[Samba] Some users / Access Denied

Abizmil Benjamin Benjamin.Abizmil at devoteam.com
Tue Mar 31 11:47:10 GMT 2009

Hi everyone,

I'm requesting your help about an issue i'm faced with since 2 weeks. 
I've setting up a Solaris Server (Solaris 10 Update 6) with zoning. On a zone I've enable the samba service (samba v 3.0.28). 

In my smb.conf, my auth section looks like that : 

workgroup = Mydomain
netbios name = MyComputer
server string = MyComputer
security = ADS
use kerberos keytab = true
winbind separator = -
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
# winbind cache time = 1800
idmap uid = 100000-200000
idmap gid = 100000-200000
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client NTLMv2 auth = yes
password server = MyDC, MyDC2, MyDC3
realm = MyDomain.DOM
passdb backend = smbpasswd
# encrypt passwords = yes
wins support = no
wins server = MyDC
wins proxy = no
dns proxy = no
nt acl support = no
add user script = /usr/sbin/useradd %u
add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
delete user script = /usr/sbin/userdel %u
delete user from group script = /usr/sbin/deluser %u %g
delete group script = /usr/sbin/groupdel %g

For the shares : 

path = /partage/%S
writable = yes
acl check permissions = False
vfs objects = zfsacl
create mask = 0700
directory mask = 0700

In addition, I have a krb5.conf for kerberos.

Everything works fine for me and most of users but some of them can't access some shares. The strange thing is that they are in groups which normally allowed them to. 

When i exec a wbinfo -r user, I saw them in the right group (the one put on the share) !!! In the log I just see an NT_ACCESS_DENIED without more explanation.

So if someone could help ...

More information about the samba mailing list