[Samba] smbd/service.c:make_connection_snum - Access denied
Eric Van Buggenhaut
eric at proyectosolidario.org
Fri Sep 29 10:15:03 GMT 2006
Hi,
Two days ago, I tried to turned my samba server, which worked perfectly
into a PDC but despite of all my efforts, skimming thru the docs,
mailing lists, hanging on #samba, I've never been able to logon to the
new domain from the WinXP clients.
Authentication is OK, but then access to the share is denied. Here's
part of the log:
[2006/09/28 19:03:36, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] suc
ceeded
[2006/09/28 19:03:36, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2006/09/28 19:03:36, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2006/09/28 19:03:36, 3] smbd/password.c:register_vuid(222)
User name: root Real name: root
[2006/09/28 19:03:36, 3] smbd/password.c:register_vuid(241)
UNIX uid 0 is UNIX user root, and will be vuid 100
[2006/09/28 19:03:36, 3] smbd/password.c:register_vuid(270)
Adding homes service for user 'root' using home directory: '/root'
[2006/09/28 19:03:36, 3] param/loadparm.c:lp_add_home(2368)
adding home's share [root] for user 'root' at '/root'
[2006/09/28 19:03:36, 3] smbd/process.c:process_smb(1091)
Transaction 4 of length 80
[2006/09/28 19:03:36, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 23977) conn 0x0
[2006/09/28 19:03:36, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/28 19:03:36, 2] smbd/service.c:make_connection_snum(321)
user 'root' (from session setup) not permitted to access this share (IPC$)
[2006/09/28 19:03:36, 3] smbd/error.c:error_packet(129)
error packet at smbd/reply.c(415) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
Anyone, please give me a hint, I'm totally puzzled.
Attached is our smb.conf
-------------- next part --------------
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#
#======================= Global Settings =======================
[global]
log file = /var/log/samba/log.%m
log level = 3
max log size = 100
load printers = yes
socket options = TCP_NODELAY
obey pam restrictions = yes
domain master = yes
preferred master = yes
local master = yes
domain logons = yes
#domain admin users = root eric lmozo
admin users = @admins
#domain admin group = root eric lmozo
passdb backend = tdbsam guest
passwd program = /usr/bin/passwd %u
encrypt passwords = true
#valid users = %S
security = user
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n
# Automatedly add a Linux / Unix and Samba machine account when joining a machine to the domain
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/groupmod -A %u %g
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false %u
wins support = true
dns proxy = no
netbios name = mekas
server string = %h (Samba %v)
#Parece que necesitamos el usuario root para poder loguearse a un dominio desde WinXP (Eric-28/9/06)
#invalid users = root
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n *passwd:*all*authentication*tokens*updated*successfully*
#PAM password change = yes
username map = /etc/samba/smbusers
workgroup = MADRID
os level = 65
printing = cups
printcap name = cups
syslog = 0
panic action = /usr/share/samba/panic-action %d
max log size = 1000
unix charset = ISO8859-15
interfaces = eth0 lo
time server = yes
#Parece que el siguiente parametro no existe (Eric-28/9/06) lo comentamos
#domain admin group = @admins
# User profiles and home directory.
# the local path to which the home ([HOMES]) directory will be connected
logon drive = H:
# Where 'profiles' = [profiles] further on
logon path = \\%L\profiles\%U
logon script = netlogon.bat
# Keep the case in file/directory names; when looking for a file
# matching is done without regard to case, as expected by Windows
preserve case = yes
short preserve case = yes
case sensitive = no
hide dot files = yes
[profiles]
comment = Windows user profile directories
path = /home/admin/profiles
read only = no
browseable = no
create mode = 0600 ; rwx-xxx-xxx - only the user can read/write files
directory mode = 0700 ; rwx-xxx-xxx - directories must be executable if they are to be navigated
[homes]
volume = HOME
comment = Home Directories
browseable = no
read only = no
public = no
[programs]
# Map P: to this; use it to install programs to
# and to point programs to that don't like using UNC
comment = installed programs
path = /opt/windows
read only = yes
write list = @admins
browseable = yes
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
# writable = no
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0750
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
[netlogon]
comment = Network Logon Service
path = /home/admin/netlogon
guest ok = yes
write list = @admins
#share modes = no
[printers]
comment = All Printers
browseable = yes
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
use client driver = yes
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
; write list = root, @ntadmin
# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes
# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
[Compartida]
comment = Repositorio de Ficheros Compartidos
path = /home/admin/repositorio
public = no
only guest = no
writable = yes
printable = no
browseable = yes
create mask = 0777
directory mask = 0777
force user = nobody
force group = nogroup
force create mode = 777
force directory mode = 777
[Disco_Backup]
writable = yes
printable = no
only guest = no
path = /mnt/disco2
comment = Disco Copias Seguridad
valid users = lmozo
public = no
[Publicacion]
comment = Repositorio de Documentos para Envios
browseable = yes
path = /home/admin/docenvios
printable = no
writable = yes
guest ok = yes
public = yes
[Resultados]
comment = Resultados de las tareas automaticas
path = /home/admin/apt/config/resultados
public = yes
only guest = yes
writable = yes
printable = no
browseable = yes
#[IPC$]
# hosts allow = 0.0.0.0/0
More information about the samba
mailing list