[Samba] connection to IPC$ denied due to security descriptor

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Thu Jan 25 16:39:03 GMT 2007


Geir A. Myrestrand a écrit :
> Volker Lendecke wrote:
>> On Thu, Jan 25, 2007 at 08:25:25AM -0500, Marc Delisle wrote:
>>> In syslog there are plenty of these:
>>> Jan 23 09:46:34 localhost smbd[5672]:   make_connection: connection 
>>> to IPC$ denied due to security descriptor.
> 
> I see a lot of those messages too. I don't have any problems connecting 
> to the share(s) though.
> 
>> Someone has used Windows srvmgr.exe or an equivalent tool to
>> set a security descriptor for IPC$ in the file
>> share_info.tdb.
> 
> Not the case for me.
> 
>> Either connect to the Samba server with
>> srvmgr.exe and set the correct permissions on IPC$, or if
>> all your access checks are done via 'valid users' and other
>> setings in smb.conf, then you can safely delete the file
>> share_info.tdb. But please be aware that this resets all
>> custom share security descriptor settings back to default.
> 
> My share in a ADS setup with domain QWERTY is defined like this in 
> smb.conf:
> 
> [Test]
>         path = /nas/NASDisk-00015/Test
>         directory = /nas/NASDisk-00015/Test
>         valid users = root, QWERTY\Administrator
>         write list = QWERTY\Administrator
> 
> Here is the content of my share_info.tdb file:
> 
> # tdbdump share_info.tdb
> {
> key(13) = "INFO/version\00"
> data(4) = "\02\00\00\00"
> }
> 
> So are 'valid users' and possible other smb.conf share setting mutually 
> exclusive with whatever is in share_info.tdb? What should I change to 
> avoid the security descriptor messages?
> 
> Looks like there is some relationship between the share settings and 
> share_info.tdb, but I am not quite sure how it should be done. Can you 
> enlighten me or refer me to where this is documented?
> 
> I'm using Samba 3.0.23d.
> 

I did not know about tdbdump. Here is the content of mine:

# tdbdump /var/cache/samba/share_info.tdb
{
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"
}

We tried stopping Samba, renaming share_info.tdb and restart Samba: no luck.

Marc Delisle


More information about the samba mailing list