[Samba] Access denied to samba server from win7 64bit behind a VPN

Vincent Malien admin at socofer.com
Fri May 13 08:00:20 MDT 2011


I have a problem of Access denied to samba server from win7 64bit behind 
a VPN.
the samba server is 3.2.5-4 release on a debian lenny (I will upgrade it 
soon), member of a win2K AD domain.
the win7 PCs are on the same AD domain, they can access to an other 
samba server witch is very similar (same release, same smb.conf, same 
VPN config).
If I do on a win7 PC: net view \\srvlinux
I see:
L'erreur système 5 s'est produite.
Accès refusé.
on srvlinux, in /var/log/samba/log.PCname, I see:
[2011/05/13 11:26:34,  0] lib/util_sock.c:read_socket_with_timeout(939)
[2011/05/13 11:26:34,  0] lib/util_sock.c:get_peer_addr_internal(1683)
   getpeername failed. Error was Noeud final de transport n'est pas connecté
   read_socket_with_timeout: client read error = Connexion 
ré-initialisée par le correspondant.
I think this timeout is because of  the VPN link, but it's the same log 
on the other samba server witch I can access.
I tried to un-join & join server & PC to the domain, but it didn't 
solved.  I also tried with several windows user who can access srvlinux 
from other PCs on the two sides of the VPN.
Any help is welcome .
Vincent MALIEN

this is my smb.conf:
    workgroup = SOCOFER
    server string = %h server web interne et FTP (Samba %v)
;   wins server = w.x.y.z
    dns proxy = no
;   name resolve order = lmhosts host wins bcast
;   interfaces = eth0
;   bind interfaces only = yes
    dos charset = cp850
    unix charset = ISO-8859-1
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    security = ADS
    realm = SOCOFER.DOM
    password server =
    client use spnego = yes
    encrypt passwords = true
    passdb backend = tdbsam
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
;   domain logons = yes
;   logon path = \\%N\profiles\%U
;   logon drive = H:
;   logon script = logon.cmd
; add user script = /usr/sbin/adduser --quiet --disabled-password 
--gecos "" %u
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine 
account" -d /var/lib/samba -s /bin/false %u
; add group script = /usr/sbin/addgroup --force-badname %g
;   printing = bsd
;   printcap name = /etc/printcap
;   printing = cups
;   printcap name = cups
;   include = /home/samba/etc/smb.conf.%m
;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
    winbind separator = +
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    template homedir = /home/%D/%U
    template shell = /bin/bash
    winbind enum groups = yes
    winbind enum users = yes
    usershare max shares = 100
    winbind use default domain = yes
# empêche le client de devenir maitre explorateur
    domain master = no
    local master = no
    preferred master = no
    os level = 0
    comment = Home Directories
    browseable = yes
    writable = yes
    create mask = 0777
    directory mask = 0777
    valid users = %S

More information about the samba mailing list