[Samba] Connection denied due to security descriptor
Todd Barbera
TBarbera at sbli.com
Wed Oct 11 20:38:32 GMT 2006
Hi,
I'm having difficulty with a share getting the above error after the
first successful connection. Here's the relevant info:
OS: Solaris 9 sparc
Samba: 3.0.23c with Winbindd (No ADS, no PAM)
Domain member server
SMB.CONF:
[global]
log file = /usr/local/samba/var/log.%m
netbios name = groucho1
server string = Test Production Server
workgroup = SBLI
socket options = TCP_NODELAY
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind enum users = yes
winbind enum groups = yes
password server = server8 server22
debug level = 3
os level = 1
security = DOMAIN
disable spoolss = yes
show add printer wizard = no
[sblipr]
path = /sbli/pr
write list = xservice,dhuber,iusersbli, at pvcsgrp
force directory mode = 775
force group = pvcsgrp
force create mode = 775
comment = SBLI Production Application Share
create mode = 775
public = yes
directory mode = 775
LOG FILE:
[2006/10/11 16:33:00, 3] smbd/service.c:find_forced_group(484)
Forced group pvcsgrp
[2006/10/11 16:33:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/10/11 16:33:00, 3] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/10/11 16:33:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/10/11 16:33:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/10/11 16:33:00, 3] smbd/service.c:make_connection_snum(752)
Connect path is '/sbli/pr' for service [sblipr]
[2006/10/11 16:33:00, 3] lib/util_seaccess.c:se_access_check(250)
[2006/10/11 16:33:00, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is
S-1-5-21-2234423204-3824006019-2812600112-501
se_access_check: also S-1-22-2-104
se_access_check: also S-1-5-2
se_access_check: also S-1-5-32-546
[2006/10/11 16:33:00, 3] lib/util_seaccess.c:se_access_check(250)
[2006/10/11 16:33:00, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is
S-1-5-21-2234423204-3824006019-2812600112-501
se_access_check: also S-1-22-2-104
se_access_check: also S-1-5-2
se_access_check: also S-1-5-32-546
[2006/10/11 16:33:00, 0] smbd/service.c:make_connection_snum(773)
make_connection: connection to sblipr denied due to security
descriptor.
[2006/10/11 16:33:00, 3] smbd/error.c:error_packet(146)
error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
[2006/10/11 16:33:00, 3] smbd/process.c:process_smb(1110)
Transaction 29 of length 43
[2006/10/11 16:33:00, 3] smbd/process.c:switch_message(914)
switch message SMBulogoffX (pid 4653) conn 0x0
[2006/10/11 16:33:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/10/11 16:33:00, 3] smbd/reply.c:reply_ulogoffX(1618)
ulogoffX vuid=103
[2006/10/11 16:33:06, 3] smbd/process.c:process_smb(1110)
Transaction 30 of length 45
[2006/10/11 16:33:06, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 4653) conn 0x3a58c8
[2006/10/11 16:33:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (15000, 104) - sec_ctx_stack_ndx = 0
[2006/10/11 16:33:06, 3] smbd/reply.c:reply_close(3312)
close fd=25 fnum=9258 (numopen=1)
[2006/10/11 16:33:06, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(15000, 104) : sec_ctx_stack_ndx = 1
[2006/10/11 16:33:06, 3] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(101) : conn_ctx_stack_ndx = 0
[2006/10/11 16:33:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/10/11 16:33:06, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (15000, 104) - sec_ctx_stack_ndx = 0
[2006/10/11 16:33:06, 2] smbd/close.c:close_normal_file(344)
SBLI\iusersbli closed file
reports/ing/20060905/cjpd9201cppa9201csbm9201csprt1
.0 (numopen=0)
I've googled the error and did some searching on the samba website but
was unable to find an answer. If anyone has any ideas on why this is
happening, I'd greatly appreciate your feedback.
Best regards,
Todd
The Savings Bank Life Insurance Company of Massachusetts is in no way affiliated with the Savings Bank Life Insurance Company of Connecticut or SBLI USA Mutual Life Insurance Company, Inc. Centrian Life Insurance is the name that the Savings Bank Life Insurance Company of Massachusetts operates under in Connecticut. It is in no way affiliated with the Savings Bank Life Insurance Company, the name that VantisLife Insurance Company operates under in Connecticut.
This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete or destroy the message.
More information about the samba
mailing list