[Samba] Re: W2K3 Domain - Can't Connect to Share?
garydale at torfree.net
Fri Jul 28 18:27:21 GMT 2006
Nolan Garrett wrote:
> Gary Dale wrote:
>> Nolan Garrett wrote:
>>> I have a linux box, Samba 3.0.23a, that is joined to a W2K3 domain.
>>> I cannot connect to the "MP3s" share (all legal!) on this system - I
>>> can connect to home directories and printers. When I try to connect
>>> to MP3s as any user on the domain, I get an Access is denied message,
>>> or it prompts me for the username and password again. I am using
>>> Winbind (if that matters), so none of these accounts exist locally on
>>> the system.
>>> Here is the applicable part of my smb.conf: [MP3s] path =
>>> /home/samba/MP3s ; writeable = no browseable = yes valid users
>>> = @"MASSIVEGEEK+Domain Users" writeable = yes
>>> And here is the actual file permissions: drwxrwx--- 93 root domain
>>> users 4096 Jul 14 18:54 MP3s
>>> Any ideas here? I've tried connecting from several different systems
>>> (XP, 2003, Linux), with no luck. Here is output from smbclient:
>>> [root at mgprisvr ~]# smbclient //mggryphont.massivegeek.local/MP3s -U
>>> MASSIVEGEEK\\mgwinxpvm1vpn -d 2 added interface ip=192.168.0.1
>>> bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1
>>> bcast=127.255.255.255 nmask=255.0.0.0 Password: Domain=[MASSIVEGEEK]
>>> OS=[Unix] Server=[Samba 3.0.23a-1.fc5.1] tree connect failed:
>>> Thank you!
>> Your valid users looks a little funny. Have you tried
>> valid users = @"Domain Users"
>> I'm assuming that your server is a member of the domain.
> Yeah, the server is a member of the domain. I tried that line above, no
> luck either. I've also tried it with no "valid users" line, but still
> no luck. I did find this in the logs:
> [2006/07/28 10:37:12, 0] smbd/service.c:make_connection_snum(773)
> make_connection: connection to MP3s denied due to security descriptor.
> Any idea what that means?
> Here's my [global]:
> workgroup = MASSIVEGEEK
> server string = Samba Server
> printcap name = /etc/printcap
> load printers = yes
> printer admin = MASSIVEGEEK+ngarrett MASSIVEGEEK+Administrator root
> cups options = raw
> log file = /var/log/samba/%m.log
> max log size = 50
> security = ADS
> realm = MASSIVEGEEK.LOCAL
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = no
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
> template shell = /bin/bash
> winbind use default domain = yes
> username map = /etc/samba/smbusers
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> template homedir = /home/winnt/%D/%U
> admin users = @"MASSIVEGEEK+Domain Admins"
Sorry, you've passed beyond my level of expertise here with Kerberos and
I can suggest you try some simple things like bumping up your log level
and doing some testing. Perhaps try a share connecting as a user where
the user is local as well as a domain user. The message looks like it is
complaining about security, so I suspect it isn't getting the
information it expects from your DC (if it is even communicating with it).
More information about the samba