[Samba] Samba 4 AD share: Access denied
Ryan Ashley
ryana at reachtechfp.com
Mon Jul 28 09:16:26 MDT 2014
Found the problem, I believe
[2014/07/28 10:14:44.828015, 3]
../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect]
expiration Mon, 28 Jul 2014 20:14:44 EDT
[2014/07/28 10:31:37.274435, 0]
../source3/winbindd/winbindd.c:266(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2014/07/28 11:02:32.032341, 3]
../source3/winbindd/idmap.c:230(idmap_init_domain)
idmap backend ad not found
[2014/07/28 11:02:32.051673, 3]
../source3/winbindd/idmap.c:235(idmap_init_domain)
Could not probe idmap module ad
As you can see, winbind is having issues with AD. What could cause this?
Currently I have set share permissions in Linux to 777 and am running S4
4.1.10 from the v4-1-stable branch. Is this something I can fix?
On 07/28/2014 10:19 AM, Ryan Ashley wrote:
> Great, so by doing "git clone git://git.samba.org/samba.git
> samba-master" I am by default cloning the testing branch. I am going
> to do a checkout on stable and try again.
>
> On 07/28/2014 10:11 AM, Rowland Penny wrote:
>> On 28/07/14 15:00, Ryan Ashley wrote:
>>> Odd, but it says I am using 4.2.0, which is higher than 4.1.8.
>>>
>>> root at fs01:/usr/src/samba-master# samba-tool -V
>>> 4.2.0pre1-GIT-d097898
>>> root at fs01:/usr/src/samba-master# winbindd -V
>>> Version 4.2.0pre1-GIT-d097898
>>> root at fs01:/usr/src/samba-master# nmbd -V
>>> Version 4.2.0pre1-GIT-d097898
>>> root at fs01:/usr/src/samba-master#
>>>
>>> I normally clone, configure, and build. Is the stable branch not
>>> default? Am I building a testing branch? Should I checkout on the
>>> stable branch?
>>>
>>> On 07/28/2014 09:50 AM, Rowland Penny wrote:
>>>> On 28/07/14 14:41, Ryan Ashley wrote:
>>>>> Alright, I was poking around this morning trying to make this
>>>>> work, and noticed something odd. Loads of zombie nmbd processes.
>>>>> Check out the dump below and tell me, what is going on here? Is
>>>>> this my problem?
>>>>>
>>>>> root at fs01:~# ps x
>>>>> PID TTY STAT TIME COMMAND
>>>>> 1 ? Ss 0:02 init [2]
>>>>> 2 ? S 0:00 [kthreadd]
>>>>> 3 ? S 0:00 [ksoftirqd/0]
>>>>> 5 ? S 0:00 [kworker/u:0]
>>>>> 6 ? S 0:00 [migration/0]
>>>>> 7 ? S 0:01 [watchdog/0]
>>>>> 8 ? S< 0:00 [cpuset]
>>>>> 9 ? S< 0:00 [khelper]
>>>>> 10 ? S 0:00 [kdevtmpfs]
>>>>> 11 ? S< 0:00 [netns]
>>>>> 12 ? S 0:00 [xenwatch]
>>>>> 13 ? S 0:00 [xenbus]
>>>>> 14 ? S 0:01 [sync_supers]
>>>>> 15 ? S 0:00 [bdi-default]
>>>>> 16 ? S< 0:00 [kintegrityd]
>>>>> 17 ? S< 0:00 [kblockd]
>>>>> 19 ? S 0:00 [khungtaskd]
>>>>> 20 ? S 0:00 [kswapd0]
>>>>> 21 ? SN 0:00 [ksmd]
