[Samba] tree connect failled: ERRDOS - ERRnoaccess (Access
denied.)
GNUtoo at no-log.org
GNUtoo at no-log.org
Thu Feb 8 18:09:58 GMT 2007
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/26/2007 02:23 PM, GNUtoo at no-log.org wrote:
>> On 01/24/2007 07:22 PM, GNUtoo at no-log.org escreveu:
>>>>> i have recently switched to ldap backend for passwords
>>>>> smbldap-useradd,smbldap-passwd works without error messages...
>>>>> but when i try to connect from linux it gives me the following error
>>>>> XXXXX:tree connect failled: ERRDOS - ERRnoaccess (Access denied.)
>>>>> XXXXX can be remplaced with diffferent numbers such as
>>>>> 10270
>>>>> 11202
>>>>> 11318
>>>>> 11750
>>>>> ...evry time the number of the errors change i don't know why
>>>>>
>>>>> i have only tryed it with username that are valid unix usernames
>>>>> (i don't know if smbldap create the unix usernames for me) and the
>>>>> samba
>>>>> and unix password are the same
>
> [...]
>
>> here my smb.conf
>
>> [photos_modif]
>> comment = private stuff
>> path = /home/gentux/Pictures
>> valid users = samba gentux
>> public = no
>> writable = no
>> printable = no
>
>
>> [home]
>> comment = private stuff
>> path = /home
>> valid users = gentux
>> public = no
>> writable = no
>> printable = no
>
>
> Well, you don't need to share [home] like that, you
> can use [homes] instead. And samba and gentux do not have
> the 'samba' object class.
>
>
>> here all my ldap entries:
> [...]
>> # root, Users, GNUtoo.org
>> dn: uid=root,ou=Users,dc=GNUtoo,dc=org
>> cn: root
>> sn: root
>> objectClass: inetOrgPerson
>> objectClass: sambaSamAccount
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> gidNumber: 0
>> uid: root
>> uidNumber: 0
>> homeDirectory: /home/root
>> sambaLogonTime: 0
>> sambaLogoffTime: 2147483647
>> sambaKickoffTime: 2147483647
>> sambaPwdCanChange: 0
>> sambaHomePath: \\PDC-SRV\root
>> sambaHomeDrive: H:
>> sambaProfilePath: \\PDC-SRV\profiles\root
>> sambaPrimaryGroupSID: S-1-5-21-4205727931-4131263253-1851132061-512
>> sambaSID: S-1-5-21-4205727931-4131263253-1851132061-500
>> loginShell: /bin/false
>> gecos: Netbios Domain Administrator
>> sambaLMPassword: 600A867539982BF08E5D533411003C5C
>> sambaAcctFlags: [U]
>> sambaNTPassword: 2B4FE695A07847E3F92A21A30541CAD7
>> sambaPwdLastSet: 1169673792
>> sambaPwdMustChange: 1173561792
>> userPassword:: e1NTSEF9Mnc0aVFUcEgxdTFjOC9ycFd3ZG5kUUs3OGZFMVV6RlE=
>
>
>> # samba, Users, GNUtoo.org
>> dn: uid=samba,ou=Users,dc=GNUtoo,dc=org
>> objectClass: top
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> cn: samba
>> sn: samba
>> uid: samba
>> uidNumber: 1002
>> gidNumber: 513
>> homeDirectory: /home/samba
>> loginShell: /bin/bash
>> gecos: System User
>> description: System User
>> userPassword:: e1NTSEF9VTBtbEFvQ05uU3d5MkdDTS9TQjhjdTJ4NGdsdGNFOVM=
>
>> # gentux, Users, GNUtoo.org
>> dn: uid=gentux,ou=Users,dc=GNUtoo,dc=org
>> objectClass: top
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> cn: gentux
>> sn: gentux
>> uid: gentux
>> uidNumber: 1006
>> gidNumber: 513
>> homeDirectory: /home/gentux
>> loginShell: /bin/bash
>> gecos: System User
>> description: System User
>> userPassword:: e1NTSEF9RzNkU2FQckNHL1FVTG1sdmhycS8zQU8zbzc4eGFrVkk=
>
> Why 'samba' and 'gentux' users do not have an sambaSAMAccount?
> They need that info in order to access your samba resources.
>
>
how do i create sambaSAMAccounts?
>> the problem is that i don't see any error logs but the logs of my
>> ldapsearch...
>
> Perhaps you should increase the loglevel of your smb.conf
> and check the common log files found in /var/log.
