[Samba] Re: W2K3 Domain - Can't Connect to Share?

Nolan Garrett nolan at massivegeek.com
Fri Jul 28 17:50:13 GMT 2006 


Gary Dale wrote:
> Nolan Garrett wrote:
>>  I have a linux box, Samba 3.0.23a, that is joined to a W2K3 domain.
>>  I cannot connect to the "MP3s" share (all legal!) on this system - I
>>  can connect to home directories and printers.  When I try to connect
>>  to MP3s as any user on the domain, I get an Access is denied message,
>>  or it prompts me for the username and password again.  I am using
>>  Winbind (if that matters), so none of these accounts exist locally on
>>  the system.
>>
>>  Here is the applicable part of my smb.conf: [MP3s] path =
>>  /home/samba/MP3s ;       writeable = no browseable = yes valid users
>>  = @"MASSIVEGEEK+Domain Users" writeable = yes
>>
>>  And here is the actual file permissions: drwxrwx--- 93 root domain
>>  users 4096 Jul 14 18:54 MP3s
>>
>>  Any ideas here?  I've tried connecting from several different systems
>>  (XP, 2003, Linux), with no luck.  Here is output from smbclient:
>>
>>  [root at mgprisvr ~]# smbclient //mggryphont.massivegeek.local/MP3s -U
>>  MASSIVEGEEK\\mgwinxpvm1vpn -d 2 added interface ip=192.168.0.1
>>  bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1
>>  bcast=127.255.255.255 nmask=255.0.0.0 Password: Domain=[MASSIVEGEEK]
>>  OS=[Unix] Server=[Samba 3.0.23a-1.fc5.1] tree connect failed:
>>  NT_STATUS_ACCESS_DENIED
>>
>>  Thank you!
>>
>>  Nolan
>>
> 
> Your valid users looks a little funny. Have you tried
> 
>        valid users = @"Domain Users"
> 
> instead?
> 
> I'm assuming that your server is a member of the domain.

Yeah, the server is a member of the domain.  I tried that line above, no
luck either.  I've also tried it with no "valid users" line, but still
no luck. I did find this in the logs:

[2006/07/28 10:37:12, 0] smbd/service.c:make_connection_snum(773)
  make_connection: connection to MP3s denied due to security descriptor.

Any idea what that means?

Here's my [global]:

[global]
        workgroup = MASSIVEGEEK
        server string = Samba Server
        printcap name = /etc/printcap
        load printers = yes
        printer admin = MASSIVEGEEK+ngarrett MASSIVEGEEK+Administrator root
        cups options = raw
        log file = /var/log/samba/%m.log
        max log size = 50
        security = ADS
        realm = MASSIVEGEEK.LOCAL
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = no
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        template shell = /bin/bash
        winbind use default domain = yes
        username map = /etc/samba/smbusers
        winbind separator = +
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/winnt/%D/%U
        admin users = @"MASSIVEGEEK+Domain Admins"

Thanks!

More information about the samba mailing list