[Samba] Re: What's wrong with my smb.conf? Access Denied with 3.0.23c

Nolan Garrett nolan at massivegeek.com
Tue Sep 12 21:48:48 GMT 2006 

Nolan Garrett wrote:
> Here is some output with a level 10 debug, using smbclient to try to
> connect:
> 
> [2006/09/12 14:29:27, 4] smbd/reply.c:reply_tcon_and_X(668)
>   Client requested device type [?????] for share [MP3S]
> [2006/09/12 14:29:27, 5] smbd/service.c:make_connection(1116)
>   making a connection to 'normal' service mp3s
> [2006/09/12 14:29:27, 3] lib/util_sid.c:string_to_sid(223)
>   string_to_sid: Sid @Domain Users does not start with 'S-'.
> [2006/09/12 14:29:27, 5] smbd/password.c:user_in_netgroup(423)
>   Unable to get default yp domain, let's try without specifying it
> [2006/09/12 14:29:27, 5] smbd/password.c:user_in_netgroup(427)
>   looking for user MASSIVEGEEK+mgwinxpvm1vpn of domain (ANY) in netgroup
> Domain Users
> [2006/09/12 14:29:27, 5] smbd/password.c:user_in_netgroup(443)
>   looking for user massivegeek+mgwinxpvm1vpn of domain (ANY) in netgroup
> Domain Users
> [2006/09/12 14:29:27, 10] passdb/lookup_sid.c:lookup_name(64)
>   lookup_name: MGGRYPHON\Domain Users => MGGRYPHON (domain), Domain
> Users (name)
> [2006/09/12 14:29:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2006/09/12 14:29:27, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2006/09/12 14:29:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/12 14:29:27, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2006/09/12 14:29:27, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/09/12 14:29:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/09/12 14:29:27, 10] smbd/share_access.c:user_ok_token(208)
>   User MASSIVEGEEK+mgwinxpvm1vpn not in 'valid users'
> [2006/09/12 14:29:27, 2] smbd/service.c:make_connection_snum(571)
>   user 'MASSIVEGEEK+mgwinxpvm1vpn' (from session setup) not permitted to
> access this share (MP3s)
> [2006/09/12 14:29:27, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
> [2006/09/12 14:29:27, 5] lib/util.c:show_msg(500)
> [2006/09/12 14:29:27, 5] lib/util.c:show_msg(510)
>   size=35
>   smb_com=0x75
>   smb_rcls=34
>   smb_reh=0
>   smb_err=49152
>   smb_flg=136
>   smb_flg2=51201
>   smb_tid=0
>   smb_pid=17010
>   smb_uid=101
>   smb_mid=7
>   smt_wct=0
>   smb_bcc=0
> [2006/09/12 14:29:27, 10] smbd/process.c:setup_select_timeout(1284)
>   change_notify_timeout: -1
> [2006/09/12 14:29:27, 10] lib/util_sock.c:read_data(525)
>   read_data: read of 4 returned 0. Error = Success
> [2006/09/12 14:29:27, 10] lib/util_sock.c:receive_smb_raw(672)
>   receive_smb_raw: length < 0!
> [2006/09/12 14:29:27, 3] smbd/process.c:timeout_processing(1359)
>   timeout_processing: End of file from client (client has disconnected).
> 
> 
> Is this useful at all?
> 
> Nolan
> 
> 
Sorry for the multiple posts, but I was able to generate another log
entry, which may be helpful for troubleshooting.  With the valid users =
@MASSIVEGEEK+"Domain Users", I get this error in my log file:

[2006/09/12 14:44:29, 10] lib/util_seaccess.c:se_access_check(233)
  se_access_check: requested access 0x00000001, for NT token with 8
entries and first sid S-1-5-21-2685110052-21075211-2435468744-1142.
[2006/09/12 14:44:29, 3] lib/util_seaccess.c:se_access_check(250)
[2006/09/12 14:44:29, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-2685110052-21075211-2435468744-1142
  se_access_check: also S-1-5-21-2685110052-21075211-2435468744-1120
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: also S-1-5-21-2685110052-21075211-2435468744-513
  se_access_check: also S-1-5-21-2685110052-21075211-2435468744-1119
  se_access_check: also S-1-5-32-545
  se_access_check: ACE 0: type 0, flags = 0x00, SID =
S-1-5-21-2685110052-21075211-2435468744-1110 mask = 1f01ff, current
desired = 1
[2006/09/12 14:44:29, 5] lib/util_seaccess.c:se_access_check(314)
  se_access_check: access (1) denied.
[2006/09/12 14:44:29, 0] smbd/service.c:make_connection_snum(773)
  make_connection: connection to MP3s denied due to security descriptor.
[2006/09/12 14:44:29, 3] smbd/error.c:error_packet(146)
  error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED


Thanks!

Nolan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20060912/00cf7e00/signature.bin

More information about the samba mailing list