[Samba] Shares mount on linux but not windows?
Brian Atkins
batkins at tlcdelivers.com
Tue Dec 12 20:55:59 GMT 2006
I'm not sure if this thread is making it on the list as I'm the only one
responding, but, here goes...
The more I look, the more the problem appears to be UID range conflicts.
Some background: this machine was originally built with Samba 2.x, but
was upgraded a while back to 3.x (now 3.0.23d). I think I might be using
some deprecated configuration parameters. In smb.conf file I have:
winbind uid = 10000-20000
winbind gid = 10000-20000
Which, unfortunately seems to fall within the same range as the UID
range that portage (the gentoo package manager) uses to build
application user accounts (e.g., apache, stunnel, etc). I have attempted
to alter the range:
winbind uid = 15000-20000
winbind gid = 15000-20000
But it causes major issues, like, not being able to log in using a
domain account. I'm not sure how to fix this.
I also found a thread in the gentoo wiki that states that winbind [ug]id
is deprecated and idmap [ug]id should be used instead. I also have
noticed a lot of information regarding Samba 3.x and LDAP, but very
little regarding Samba 3.x and winbind. Is winbind still recommended for
and AD domain (w2k)?
Brian Atkins wrote:
> I think I cleared up the username mismatch with a simple reboot of my
> workstation. No clue why it was happening...
>
> However, I am unable to connect to shares from a windows machine using a
> username only. If I enter a groupname, it works:
>
> valid users = batkins (FAILS)
>
> valid users = @DOMAIN+"My Group" (SUCCEEDS)
>
> I have compared this machine's config file to another machine with
> working samba shares. The config files are nearly identical, save the
> server string and netbios name.
>
> Brian Atkins wrote:
>> OK, here's a strange twist:
>>
>> [2006/12/08 17:45:17, 2] smbd/service.c:make_connection_snum(580)
>> user 'ubackup' (from session setup) not permitted to access this
>> share (batkins)
>> [2006/12/08 17:45:17, 3] smbd/error.c:error_packet(146)
>> error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
>> NT_STATUS_ACCESS_DENIED
>>
>> I'm logged in under my own user account (batkins), but it is trying to
>> authenticate me using the user account ubackup, both of which are AD
>> accounts.
>>
>> Brian
>> "An adventure is never an adventure
>> when it's happening. Challenging
>> experiences need time to ferment,
>> and an adventure is simply physical
>> and emotional discomfort recollected
>> in tranquility." -- Tim Cahill
>>
>> Brian Atkins wrote:
>>> Curious. I have a gentoo server running 3.0.23d that simply serves
>>> out shares. It is a domain member, but not a pdc. From another linux
>>> server, I can mount up shares without a hitch. But from a windows
>>> box, I keep getting prompted for credentials.
>>>
>>> I am not seeing anything substantial in the logs.
>>>
>>> SMB.CONF
>>> --------
>>> [global]
>>> workgroup = UNICITY
>>> realm = MYREALM.MYDOMAIN.COM
>>> netbios name = SERVER
>>> server string = SERVER
>>> interfaces = 192.168.56.26 127.
>>> bind interfaces only = yes
>>> security = ADS
>>> log file = /var/log/samba/log.%m
>>> max log size = 8164
>>> name resolve order = hosts wins bcast
>>> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>>> os level = 5
>>> preferred master = no
>>> local master = no
>>> domain master = no
>>> dns proxy = no
>>> wins proxy = no
>>> wins server = 192.168.57.124
>>> template shell = /bin/bash
>>> unix extensions = no
>>> winbind enum users = yes
>>> idmap uid = 10000-20000
>>> idmap gid = 10000-20000
>>> winbind uid = 10000-20000
>>> winbind gid = 10000-20000
>>> winbind enum groups = yes
>>> winbind separator = +
>>> winbind use default domain = yes
>>> encrypt passwords = yes
>>> hosts allow = 192.168. 127.
>>> load printers = no
>>> smb ports = 139
>>>
>>> [myshare]
>>> comment = My fileshare
>>> path = /home/MYDOMAIN/myhome
>>> invalid users = root
>>> valid users = me
>>> public = no
>>> writable = yes
>>> printable = no
>>> create mask = 0777
>>> directory mask = 0777
>>>
More information about the samba
mailing list