[Samba] Samba PDC: "not permitted to access this share"

Daniel Spannbauer ds at marco.de
Wed Feb 10 01:06:18 MST 2010


Hello,

I run Samba 3.0.23d on a Host with SuSE 10.2, configured as PDC with 
LDAP-Backend.
This is working so far since some month.

But one USer can't log in. Ith seems that samba does not have the 
permission to acces the netlogon-share, whre the profile from "Default 
User" is located.
The folder is readable for everyone, so, I think that this is not the 
Problem.

Here is the smb.conf:

---------------------------------
[global]
         workgroup = MARCO
         netbios aliases = homedirs
         server string = b-fs
         passdb backend = ldapsam:"ldap://10.3.1.3"
         username map = /etc/samba/smb-user-map
         log level = 3
         debug uid = Yes
         smb ports = 139
         name resolve order = wins host bcast
         deadtime = 300
         printcap name = cups
         add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$
         logon script = logon.bat
         logon path = \\%L\%U\.ntprofile
         logon drive = H:
         logon home = \\%L\%U
         domain logons = Yes
         preferred master = Yes
         local master = No
         domain master = Yes
         wins server = gate
         kernel oplocks = No
         ldap admin dn = cn=Administrator,dc=marco,dc=de
         ldap group suffix = ou=group
         ldap machine suffix = ou=Computers
         ldap suffix = dc=marco,dc=de
         ldap ssl = no
         ldap user suffix = ou=people
         create mask = 0775
         directory mask = 0775
         hide files = 
/Desktop.ini/desktop.ini/ntuser.ini/NTUSER.*/tmp/RECYCLER/
         map archive = No
         share modes = No
         delete readonly = Yes

[netlogon]
         comment = Network Logon Service
         path = /var/lib/samba/netlogon
         write list = root, ds
         csc policy = disable

-------------------------------------------------------------------


Here is a snipplet from the3 messages with loglevel 3:

--------------------------------------------------------------------
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(241)
   setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] 
smbd/service.c:make_connection_snum(950)
   b-xp (10.3.1.6) connect to service IPC$ initially as user nobody 
(uid=65534, gid=65534) (pid 28180)
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] 
smbd/sec_ctx.c:set_sec_ctx(241)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 2, effective(0, 0), real(0, 0)] 
smbd/reply.c:reply_tcon_and_X(711)
   Serving IPC$ as a Dfs root
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] 
smbd/reply.c:reply_tcon_and_X(716)
   tconX service=IPC$
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] 
smbd/process.c:process_smb(1110)
   Transaction 105 of length 92
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] 
smbd/process.c:switch_message(914)
   switch message SMBtrans2 (pid 28180) conn 0x8049b160
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(241)
   setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] 
smbd/process.c:process_smb(1110)
   Transaction 106 of length 74
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] 
smbd/process.c:switch_message(914)
   switch message SMBtconX (pid 28180) conn 0x0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] 
smbd/sec_ctx.c:set_sec_ctx(241)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 2, effective(0, 0), real(0, 0)] 
smbd/service.c:make_connection_snum(569)
   guest user (from session setup) not permitted to access this share (ds)
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] 
smbd/error.c:error_packet(146)
   error packet at smbd/reply.c(676) cmd=117 (SMBtconX) 
NT_STATUS_ACCESS_DENIED
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] 
smbd/process.c:process_smb(1110)
   Transaction 107 of length 43
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] 
smbd/process.c:switch_message(914)
   switch message SMBulogoffX (pid 28180) conn 0x0
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(241)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] 
smbd/reply.c:reply_ulogoffX(1618)
   ulogoffX vuid=105
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] 
smbd/process.c:process_smb(1110)
   Transaction 108 of length 39
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] 
smbd/process.c:switch_message(914)
   switch message SMBtdis (pid 28180) conn 0x804998f8
---------------------------------------------------------------------------


Here is a ll on /var/lib/samba:

------------------------------------------------------------------

-rw------- 1 root root     8192 Aug 10  2007 account_policy.tdb
-rw-r--r-- 1 root root    40200 Feb 10 08:53 brlock.tdb
-rw-r--r-- 1 root root      523 Feb 10 08:59 browse.dat
-rw-r--r-- 1 root root     8192 Feb 10 08:53 connections.tdb
drwxrwxr-x 9 root ntadmin  4096 Nov 17  2008 drivers
-rw-r--r-- 1 root root     8192 Aug  6  2007 gencache.tdb
-rw------- 1 root root     8192 Aug 10  2007 group_mapping.tdb
-rw-r--r-- 1 root root    49152 Feb 10 09:03 locking.tdb
-rw-r--r-- 1 root root      696 Jul 31  2009 login_cache.tdb
-rw------- 1 root root     8192 Jan 27 15:21 messages.tdb
drwxr-xr-x 3 root root     4096 Feb  5 13:55 netlogon
-rw------- 1 root root     8192 Aug 10  2007 ntdrivers.tdb
-rw------- 1 root root      696 Aug 10  2007 ntforms.tdb
-rw------- 1 root root    16384 Feb  8  2008 ntprinters.tdb
drwxr-xr-x 2 root root     4096 Aug 10  2007 perfmon
drwxr-xr-x 2 root root     4096 Oct 30 12:15 printing
drwxrwx--- 2 root users    4096 Nov 27  2006 profiles
-rw------- 1 root root    16384 Aug 10  2007 registry.tdb
-rw-r--r-- 1 root root    24576 Feb 10 08:53 sessionid.tdb
-rw------- 1 root root     8192 Aug 10  2007 share_info.tdb
-rw-r--r-- 1 root root    16384 Jan 28 03:02 unexpected.tdb
drwxrwx--T 2 root users    4096 Jul 31  2009 usershares
----------------------------------------------------------------------

ll on /var/lib/samba/netlogon:

---------------------------------------------------------------------
drwxrwxrwx+ 14 root root 4096 Nov  3 16:05 Default User
-rw-r--r--   1 root root  515 Dec  6 17:57 logon.bat

--------------------------------------------------------------------


Can anybody help me to figure out why there is a "permission denied"?
If you need more information, please let me know.


Regards

Daniel




-- 
Daniel Spannbauer                         Software Entwicklung
marco Systemanalyse und Entwicklung GmbH  Tel   +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen   Mobil +49 171 4033220
http://www.marco.de/                      Email ds at marco.de
Geschäftsführer Martin Reuter             HRB 171775 Amtsgericht München


More information about the samba mailing list