[Samba] connection to IPC$ denied due to security descriptor

Geir A. Myrestrand geir.myrestrand at falconstor.com
Thu Jan 25 15:33:07 GMT 2007

Volker Lendecke wrote:
> On Thu, Jan 25, 2007 at 08:25:25AM -0500, Marc Delisle wrote:
>> In syslog there are plenty of these:
>> Jan 23 09:46:34 localhost smbd[5672]:   make_connection: connection to 
>> IPC$ denied due to security descriptor.

I see a lot of those messages too. I don't have any problems connecting 
to the share(s) though.

> Someone has used Windows srvmgr.exe or an equivalent tool to
> set a security descriptor for IPC$ in the file
> share_info.tdb.

Not the case for me.

> Either connect to the Samba server with
> srvmgr.exe and set the correct permissions on IPC$, or if
> all your access checks are done via 'valid users' and other
> setings in smb.conf, then you can safely delete the file
> share_info.tdb. But please be aware that this resets all
> custom share security descriptor settings back to default.

My share in a ADS setup with domain QWERTY is defined like this in smb.conf:

         path = /nas/NASDisk-00015/Test
         directory = /nas/NASDisk-00015/Test
         valid users = root, QWERTY\Administrator
         write list = QWERTY\Administrator

Here is the content of my share_info.tdb file:

# tdbdump share_info.tdb
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"

So are 'valid users' and possible other smb.conf share setting mutually 
exclusive with whatever is in share_info.tdb? What should I change to 
avoid the security descriptor messages?

Looks like there is some relationship between the share settings and 
share_info.tdb, but I am not quite sure how it should be done. Can you 
enlighten me or refer me to where this is documented?

I'm using Samba 3.0.23d.


Geir A. Myrestrand

More information about the samba mailing list