[Samba] Connection denied due to security descriptor

[Todd Barbera]

Hi,

 

I'm having difficulty with a share getting the above error after the
first successful connection. Here's the relevant info:



OS: Solaris 9 sparc

Samba: 3.0.23c with Winbindd (No ADS, no PAM) 

Domain member server

 

SMB.CONF:

 

[global]

        log file = /usr/local/samba/var/log.%m

        netbios name = groucho1

        server string = Test Production Server

        workgroup = SBLI

        socket options = TCP_NODELAY

        idmap uid = 15000-20000

        idmap gid = 15000-20000

        winbind enum users = yes

        winbind enum groups = yes

        password server = server8 server22

        debug level = 3

        os level = 1

        security = DOMAIN

        disable spoolss = yes

        show add printer wizard = no

 

[sblipr]

        path = /sbli/pr

        write list = xservice,dhuber,iusersbli, at pvcsgrp

        force directory mode = 775

        force group = pvcsgrp

        force create mode = 775

        comment = SBLI Production Application Share

        create mode = 775

        public = yes

        directory mode = 775

 

 

LOG FILE:

 

[2006/10/11 16:33:00, 3] smbd/service.c:find_forced_group(484)

  Forced group pvcsgrp

[2006/10/11 16:33:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)

  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1

[2006/10/11 16:33:00, 3] smbd/uid.c:push_conn_ctx(345)

  push_conn_ctx(0) : conn_ctx_stack_ndx = 0

[2006/10/11 16:33:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2006/10/11 16:33:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)

  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0

[2006/10/11 16:33:00, 3] smbd/service.c:make_connection_snum(752)

  Connect path is '/sbli/pr' for service [sblipr]

[2006/10/11 16:33:00, 3] lib/util_seaccess.c:se_access_check(250)

[2006/10/11 16:33:00, 3] lib/util_seaccess.c:se_access_check(251)

  se_access_check: user sid is
S-1-5-21-2234423204-3824006019-2812600112-501

  se_access_check: also S-1-22-2-104

  se_access_check: also S-1-5-2

  se_access_check: also S-1-5-32-546

[2006/10/11 16:33:00, 3] lib/util_seaccess.c:se_access_check(250)

[2006/10/11 16:33:00, 3] lib/util_seaccess.c:se_access_check(251)

  se_access_check: user sid is
S-1-5-21-2234423204-3824006019-2812600112-501

  se_access_check: also S-1-22-2-104

  se_access_check: also S-1-5-2

  se_access_check: also S-1-5-32-546

[2006/10/11 16:33:00, 0] smbd/service.c:make_connection_snum(773)

  make_connection: connection to sblipr denied due to security
descriptor.

[2006/10/11 16:33:00, 3] smbd/error.c:error_packet(146)

  error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED

[2006/10/11 16:33:00, 3] smbd/process.c:process_smb(1110)

  Transaction 29 of length 43

[2006/10/11 16:33:00, 3] smbd/process.c:switch_message(914)

  switch message SMBulogoffX (pid 4653) conn 0x0

[2006/10/11 16:33:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2006/10/11 16:33:00, 3] smbd/reply.c:reply_ulogoffX(1618)

  ulogoffX vuid=103

[2006/10/11 16:33:06, 3] smbd/process.c:process_smb(1110)

  Transaction 30 of length 45

[2006/10/11 16:33:06, 3] smbd/process.c:switch_message(914)

  switch message SMBclose (pid 4653) conn 0x3a58c8

[2006/10/11 16:33:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)

  setting sec ctx (15000, 104) - sec_ctx_stack_ndx = 0

[2006/10/11 16:33:06, 3] smbd/reply.c:reply_close(3312)

  close fd=25 fnum=9258 (numopen=1)

[2006/10/11 16:33:06, 3] smbd/sec_ctx.c:push_sec_ctx(208)

  push_sec_ctx(15000, 104) : sec_ctx_stack_ndx = 1

[2006/10/11 16:33:06, 3] smbd/uid.c:push_conn_ctx(345)

  push_conn_ctx(101) : conn_ctx_stack_ndx = 0

[2006/10/11 16:33:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2006/10/11 16:33:06, 3] smbd/sec_ctx.c:pop_sec_ctx(339)

  pop_sec_ctx (15000, 104) - sec_ctx_stack_ndx = 0

[2006/10/11 16:33:06, 2] smbd/close.c:close_normal_file(344)

  SBLI\iusersbli closed file
reports/ing/20060905/cjpd9201cppa9201csbm9201csprt1

.0 (numopen=0)

 

 

I've googled the error and did some searching on the samba website but
was unable to find an answer. If anyone has any ideas on why this is
happening, I'd greatly appreciate your feedback. 

 

 

Best regards,

 

Todd 



The Savings Bank Life Insurance Company of Massachusetts is in no way affiliated with the Savings Bank Life Insurance Company of Connecticut or SBLI USA Mutual Life Insurance Company, Inc. Centrian Life Insurance is the name that the Savings Bank Life Insurance Company of Massachusetts operates under in Connecticut. It is in no way affiliated with the Savings Bank Life Insurance Company, the name that VantisLife Insurance Company operates under in Connecticut.


This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete or destroy the message.