[Samba] Samba PDC: "not permitted to access this share"
Daniel Spannbauer
ds at marco.de
Wed Feb 10 01:06:18 MST 2010
Hello,
I run Samba 3.0.23d on a Host with SuSE 10.2, configured as PDC with
LDAP-Backend.
This is working so far since some month.
But one USer can't log in. Ith seems that samba does not have the
permission to acces the netlogon-share, whre the profile from "Default
User" is located.
The folder is readable for everyone, so, I think that this is not the
Problem.
Here is the smb.conf:
---------------------------------
[global]
workgroup = MARCO
netbios aliases = homedirs
server string = b-fs
passdb backend = ldapsam:"ldap://10.3.1.3"
username map = /etc/samba/smb-user-map
log level = 3
debug uid = Yes
smb ports = 139
name resolve order = wins host bcast
deadtime = 300
printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
logon script = logon.bat
logon path = \\%L\%U\.ntprofile
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
preferred master = Yes
local master = No
domain master = Yes
wins server = gate
kernel oplocks = No
ldap admin dn = cn=Administrator,dc=marco,dc=de
ldap group suffix = ou=group
ldap machine suffix = ou=Computers
ldap suffix = dc=marco,dc=de
ldap ssl = no
ldap user suffix = ou=people
create mask = 0775
directory mask = 0775
hide files =
/Desktop.ini/desktop.ini/ntuser.ini/NTUSER.*/tmp/RECYCLER/
map archive = No
share modes = No
delete readonly = Yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root, ds
csc policy = disable
-------------------------------------------------------------------
Here is a snipplet from the3 messages with loglevel 3:
--------------------------------------------------------------------
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)]
smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)]
smbd/service.c:make_connection_snum(950)
b-xp (10.3.1.6) connect to service IPC$ initially as user nobody
(uid=65534, gid=65534) (pid 28180)
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)]
smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 2, effective(0, 0), real(0, 0)]
smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)]
smbd/reply.c:reply_tcon_and_X(716)
tconX service=IPC$
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)]
smbd/process.c:process_smb(1110)
Transaction 105 of length 92
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)]
smbd/process.c:switch_message(914)
switch message SMBtrans2 (pid 28180) conn 0x8049b160
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)]
smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)]
smbd/process.c:process_smb(1110)
Transaction 106 of length 74
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)]
smbd/process.c:switch_message(914)
switch message SMBtconX (pid 28180) conn 0x0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)]
smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 2, effective(0, 0), real(0, 0)]
smbd/service.c:make_connection_snum(569)
guest user (from session setup) not permitted to access this share (ds)
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)]
smbd/error.c:error_packet(146)
error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)]
smbd/process.c:process_smb(1110)
Transaction 107 of length 43
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)]
smbd/process.c:switch_message(914)
switch message SMBulogoffX (pid 28180) conn 0x0
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)]
smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)]
smbd/reply.c:reply_ulogoffX(1618)
ulogoffX vuid=105
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)]
smbd/process.c:process_smb(1110)
Transaction 108 of length 39
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)]
smbd/process.c:switch_message(914)
switch message SMBtdis (pid 28180) conn 0x804998f8
---------------------------------------------------------------------------
Here is a ll on /var/lib/samba:
------------------------------------------------------------------
-rw------- 1 root root 8192 Aug 10 2007 account_policy.tdb
-rw-r--r-- 1 root root 40200 Feb 10 08:53 brlock.tdb
-rw-r--r-- 1 root root 523 Feb 10 08:59 browse.dat
-rw-r--r-- 1 root root 8192 Feb 10 08:53 connections.tdb
drwxrwxr-x 9 root ntadmin 4096 Nov 17 2008 drivers
-rw-r--r-- 1 root root 8192 Aug 6 2007 gencache.tdb
-rw------- 1 root root 8192 Aug 10 2007 group_mapping.tdb
-rw-r--r-- 1 root root 49152 Feb 10 09:03 locking.tdb
-rw-r--r-- 1 root root 696 Jul 31 2009 login_cache.tdb
-rw------- 1 root root 8192 Jan 27 15:21 messages.tdb
drwxr-xr-x 3 root root 4096 Feb 5 13:55 netlogon
-rw------- 1 root root 8192 Aug 10 2007 ntdrivers.tdb
-rw------- 1 root root 696 Aug 10 2007 ntforms.tdb
-rw------- 1 root root 16384 Feb 8 2008 ntprinters.tdb
drwxr-xr-x 2 root root 4096 Aug 10 2007 perfmon
drwxr-xr-x 2 root root 4096 Oct 30 12:15 printing
drwxrwx--- 2 root users 4096 Nov 27 2006 profiles
-rw------- 1 root root 16384 Aug 10 2007 registry.tdb
-rw-r--r-- 1 root root 24576 Feb 10 08:53 sessionid.tdb
-rw------- 1 root root 8192 Aug 10 2007 share_info.tdb
-rw-r--r-- 1 root root 16384 Jan 28 03:02 unexpected.tdb
drwxrwx--T 2 root users 4096 Jul 31 2009 usershares
----------------------------------------------------------------------
ll on /var/lib/samba/netlogon:
---------------------------------------------------------------------
drwxrwxrwx+ 14 root root 4096 Nov 3 16:05 Default User
-rw-r--r-- 1 root root 515 Dec 6 17:57 logon.bat
--------------------------------------------------------------------
Can anybody help me to figure out why there is a "permission denied"?
If you need more information, please let me know.
Regards
Daniel
--
Daniel Spannbauer Software Entwicklung
marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220
http://www.marco.de/ Email ds at marco.de
Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
More information about the samba
mailing list