[Samba] Cannot get user level access to shares
isdtor
isdtor at gmail.com
Tue Dec 18 10:20:24 MST 2012
I'm setting up a new samba server under CentOS6.3, samba-3.5.10-125.el6.x86_64,
and am running into a strange problem I am unable to solve. There's actually
a bunch of problems, but I think they can be solved once this particular issue
is fixed.
Samba is set up as a PDC for WinXP clients. The old samba server bit the
dust and I had many problems trying to migrate. So I started from scratch
with a very basic configuration, straight from the RHEL6 documentation
("Primary Domain Controller (PDC) using tdbsam"), but even with this setup,
I keep running into the same issue. The logs (log level 2) are littered with
lines like these:
[2012/12/18 12:39:35.740861, 2]
smbd/service.c:587(create_connection_server_info)
guest user (from session setup) not permitted to access this share (MYID)
[2012/12/18 12:39:35.740893, 1] smbd/service.c:678(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
So, despite success login as MYID, samba only grants guest-level access to
this share. One consequence is that software like Office cannot save to
the share because it's "in use by another user". I can fix this bit with
various locking related options.
In order to discount issues with other network services, I have created
MYID and the corresponding home directory locally on the samba server.
Yet, the issue persists.
testparm output:
Server role: ROLE_DOMAIN_PDC
[global]
workgroup = MYGROUP
netbios name = SAMBA
server string = Samba Server Version %v
interfaces = lo, eth0, 10.20.11.131/24, 127.0.0.1
bind interfaces only = Yes
log level = 2
log file = /var/log/samba/log.%m
max log size = 50
add user script = /usr/sbin/useradd "%u" -n
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g" -n
delete group script = /usr/sbin/groupdel "%g"
delete user from group script = /usr/sbin/userdel "%u" "%g"
add machine script = /usr/sbin/useradd -n -g machines -c
"Machines (%M)" -M -d /nohome -s /bin/false "%u"
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
hosts allow = 127., 10.20.11.
cups options = raw
posix locking = No
[homes]
comment = Home Directories
read only = No
veto oplock files = /*.msf/Inbox/*.xls/*.csv/
browseable = No
More information about the samba
mailing list