>>>>> 22 ? SN 0:00 [khugepaged]
>>>>> 23 ? S 0:00 [fsnotify_mark]
>>>>> 24 ? S< 0:00 [crypto]
>>>>> 173 ? S 0:00 [jbd2/xvda1-8]
>>>>> 174 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 183 ? S 0:00 [kworker/u:1]
>>>>> 313 ? Ss 0:00 udevd --daemon
>>>>> 420 ? S 0:00 udevd --daemon
>>>>> 425 ? S 0:00 udevd --daemon
>>>>> 433 ? S 0:00 [khubd]
>>>>> 438 ? S< 0:00 [kpsmoused]
>>>>> 445 ? S< 0:00 [ata_sff]
>>>>> 471 ? S 0:00 [scsi_eh_0]
>>>>> 472 ? S 0:00 [scsi_eh_1]
>>>>> 1295 ? S 0:00 [jbd2/xvda2-8]
>>>>> 1296 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1297 ? S 0:01 [flush-202:0]
>>>>> 1298 ? S 0:00 [jbd2/xvda9-8]
>>>>> 1299 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1300 ? S 0:00 [jbd2/xvda10-8]
>>>>> 1301 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1302 ? S 0:00 [jbd2/xvda8-8]
>>>>> 1303 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1307 ? S 0:00 [jbd2/xvda11-8]
>>>>> 1308 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1309 ? S 0:00 [jbd2/xvda3-8]
>>>>> 1310 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1311 ? S 0:00 [jbd2/xvda4-8]
>>>>> 1312 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1313 ? S 0:00 [jbd2/xvda5-8]
>>>>> 1314 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1315 ? S 0:00 [jbd2/xvda6-8]
>>>>> 1316 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1317 ? S 0:00 [jbd2/xvda7-8]
>>>>> 1318 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1319 ? S 0:00 [jbd2/xvdb1-8]
>>>>> 1320 ? S< 0:00 [ext4-dio-unwrit]
>>>>> 1780 ? Sl 0:00 /usr/sbin/rsyslogd -c5
>>>>> 1811 ? Ss 0:00 /usr/sbin/acpid
>>>>> 1903 ? Ss 0:00 /usr/sbin/cron
>>>>> 1998 ? Ss 0:00 /usr/sbin/sshd
>>>>> 2022 tty1 Ss+ 0:00 /sbin/getty 38400 tty1
>>>>> 2023 tty2 Ss+ 0:00 /sbin/getty 38400 tty2
>>>>> 2024 tty3 Ss+ 0:00 /sbin/getty 38400 tty3
>>>>> 2025 tty4 Ss+ 0:00 /sbin/getty 38400 tty4
>>>>> 2026 tty5 Ss+ 0:00 /sbin/getty 38400 tty5
>>>>> 2027 tty6 Ss+ 0:00 /sbin/getty 38400 tty6
>>>>> 2041 ? Ss 0:03 nmbd
>>>>> 2043 ? Ss 0:03 smbd
>>>>> 2045 ? Ss 0:00 winbindd
>>>>> 2046 ? S 0:02 winbindd
>>>>> 2047 ? S 0:00 winbindd
>>>>> 2048 ? S 0:00 winbindd
>>>>> 2049 ? S 0:00 smbd
>>>>> 2067 ? Z 0:00 [nmbd] <defunct>
>>>>> 2085 ? Z 0:00 [nmbd] <defunct>
>>>>> 2109 ? Z 0:00 [nmbd] <defunct>
>>>>> 2127 ? Z 0:00 [nmbd] <defunct>
>>>>> 2145 ? Z 0:00 [nmbd] <defunct>
>>>>> 2163 ? Z 0:00 [nmbd] <defunct>
>>>>> 2185 ? Z 0:00 [nmbd] <defunct>
>>>>> 2203 ? Z 0:00 [nmbd] <defunct>
>>>>> 2223 ? Z 0:00 [nmbd] <defunct>
>>>>> 2241 ? Z 0:00 [nmbd] <defunct>
>>>>> 2263 ? Z 0:00 [nmbd] <defunct>
>>>>> 2281 ? Z 0:00 [nmbd] <defunct>
>>>>> 2299 ? Z 0:00 [nmbd] <defunct>
