[Samba] NT_STATUS_NETWORK_ACCESS_DENIED for a single user
Lorenzo Milesi
maxxer at ufficyo.com
Thu Sep 12 08:45:20 MDT 2013
I've a "special" user (it has nothing special, just this exception) in a group that cannot access a share.
I check share access using UNIX permissions.
This is the share definition:
[progettazione]
comment = progettazione
path = /dati/progettazione
writeable = yes
browseable = Yes
directory mask = 0770
create mask = 0775
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
hide unreadable = Yes
force create mode = 0775
force directory mode = 6775
vfs object = recycle
recycle: config-files = /etc/samba/samba-recycle.conf
this is the directory permission
# ls -la /dati/progettazione/ | head
drwxrws--- 55 lorenzo progettazione 4096 2013-09-12 10:10 .
drwxr-xr-x 20 root root 4096 2013-07-22 08:29 ..
all the user in "progettazione" group can access the share EXCEPT this one:
# groups bosco
bosco : dipendenti disegni progettazione
I'm not using acl, anyway I tried remounting the partition without acl and nothing changes.
This user and group comes from ldap. If I
# su - bosco
I can chdir to /dati/progettazione without issues.
The only strange thing I experience is that whether ls and all unix commands decode users and group correctly when I sudo as the "bosco" user the prompt cannot decode user and groups.
# su - bosco
groups: impossibile trovare il nome del gruppo con id 10001
groups: impossibile trovare il nome del gruppo con id 10003
groups: impossibile trovare il nome del gruppo con id 10010
Manca il nome at file-server:~$ id
uid=10010 gid=10001 gruppi=10001,10003,10010
10010 is gid of group "progettazione".
Adding o+rwx permissions to the directory allows the user to chdir. It seems like
I really don't know what else to look for.
Any help is welcome.
thanks
--
Lorenzo Milesi - lorenzo.milesi at yetopen.it
YetOpen S.r.l. - http://www.yetopen.it/
More information about the samba
mailing list