ham,[Samba] No access to share
Chris Boyd
chris.boyd at usit.ie
Wed Jul 4 14:17:20 GMT 2007
All the group mappings are in place:
net groupmap list
Domain Admins (S-1-5-21-1953726507-754737620-746616776-20000) -> admins
Domain Guests (S-1-5-21-1953726507-754737620-746616776-20002) -> guests
Domain Users (S-1-5-21-1953726507-754737620-746616776-20001) -> users
getent passwd
admin:*:0:20000:admin :/home/users/admins/in:
gal_script$:*:30000:515:Computer:/dev/null:/bin/false
ie-aqd-w089$:*:30001:515:Computer:/dev/null:/bin/false
aqd-christian$:*:30002:515:Computer:/dev/null:/bin/false
chris.boyd:*:1000:20000:Chris Boyd:/home/chris.boyd:/bin/bash
emmett.sutton:*:1001:20000:Emmett Sutton:/home/emmett.sutton:/bin/bash
bob.bobson:*:1002:20001:Bob Bobson:/home/bob.bobson:/bin/bash
getent group
admins:*:20000:
guests:*:20002:
users:*:20001:
I changed the "valid users = USIT\%S" and "valid users = @USIT\admin,
@USIT\users"
Commented out the second path statement under profiles.
Still whenever I log onto as say chris.boyd I can access the home drive and
is mapped but still get the command prompt from the logon script saying
"invalid password for usit-file <file://usit-file/> " and refuses to allow
access to the share even with the admin logon. Strangely the profile folders
show up in the home folder and there are no desktop icons showing?
The machine log shows for that logon:
[2007/07/04 10:52:35, 0] printing/pcap.c:pcap_cache_reload(159)
Unable to open printcap file /etc/printcap for read!
[2007/07/04 10:59:23, 1] smbd/service.c:close_cnum(1150)
aqd-christian (10.133.2.46) closed connection to service profiles
[2007/07/04 10:59:23, 1] smbd/service.c:close_cnum(1150)
aqd-christian (10.133.2.46) closed connection to service profiles
[2007/07/04 10:59:57, 1] smbd/service.c:close_cnum(1150)
aqd-christian (10.133.2.46) closed connection to service netlogon
[2007/07/04 11:01:19, 1] smbd/service.c:close_cnum(1150)
aqd-christian (10.133.2.46) closed connection to service chris.boyd
-----Original Message-----
From: Dale Schroeder [mailto:dale at BriannasSaladDressing.com]
Sent: 03 July 2007 18:04
To: Chris Boyd
Subject: Re: ham,[Samba] No access to share
Chris,
If your problem turns out to be ldap, I am not of much use. However, have
you done all the group mapping? Did you take into account the ldap schema
changes since 3.0.23? Are your groups domain groups? If yes, then it
should be "valid users = DOMAIN\%S" and "valid users = @DOMAIN\admin,
@DOMAIN\users".
See
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html.
You also have two "paths" listed under [profiles].
Can't think of anything more to suggest. If all this fails, provide an
error log to the list.
Good luck,
Dale
Chris Boyd wrote:
Running Debian Etch with Samba-3.0.24 and ldap...
I've set up a few users as part of the admin group and one in the users
group. When I log onto the XP machine they can see their home drives but I
get a command prompt asking for username and password for the server
(usit-file). Not even admin can login though. Even if I log onto the XP
machine as the domain admin I can't access the share.
The relevant bits:
smb.conf:
workgroup = usit
server string = %h server
wins support = yes
wins server = 10.133.1.21
dns proxy = yes
name resolve order = lmhosts host wins bcast
interfaces = 127.0.0.0/8 10.133.0.0/16 eth0
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 10
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://10.133.1.21
ldap suffix = dc=usit,dc=ie
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=usit,dc=ie
ldap delete dn = no
obey pam restrictions = yes
ldap password sync = yes
invalid users = root
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
domain logons = yes
enable privileges = yes
logon path = <file://\\%N\profiles\%U> <file://\\%N\profiles\%U>
\\%N\profiles\%U
logon path = \\%N\%U\profile
logon drive = H:
logon home = <file://\\%N\%U> <file://\\%N\%U> \\%N\%U
logon script = logon.bat
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = yes
preferred master = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
valid users = %S
inherit acls = Yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
write list = "@admins"
[profiles]
comment = Users profiles
path = /home/samba/profiles
path = %H
guest ok = no
# browseable = no
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[shared]
comment = Shared folder
path = /data/Shared
# force group = users
read only = no
create mask = 0770
directory mask = 0770
valid users = @admin, at users
Permissions:
usit-file:~# ls -la /data/
total 16
drwxr-xr-x 4 root root 4096 2007-06-07 16:33 .
drwxr-xr-x 25 root root 4096 2007-06-08 14:52 ..
drwxr-xr-x 3 root root 4096 2007-06-07 16:33 AQ
drwxrwx--- 15 root users 4096 2007-06-08 11:51 Shared
Users:
admin:*:0:20000:admin :/home/users/admins/in:
gal_script$:*:30000:515:Computer:/dev/null:/bin/false
ie-aqd-w089$:*:30001:515:Computer:/dev/null:/bin/false
aqd-christian$:*:30002:515:Computer:/dev/null:/bin/false
chris.boyd:*:1000:20000:Chris Boyd:/home/chris.boyd:/bin/bash
emmett.sutton:*:1001:20000:Emmett Sutton:/home/emmett.sutton:/bin/bash
bob.bobson:*:1002:20001:Bob Bobson:/home/bob.bobson:/bin/bash
Logon.bat:
net time \\usit-file /set /yes
net use s: \\usit-file\Shared
-----------------------------------------------------------------
This email message is intended only for the addressee(s)
and contains information that may be confidential and/or
copyrighted. If you are not the intended recipient please
notify the sender by reply email and immediately delete
this email. Use, disclosure or reproduction of this email
by anyone other than the intended recipient(s) is strictly
prohibited. USIT has scanned this email for viruses and
dangerous content and believes it to be clean. However,
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------
USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay
Dublin 2.
_____
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.476 / Virus Database: 269.9.14/883 - Release Date: 7/1/2007
12:19 PM
-----------------------------------------------------------------
This email message is intended only for the addressee(s)
and contains information that may be confidential and/or
copyrighted. If you are not the intended recipient please
notify the sender by reply email and immediately delete
this email. Use, disclosure or reproduction of this email
by anyone other than the intended recipient(s) is strictly
prohibited. USIT has scanned this email for viruses and
dangerous content and believes it to be clean. However,
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------
USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 2.
More information about the samba
mailing list