[Samba] connection to IPC$ denied due to security descriptor
Marc.Delisle at cegepsherbrooke.qc.ca
Thu Jan 25 16:39:03 GMT 2007
Geir A. Myrestrand a écrit :
> Volker Lendecke wrote:
>> On Thu, Jan 25, 2007 at 08:25:25AM -0500, Marc Delisle wrote:
>>> In syslog there are plenty of these:
>>> Jan 23 09:46:34 localhost smbd: make_connection: connection
>>> to IPC$ denied due to security descriptor.
> I see a lot of those messages too. I don't have any problems connecting
> to the share(s) though.
>> Someone has used Windows srvmgr.exe or an equivalent tool to
>> set a security descriptor for IPC$ in the file
> Not the case for me.
>> Either connect to the Samba server with
>> srvmgr.exe and set the correct permissions on IPC$, or if
>> all your access checks are done via 'valid users' and other
>> setings in smb.conf, then you can safely delete the file
>> share_info.tdb. But please be aware that this resets all
>> custom share security descriptor settings back to default.
> My share in a ADS setup with domain QWERTY is defined like this in
> path = /nas/NASDisk-00015/Test
> directory = /nas/NASDisk-00015/Test
> valid users = root, QWERTY\Administrator
> write list = QWERTY\Administrator
> Here is the content of my share_info.tdb file:
> # tdbdump share_info.tdb
> key(13) = "INFO/version\00"
> data(4) = "\02\00\00\00"
> So are 'valid users' and possible other smb.conf share setting mutually
> exclusive with whatever is in share_info.tdb? What should I change to
> avoid the security descriptor messages?
> Looks like there is some relationship between the share settings and
> share_info.tdb, but I am not quite sure how it should be done. Can you
> enlighten me or refer me to where this is documented?
> I'm using Samba 3.0.23d.
I did not know about tdbdump. Here is the content of mine:
# tdbdump /var/cache/samba/share_info.tdb
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"
We tried stopping Samba, renaming share_info.tdb and restart Samba: no luck.
More information about the samba