[Samba] connection to IPC$ denied due to security descriptor

[Geir A. Myrestrand]

Volker Lendecke wrote:
> On Thu, Jan 25, 2007 at 08:25:25AM -0500, Marc Delisle wrote:
>> In syslog there are plenty of these:
>> Jan 23 09:46:34 localhost smbd[5672]:   make_connection: connection to 
>> IPC$ denied due to security descriptor.

I see a lot of those messages too. I don't have any problems connecting 
to the share(s) though.

> Someone has used Windows srvmgr.exe or an equivalent tool to
> set a security descriptor for IPC$ in the file
> share_info.tdb.

Not the case for me.

> Either connect to the Samba server with
> srvmgr.exe and set the correct permissions on IPC$, or if
> all your access checks are done via 'valid users' and other
> setings in smb.conf, then you can safely delete the file
> share_info.tdb. But please be aware that this resets all
> custom share security descriptor settings back to default.

My share in a ADS setup with domain QWERTY is defined like this in smb.conf:

[Test]
         path = /nas/NASDisk-00015/Test
         directory = /nas/NASDisk-00015/Test
         valid users = root, QWERTY\Administrator
         write list = QWERTY\Administrator

Here is the content of my share_info.tdb file:

# tdbdump share_info.tdb
{
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"
}

So are 'valid users' and possible other smb.conf share setting mutually 
exclusive with whatever is in share_info.tdb? What should I change to 
avoid the security descriptor messages?

Looks like there is some relationship between the share settings and 
share_info.tdb, but I am not quite sure how it should be done. Can you 
enlighten me or refer me to where this is documented?

I'm using Samba 3.0.23d.

-- 

Geir A. Myrestrand