[Samba] Upgrade to sernet 3.5.1-42 not working

Andrew Masterson Andrew.Masterson at nuvistaenergy.com
Fri Mar 19 10:08:09 MDT 2010

I have installed 3.5.1-42.el5 on an RHEL 5.4 box, added it to the
domain, wbinfo -u and -g work fine.  kinit works fine.

It seems to recognize and use the global "admin users" section properly.
If I add people or groups to the admin users group in the global section
everything works fine. (this is obviously not the desired setup though)

It doesn't seem to honour the "valid users" section inside the shares,
however.  I can put whatever I want in there and it fails to recognize

The only error I can find is the following, however it seems unrelated
to putting people in the global admin users group or not and more to
unclean DNS.  This setup is working on an RHEL 5.4 with 3.3.10

[2010/03/19 10:00:11.062710,  0]
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2010/03/19 10:00:11.062784,  0]
  process_request_pdu: failed to do auth processing.
[2010/03/19 10:00:11.062826,  0]
  process_request_pdu: error was NT_STATUS_ACCESS_DENIED.
[2010/03/19 10:00:13.508036,  0] lib/util_sock.c:675(write_data)
[2010/03/19 10:00:13.508104,  0]
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client Error
Connection reset by peer
[2010/03/19 10:00:13.508224,  0] smbd/process.c:79(srv_send_smb)
  Error writing 4 bytes to client. -1. (Transport endpoint is not
[2010/03/19 10:00:13.528683,  0]
  canonicalize_connect_path failed for service G_drive, path
[2010/03/19 10:00:13.530587,  0]
  canonicalize_connect_path failed for service G_drive, path
[2010/03/19 10:00:15.753830,  0]
  canonicalize_connect_path failed for service G_drive, path


Load smb config files from /etc/samba/smb.conf
Processing section "[G_drive]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Press enter to see a dump of your service definitions

        workgroup = XXXX
        realm = XXXX.LOCAL
        server string = %h
        security = ADS
        password server = zeus dione
        client NTLMv2 auth = Yes
        log file = /var/log/samba/%m
        deadtime = 15
        printcap name = cups
        local master = No
        domain master = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /data/user_home/%D/%U
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind expand groups = 5
        admin users = "@XXXX+domain admins", XXXX+Administrator
        inherit owner = Yes
        use sendfile = Yes
        veto oplock files =
        access based share enum = Yes

        comment = G_Groups on Bubbles
        path = /data/G_drive
        valid users = "@XXXX+domain admins", "@XXXX+domain users",
XXXX+Administrator, @XXXX+r_g_drive
        read only = No
        force create mode = 0770
        force directory mode = 0770
        inherit permissions = Yes
        inherit acls = Yes
        hide unreadable = Yes
        browseable = No

More information about the samba mailing list