[Samba] connection to IPC$ denied due to security descriptor

[Edmundo Valle Neto]

richid escreveu:
> Hey all,
>
> I have a fileserver running Debian Etch and Samba 3.0.24 that I use to serve
> media and private home directories.  I have a couple roommates, and
> therefore have a couple accounts on the box for those users.  I had
> everything working perfectly until last week when my system drive took a
> crap.  I've reinstalled everything exactly the same (I think?) but now I am
> having problems with some accounts not being able to connect to the shares. 
> My username can connect to my home share and the communal media share just
> fine.  When I try to connect to another users home share or to the media
> share with their username, I keep getting the password dialog box.  I've
> ensured that they are in smbpasswd and that their password is correct.  I've
> also verified this using smbclient.  
>
> DETAILS:
>
> The log file is reporting this error when I try to connect:
>     make_connection: connection to IPC$ denied due to security descriptor.
>
> Here is output from smbclient:
>     bob at warehouse:~$ smbclient //warehouse/media -U bob
>     Password: 
>     Domain=[WAREHOUSE] OS=[Unix] Server=[Samba 3.0.24]
>     smb: \> ls
>       .                                   D        0  Thu Oct 18 11:25:22
> 2007
>       ..                                  D        0  Wed Nov  7 21:47:06
> 2007
>       audio                               D        0  Tue Nov 13 23:40:25
> 2007
>       downloads                           D        0  Tue Nov 13 23:41:11
> 2007
>       video                               D        0  Thu Nov 15 23:00:34
> 2007
>
>                     44708 blocks of size 33553920. 25310 blocks available
>     smb: \> 
>
> Here is my smb.conf:
>
> [global]
>    netbios name = warehouse
>    server string = warehouse
>    dns proxy = no
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    security = user
>    encrypt passwords = true
>    passdb backend = tdbsam
>    obey pam restrictions = yes
>    invalid users = root
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n 
>    socket options = TCP_NODELAY
>    domain master = auto
>
> force user = %U
> force group = users
>
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>    create mask = 0700
>    directory mask = 0700
>    force group = %G
>    valid users = %S
>
> [media]
>    comment = Media
>    path = /mnt/storage/media
>    browsable = yes
>    writeable = yes
>    create mask = 0775
>    directory mask = 0775
>    #guest ok = yes
>    hide files = /*.dat/
>
>
> It's pretty basic, I'm not doing anything special here.  Anyone have any
> idea what the problem is?  I've also read a couple other threads, and have
> already tried removing the /var/run/samba/share_info.tdb file and restarting
> Samba, but that hasn't worked.  I'm really stumped on this one, anyone else?
>
> Thanks in advance,
> Rich
>   

I have something similar with the computers in my home using Ubuntu 
(that uses almost the same samba package), I can say one thing, it 
doesn't seems to triggered with something inside share_info.tdb, putting 
the line "force group = users" (that I think I never used before) gives 
me "make_connection: connection to IPC$ denied due to security 
descriptor." errors when I log on a Windows XP in the same network, and 
it appears to happen when XP tries to connect to samba with the guest 
account to get the list of shares. But I haven't noted any problem 
because of that. Samba continues to accept connections using already 
created accounts.

So, I don't have sure if your problem has anything to do with that error 
message.

Testparm gives you any error?
Listing the shares with these accounts work? smbclient -L localhost 
-Uanyuser%password ?

Regards.

Edmundo Valle Neto