[Samba] Re: What's wrong with my smb.conf? Access Denied with
3.0.23c
Nolan Garrett
nolan at massivegeek.com
Tue Sep 12 21:48:48 GMT 2006
Nolan Garrett wrote:
> Here is some output with a level 10 debug, using smbclient to try to
> connect:
>
> [2006/09/12 14:29:27, 4] smbd/reply.c:reply_tcon_and_X(668)
> Client requested device type [?????] for share [MP3S]
> [2006/09/12 14:29:27, 5] smbd/service.c:make_connection(1116)
> making a connection to 'normal' service mp3s
> [2006/09/12 14:29:27, 3] lib/util_sid.c:string_to_sid(223)
> string_to_sid: Sid @Domain Users does not start with 'S-'.
> [2006/09/12 14:29:27, 5] smbd/password.c:user_in_netgroup(423)
> Unable to get default yp domain, let's try without specifying it
> [2006/09/12 14:29:27, 5] smbd/password.c:user_in_netgroup(427)
> looking for user MASSIVEGEEK+mgwinxpvm1vpn of domain (ANY) in netgroup
> Domain Users
> [2006/09/12 14:29:27, 5] smbd/password.c:user_in_netgroup(443)
> looking for user massivegeek+mgwinxpvm1vpn of domain (ANY) in netgroup
> Domain Users
> [2006/09/12 14:29:27, 10] passdb/lookup_sid.c:lookup_name(64)
> lookup_name: MGGRYPHON\Domain Users => MGGRYPHON (domain), Domain
> Users (name)
> [2006/09/12 14:29:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2006/09/12 14:29:27, 3] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2006/09/12 14:29:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/12 14:29:27, 5] auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
> [2006/09/12 14:29:27, 5] auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2006/09/12 14:29:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/09/12 14:29:27, 10] smbd/share_access.c:user_ok_token(208)
> User MASSIVEGEEK+mgwinxpvm1vpn not in 'valid users'
> [2006/09/12 14:29:27, 2] smbd/service.c:make_connection_snum(571)
> user 'MASSIVEGEEK+mgwinxpvm1vpn' (from session setup) not permitted to
> access this share (MP3s)
> [2006/09/12 14:29:27, 3] smbd/error.c:error_packet(146)
> error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
> [2006/09/12 14:29:27, 5] lib/util.c:show_msg(500)
> [2006/09/12 14:29:27, 5] lib/util.c:show_msg(510)
> size=35
> smb_com=0x75
> smb_rcls=34
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51201
> smb_tid=0
> smb_pid=17010
> smb_uid=101
> smb_mid=7
> smt_wct=0
> smb_bcc=0
> [2006/09/12 14:29:27, 10] smbd/process.c:setup_select_timeout(1284)
> change_notify_timeout: -1
> [2006/09/12 14:29:27, 10] lib/util_sock.c:read_data(525)
> read_data: read of 4 returned 0. Error = Success
> [2006/09/12 14:29:27, 10] lib/util_sock.c:receive_smb_raw(672)
> receive_smb_raw: length < 0!
> [2006/09/12 14:29:27, 3] smbd/process.c:timeout_processing(1359)
> timeout_processing: End of file from client (client has disconnected).
>
>
> Is this useful at all?
>
> Nolan
>
>
Sorry for the multiple posts, but I was able to generate another log
entry, which may be helpful for troubleshooting. With the valid users =
@MASSIVEGEEK+"Domain Users", I get this error in my log file:
[2006/09/12 14:44:29, 10] lib/util_seaccess.c:se_access_check(233)
se_access_check: requested access 0x00000001, for NT token with 8
entries and first sid S-1-5-21-2685110052-21075211-2435468744-1142.
[2006/09/12 14:44:29, 3] lib/util_seaccess.c:se_access_check(250)
[2006/09/12 14:44:29, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2685110052-21075211-2435468744-1142
se_access_check: also S-1-5-21-2685110052-21075211-2435468744-1120
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2685110052-21075211-2435468744-513
se_access_check: also S-1-5-21-2685110052-21075211-2435468744-1119
se_access_check: also S-1-5-32-545
se_access_check: ACE 0: type 0, flags = 0x00, SID =
S-1-5-21-2685110052-21075211-2435468744-1110 mask = 1f01ff, current
desired = 1
[2006/09/12 14:44:29, 5] lib/util_seaccess.c:se_access_check(314)
se_access_check: access (1) denied.
[2006/09/12 14:44:29, 0] smbd/service.c:make_connection_snum(773)
make_connection: connection to MP3s denied due to security descriptor.
[2006/09/12 14:44:29, 3] smbd/error.c:error_packet(146)
error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
Thanks!
Nolan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20060912/00cf7e00/signature.bin
More information about the samba
mailing list