[Samba] Samba 3.6 File server with W2k3 DC

Juan Pablo Lorier jplorier at gmail.com
Mon Aug 12 11:04:03 MDT 2013 

Hi,

I've been fighting against a file server with samba  3.6.9-151.el6
authenticating from a windows 2003 server. I've read a thousand posts
and howtos with all kind of samba versions without success.
It looks like windbind is not processing things right. I've set the unix
permissions on the folder to CANAL4\graficos right and the parent folder
is world readable so this should not be the problem.
Any hints are appreciate.
This is the samba log for a client:

 [2013/08/12 13:56:21.449931,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.2.118 (192.168.2.118)
[2013/08/12 13:56:21.450014,  3] smbd/oplock.c:922(init_oplocks)
  init_oplocks: initializing messages.
[2013/08/12 13:56:21.450084,  3]
smbd/oplock_linux.c:239(linux_init_kernel_oplocks)
  Linux kernel oplocks enabled
[2013/08/12 13:56:21.450175,  3] smbd/process.c:1662(process_smb)
  Transaction 0 of length 159 (0 toread)
[2013/08/12 13:56:21.450217,  3] smbd/process.c:1467(switch_message)
  switch message SMBnegprot (pid 27114) conn 0x0
[2013/08/12 13:56:21.450509,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2013/08/12 13:56:21.450555,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN1.0]
[2013/08/12 13:56:21.450587,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2013/08/12 13:56:21.450621,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LM1.2X002]
[2013/08/12 13:56:21.450663,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN2.1]
[2013/08/12 13:56:21.450701,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [NT LM 0.12]
[2013/08/12 13:56:21.450734,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [SMB 2.002]
[2013/08/12 13:56:21.450767,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [SMB 2.???]
[2013/08/12 13:56:21.450857,  3] smbd/negprot.c:419(reply_nt1)
  using SPNEGO
[2013/08/12 13:56:21.450894,  3] smbd/negprot.c:704(reply_negprot)
  Selected protocol NT LM 0.12
[2013/08/12 13:56:21.480917,  3] smbd/process.c:1662(process_smb)
  Transaction 1 of length 1500 (0 toread)
[2013/08/12 13:56:21.481068,  3] smbd/process.c:1467(switch_message)
  switch message SMBsesssetupX (pid 27114) conn 0x0
[2013/08/12 13:56:21.481122,  3]
smbd/sesssetup.c:1333(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/08/12 13:56:21.481159,  2] smbd/sesssetup.c:1279(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2013/08/12 13:56:21.481193,  3]
smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/08/12 13:56:21.481240,  3]
smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/08/12 13:56:21.481306,  3]
smbd/sesssetup.c:660(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 1354
[2013/08/12 13:56:21.501097,  3] libads/authdata.c:332(decode_pac_data)
  Found account name from PAC: Graficos [Graficos]
[2013/08/12 13:56:21.501177,  3]
auth/user_krb5.c:50(get_user_from_kerberos_info)
  Kerberos ticket principal name is [Graficos at MONTECARLOTV.COM.UY]
[2013/08/12 13:56:21.502480,  3] smbd/password.c:298(register_existing_vuid)
  register_existing_vuid: User name: CANAL4\graficos    Real name: Graficos
[2013/08/12 13:56:21.502527,  3] smbd/password.c:308(register_existing_vuid)
  register_existing_vuid: UNIX uid 10002 is UNIX user CANAL4\graficos,
and will be vuid 101
[2013/08/12 13:56:21.502606,  3] smbd/password.c:238(register_homes_share)
  Adding homes service for user 'CANAL4\graficos' using home directory:
'/home/CANAL4/graficos'
[2013/08/12 13:56:21.502674,  3] param/loadparm.c:6582(lp_add_home)
  adding home's share [graficos] for user 'CANAL4\graficos' at
'/home/CANAL4/graficos'
[2013/08/12 13:56:21.503302,  3] smbd/process.c:1662(process_smb)
  Transaction 2 of length 118 (0 toread)
[2013/08/12 13:56:21.503371,  3] smbd/process.c:1467(switch_message)
  switch message SMBtconX (pid 27114) conn 0x0
[2013/08/12 13:56:21.503491,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.2.118 (192.168.2.118)
[2013/08/12 13:56:21.503540,  3]
../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID CANAL4\Datos is not in a valid format
[2013/08/12 13:56:21.504880,  2]
smbd/service.c:627(create_connection_session_info)
  user 'CANAL4\graficos' (from session setup) not permitted to access
this share (Datos)
[2013/08/12 13:56:21.504930,  1] smbd/service.c:805(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2013/08/12 13:56:21.504969,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/reply.c(803) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
[2013/08/12 13:56:21.505345,  3] smbd/process.c:1662(process_smb)
  Transaction 3 of length 43 (0 toread)
[2013/08/12 13:56:21.505412,  3] smbd/process.c:1467(switch_message)
  switch message SMBulogoffX (pid 27114) conn 0x0
[2013/08/12 13:56:21.505482,  3] smbd/reply.c:2096(reply_ulogoffX)
  ulogoffX vuid=101
[2013/08/12 13:56:32.383954,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.2.118 read error =
NT_STATUS_CONNECTION_RESET.
[2013/08/12 13:56:32.384103,  3] smbd/server_exit.c:181(exit_server_common)
  Server exit (failed to receive smb request)

More information about the samba mailing list