[Samba] ACLs, NT_STATUS_ACCESS_DENIED, etc.

Ken D'Ambrosio ken at jots.org
Wed Dec 1 01:01:23 MST 2010 

Hey, all.  I've got some irksome issues, and would love it if someone
could show me where I'm going wrong.

First and foremost, I can access the folders, create new ones, etc.  But
copying stuff from an existing Windows share (with ACLs), not so much. 
Likewise when I try to assign permissions.  I wind up with stuff like


[2010/12/01 02:56:34,  0] libsmb/ntlmssp_sign.c:208(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2010/12/01 02:56:34,  0] rpc_server/srv_pipe_hnd.c:395(process_request_pdu)
  process_request_pdu: failed to do auth processing.
[2010/12/01 02:56:34,  0] rpc_server/srv_pipe_hnd.c:396(process_request_pdu)
  process_request_pdu: error was NT_STATUS_ACCESS_DENIED.

Googling this stuff has been to pretty much no avail.  I'm running Ubuntu
10.04's Samba, v. 3.4.7~dfsg-1ubuntu3.2.  (I did try upgrading to 10.10's
Samba -- same problems, different errors.  Downgraded.)

Here's my smb.conf (I apologize for its messiness; t-shooting does that):


[global]
	workgroup = SEGWAY
	realm = SEGWAY.LOCAL
	netbios name = bed_fs1
	server string = %h server (Samba %v, Ubuntu)
	security = ADS
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	domain master = No
	dns proxy = No
	usershare allow guests = Yes
	allow trusted domains = yes
	panic action = /usr/share/samba/panic-action %d
	idmap uid = 1000-29999
	idmap gid = 1000-29999
	template shell = /bin/bash
	winbind separator = +
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = Yes

#[homes]
#comment = Home Directories
#browseable = yes
#valid users = %S
#writable = yes


[man_fs2]
path = /servers/man_fs2
valid users = @"SEGWAY+Domain Admins" , @"SEGWAY+Domain Users" ,
@"SEGWAY+Segway Team"
admin users = @"SEGWAY+Domain Admins" , root
write list = @"SEGWAY+Segway Team" , @"SEGWAY+Domain Admins" ,
@"SEGWAY+Domain Users"
directory mask = 0700
create mode = 0700
force create mode = 0700
force directory mode = 0700
read only = no
writeable = yes
available = yes
browseable = yes
public = yes
guest ok = yes
nt acl support = yes
#map archive = No
#map hidden = No
#map system = No
#map readonly = No


Thanks kindly!


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list