempt to upload a file, I receive a "NT_STATUS_ACCESS_DENIED" message.
Does anyone have a suggestion as to what is going on? The "USWA2\llarue" user has been granted "Allow" for every single privilege in the Security tab of the shared folder, Windows-side. It would be helpful if I knew a registry setting to make the "NT_STATUS_ACCESS_DENIED" event generate an error in my event log that provided a more detailed explanation of what is going on.
Sample session from "fileserver" to "abolingbox":
colinux samba # bin/smbclient //abolingbox/stuff -U llarue -W USWA2
Password:
Domain=[USWA2] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
smb: \> ls
. D 0 Thu Apr 6 16:05:04 2006
.. D 0 Thu Apr 6 16:05:04 2006
test1.txt A 0 Thu Apr 6 14:59:16 2006
47692 blocks of size 2097152. 41547 blocks available
smb: \> put test2.txt
NT_STATUS_ACCESS_DENIED opening remote file \test2.txt
smb: \>
Sample showing what happens if I provide an invalid password:
colinux samba # bin/smbclient //abolingbox/stuff -U llarue -W USWA2
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
Proof that llarue is a valid user:
colinux samba # grep llarue /etc/passwd
llarue:x:568:585:USWA User:/home/llarue:/dev/null
colinux samba # bin/pdbedit llarue
llarue:568:USWA User
global config:
[global]
netbios name = FILESERVER2
workgroup = USWA2
os level = 64
preferred master = yes
domain master = yes
local master = yes
time server = yes
security = user
encrypt passwords = yes
server string = Samba %v on %L %h
admin users = @ntadmin
#domain admin group = @ntadmin
add user script = /usr/sbin/useradd -m '%u' -g 502 -s /bin/false
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -A '%g' '%u'
delete user from group script = /usr/sbin/usermod -R '%g'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'
logon script = login.bat
logon path = \\%L\profiles\%a\%U
logon drive = z:
logon home = \\%L\%U
domain logons = yes
unix password sync = yes
passdb backend = tdbsam
#username map = /usr/local/samba/etc/smbusers
enable privileges = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*Unix*password* %n\n*Retype*New*Unix*password*%n\n*passwd:*all*authentication*tokens*updated*successfully*
hide dot files = yes
hosts allow = 192.168.135. 192.168.142. 127.
log level = 2
log file = /var/log/samba/%m.log
max log size = 2000
debug timestamp = yes
syslog = 1
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
time server = yes
wins support = yes
Thanks,
Andrew
More information about the samba
mailing list