[Samba] No access to share

Chris Boyd chris.boyd at usit.ie
Tue Jul 3 10:03:52 GMT 2007 

Running Debian Etch with Samba-3.0.24 and ldap...
I've set up a few users as part of the admin group and one in the users
group. When I log onto the XP machine they can see their home drives but I
get a command prompt asking for username and password for the server
(usit-file). Not even admin can login though. Even if I log onto the XP
machine as the domain admin I can't access the share.
The relevant bits:
 
smb.conf:
 
workgroup = usit

server string = %h server

wins support = yes

wins server = 10.133.1.21

dns proxy = yes

name resolve order = lmhosts host wins bcast

interfaces = 127.0.0.0/8 10.133.0.0/16 eth0

log file = /var/log/samba/log.%m

max log size = 1000

syslog = 10

panic action = /usr/share/samba/panic-action %d

security = user

encrypt passwords = true

passdb backend = ldapsam:ldap://10.133.1.21

ldap suffix = dc=usit,dc=ie

ldap machine suffix = ou=machines

ldap user suffix = ou=users

ldap group suffix = ou=groups

ldap admin dn = cn=admin,dc=usit,dc=ie

ldap delete dn = no

obey pam restrictions = yes

ldap password sync = yes 

invalid users = root

ldap passwd sync = Yes

passwd program = /usr/sbin/smbldap-passwd %u

passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*

domain logons = yes

enable privileges = yes

logon path =  <file://\\%N\profiles\%U> \\%N\profiles\%U

logon path = \\%N\%U\profile

logon drive = H:

logon home =  <file://\\%N\%U> \\%N\%U

logon script = logon.bat

add machine script = /usr/sbin/smbldap-useradd -w "%u" 

add user script = /usr/sbin/smbldap-useradd -m "%u"

ldap delete dn = Yes

delete user script = /usr/sbin/smbldap-userdel "%u"

add machine script = /usr/sbin/smbldap-useradd -w "%u"

add group script = /usr/sbin/smbldap-groupadd -p "%g"

delete group script = /usr/sbin/smbldap-groupdel "%g"

add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"

delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"

set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

domain master = yes

preferred master = yes

[homes]

comment = Home Directories

browseable = no

writable = yes

create mask = 0700

directory mask = 0700

valid users = %S

inherit acls = Yes

[netlogon]

comment = Network Logon Service

path = /home/samba/netlogon

guest ok = yes

writable = no

share modes = no

write list = "@admins"

[profiles]

comment = Users profiles

path = /home/samba/profiles

path = %H

guest ok = no

# browseable = no

store dos attributes = Yes

create mask = 0600

directory mask = 0700

[shared]

comment = Shared folder

path = /data/Shared

# force group = users

read only = no

create mask = 0770

directory mask = 0770

valid users = @admin, at users

Permissions:

usit-file:~#  ls -la /data/
total 16
drwxr-xr-x  4 root root  4096 2007-06-07 16:33 .
drwxr-xr-x 25 root root  4096 2007-06-08 14:52 ..
drwxr-xr-x  3 root root  4096 2007-06-07 16:33 AQ
drwxrwx--- 15 root users 4096 2007-06-08 11:51 Shared


Users: 

admin:*:0:20000:admin :/home/users/admins/in:
gal_script$:*:30000:515:Computer:/dev/null:/bin/false
ie-aqd-w089$:*:30001:515:Computer:/dev/null:/bin/false
aqd-christian$:*:30002:515:Computer:/dev/null:/bin/false
chris.boyd:*:1000:20000:Chris Boyd:/home/chris.boyd:/bin/bash
emmett.sutton:*:1001:20000:Emmett Sutton:/home/emmett.sutton:/bin/bash
bob.bobson:*:1002:20001:Bob Bobson:/home/bob.bobson:/bin/bash


Logon.bat:

net time \\usit-file /set /yes
net use s: \\usit-file\Shared


 


-----------------------------------------------------------------
This email message is intended only for the addressee(s) 
and contains information that may be confidential and/or 
copyrighted.  If you are not the intended recipient please 
notify the sender by reply email and immediately delete 
this email. Use, disclosure or reproduction of this email 
by anyone other than the intended recipient(s) is strictly 
prohibited. USIT has scanned this email for viruses and 
dangerous content and believes it to be clean. However, 
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------
USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 2.

More information about the samba mailing list