>
>
> Kind regards,
>
> - --
> Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
> http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFvfGCCj65ZxU4gPQRAtuIAKCKyqrnRLS+tGinzQv782KRRrmDjACeMdPF
> QiQHjlSi50a3V8xMlQhfVSY=
> =yGA+
> -----END PGP SIGNATURE-----
>
>
by the way i restarte from scratch using the smbldap tutorial from idealx
from the cvs
an it still has errors:
# ldapsearch
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# GNUtoo.org
dn: dc=GNUtoo,dc=org
objectClass: dcObject
objectClass: organization
o: GNUtoo
dc: GNUtoo
# Users, GNUtoo.org
dn: ou=Users,dc=GNUtoo,dc=org
objectClass: organizationalUnit
ou: Users
# Groups, GNUtoo.org
dn: ou=Groups,dc=GNUtoo,dc=org
objectClass: organizationalUnit
ou: Groups
# Computers, GNUtoo.org
dn: ou=Computers,dc=GNUtoo,dc=org
objectClass: organizationalUnit
ou: Computers
# Idmap, GNUtoo.org
dn: ou=Idmap,dc=GNUtoo,dc=org
objectClass: organizationalUnit
ou: Idmap
# root, Users, GNUtoo.org
dn: uid=root,ou=Users,dc=GNUtoo,dc=org
cn: root
sn: root
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 0
uid: root
uidNumber: 0
homeDirectory: /home/root
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaHomePath: \\PDC-SRV\root
sambaHomeDrive: H:
sambaProfilePath: \\PDC-SRV\profiles\root
sambaPrimaryGroupSID: S-1-5-21-4205727931-4131263253-1851132061-512
sambaSID: S-1-5-21-4205727931-4131263253-1851132061-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaLMPassword: 600A867539982BF08E5D533411003C5C
sambaAcctFlags: [U]
sambaNTPassword: 2B4FE695A07847E3F92A21A30541CAD7
sambaPwdLastSet: 1170364033
sambaPwdMustChange: 1174252033
userPassword:: e1NTSEF9VmNibFFLQytRNHVONERhVFZkbTVYNWNPS1NwTVNsUkY=
# nobody, Users, GNUtoo.org
dn: uid=nobody,ou=Users,dc=GNUtoo,dc=org
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\PDC-SRV\nobody
sambaHomeDrive: H:
sambaProfilePath: \\PDC-SRV\profiles\nobody
sambaPrimaryGroupSID: S-1-5-21-4205727931-4131263253-1851132061-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NUD ]
sambaSID: S-1-5-21-4205727931-4131263253-1851132061-2998
loginShell: /bin/false
# Domain Admins, Groups, GNUtoo.org
dn: cn=Domain Admins,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-4205727931-4131263253-1851132061-512
sambaGroupType: 2
displayName: Domain Admins
# Domain Users, Groups, GNUtoo.org
dn: cn=Domain Users,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-4205727931-4131263253-1851132061-513
sambaGroupType: 2
displayName: Domain Users
memberUid: gentux
memberUid: samba
# Domain Guests, Groups, GNUtoo.org
dn: cn=Domain Guests,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-4205727931-4131263253-1851132061-514
sambaGroupType: 2
displayName: Domain Guests
# Domain Computers, Groups, GNUtoo.org
dn: cn=Domain Computers,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-4205727931-4131263253-1851132061-515
sambaGroupType: 2
displayName: Domain Computers
# Administrators, Groups, GNUtoo.org
dn: cn=Administrators,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
# Account Operators, Groups, GNUtoo.org
dn: cn=Account Operators,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
# Print Operators, Groups, GNUtoo.org
dn: cn=Print Operators,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
# Backup Operators, Groups, GNUtoo.org
dn: cn=Backup Operators,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
# Replicators, Groups, GNUtoo.org
dn: cn=Replicators,ou=Groups,dc=GNUtoo,dc=org
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
# NextFreeUnixId, GNUtoo.org
dn: cn=NextFreeUnixId,dc=GNUtoo,dc=org
gidNumber: 1000
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
cn: NextFreeUnixId
sn: NextFreeUnixId
uidNumber: 1001
# gentux, Users, GNUtoo.org
dn: uid=gentux,ou=Users,dc=GNUtoo,dc=org
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: gentux
sn: gentux
uid: gentux
uidNumber: 1006
gidNumber: 513
homeDirectory: /home/gentux
loginShell: /bin/bash
gecos: System User
description: System User
userPassword:: e1NTSEF9RzNkU2FQckNHL1FVTG1sdmhycS8zQU8zbzc4eGFrVkk=
# FC$, Computers, GNUtoo.org
dn: uid=FC$,ou=Computers,dc=GNUtoo,dc=org
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: FC$
sn: FC$
uid: FC$
uidNumber: 1007
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
# samba, Users, GNUtoo.org
dn: uid=samba,ou=Users,dc=GNUtoo,dc=org
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: samba
sn: samba
uid: samba
uidNumber: 1000
gidNumber: 513
homeDirectory: /home/samba
loginShell: /bin/bash
gecos: System User
description: System User
userPassword:: e1NTSEF9cCtEbWZ5UVBFYm1kRTkvQm1ra3RMdkJ1c1dJd1RUWTQ=
# DSA, GNUtoo.org
dn: ou=DSA,dc=GNUtoo,dc=org
objectClass: top
objectClass: organizationalUnit
ou: DSA
# search result
search: 2
result: 0 Success
# numResponses: 22
# numEntries: 21
by the way there is an alias: ldapsearch='ldapsearch -x -h localhost -D
"cn=Manager,dc=GNUtoo,dc=org" -W'
More information about the samba
mailing list