>>>>> 2317 ? Z 0:00 [nmbd] <defunct>
>>>>> 2339 ? Z 0:00 [nmbd] <defunct>
>>>>> 2357 ? Z 0:00 [nmbd] <defunct>
>>>>> 2375 ? Z 0:00 [nmbd] <defunct>
>>>>> 2393 ? Z 0:00 [nmbd] <defunct>
>>>>> 2415 ? Z 0:00 [nmbd] <defunct>
>>>>> 2433 ? Z 0:00 [nmbd] <defunct>
>>>>> 2451 ? Z 0:00 [nmbd] <defunct>
>>>>> 2469 ? Z 0:00 [nmbd] <defunct>
>>>>> 2491 ? Z 0:00 [nmbd] <defunct>
>>>>> 2509 ? Z 0:00 [nmbd] <defunct>
>>>>> 2527 ? Z 0:00 [nmbd] <defunct>
>>>>> 2545 ? Z 0:00 [nmbd] <defunct>
>>>>> 2567 ? Z 0:00 [nmbd] <defunct>
>>>>> 2585 ? Z 0:00 [nmbd] <defunct>
>>>>> 2603 ? Z 0:00 [nmbd] <defunct>
>>>>> 2621 ? Z 0:00 [nmbd] <defunct>
>>>>> 2643 ? Z 0:00 [nmbd] <defunct>
>>>>> 2661 ? Z 0:00 [nmbd] <defunct>
>>>>> 2679 ? Z 0:00 [nmbd] <defunct>
>>>>> 2697 ? Z 0:00 [nmbd] <defunct>
>>>>> 2719 ? Z 0:00 [nmbd] <defunct>
>>>>> 2737 ? Z 0:00 [nmbd] <defunct>
>>>>> 2755 ? Z 0:00 [nmbd] <defunct>
>>>>> 2773 ? Z 0:00 [nmbd] <defunct>
>>>>> 2795 ? Z 0:00 [nmbd] <defunct>
>>>>> 2813 ? Z 0:00 [nmbd] <defunct>
>>>>> 2831 ? Z 0:00 [nmbd] <defunct>
>>>>> 2849 ? Z 0:00 [nmbd] <defunct>
>>>>> 2871 ? Z 0:00 [nmbd] <defunct>
>>>>> 2889 ? Z 0:00 [nmbd] <defunct>
>>>>> 2907 ? Z 0:00 [nmbd] <defunct>
>>>>> 2925 ? Z 0:00 [nmbd] <defunct>
>>>>> 2946 ? Z 0:00 [nmbd] <defunct>
>>>>> 2964 ? Z 0:00 [nmbd] <defunct>
>>>>> 2982 ? Z 0:00 [nmbd] <defunct>
>>>>> 3000 ? Z 0:00 [nmbd] <defunct>
>>>>> 3022 ? Z 0:00 [nmbd] <defunct>
>>>>> 3040 ? Z 0:00 [nmbd] <defunct>
>>>>> 3058 ? Z 0:00 [nmbd] <defunct>
>>>>> 3076 ? Z 0:00 [nmbd] <defunct>
>>>>> 3098 ? Z 0:00 [nmbd] <defunct>
>>>>> 3116 ? Z 0:00 [nmbd] <defunct>
>>>>> 3134 ? Z 0:00 [nmbd] <defunct>
>>>>> 3152 ? Z 0:00 [nmbd] <defunct>
>>>>> 3174 ? Z 0:00 [nmbd] <defunct>
>>>>> 3192 ? Z 0:00 [nmbd] <defunct>
>>>>> 3210 ? Z 0:00 [nmbd] <defunct>
>>>>> 3228 ? Z 0:00 [nmbd] <defunct>
>>>>> 3250 ? Z 0:00 [nmbd] <defunct>
>>>>> 3268 ? Z 0:00 [nmbd] <defunct>
>>>>> 3285 ? Z 0:00 [nmbd] <defunct>
>>>>> 3303 ? Z 0:00 [nmbd] <defunct>
>>>>> 3325 ? Z 0:00 [nmbd] <defunct>
>>>>> 3343 ? Z 0:00 [nmbd] <defunct>
>>>>> 3361 ? Z 0:00 [nmbd] <defunct>
>>>>> 3380 ? Z 0:00 [nmbd] <defunct>
>>>>> 3402 ? Z 0:00 [nmbd] <defunct>
>>>>> 3420 ? Z 0:00 [nmbd] <defunct>
>>>>> 3438 ? Z 0:00 [nmbd] <defunct>
>>>>> 3456 ? Z 0:00 [nmbd] <defunct>
>>>>> 3574 ? Z 0:00 [nmbd] <defunct>
>>>>> 3592 ? Z 0:00 [nmbd] <defunct>
>>>>> 3610 ? Z 0:00 [nmbd] <defunct>
>>>>> 3628 ? Z 0:00 [nmbd] <defunct>
>>>>> 3650 ? Z 0:00 [nmbd] <defunct>
>>>>> 3668 ? Z 0:00 [nmbd] <defunct>
>>>>> 3686 ? Z 0:00 [nmbd] <defunct>
>>>>> 3704 ? Z 0:00 [nmbd] <defunct>
>>>>> 3726 ? Z 0:00 [nmbd] <defunct>
>>>>> 3744 ? Z 0:00 [nmbd] <defunct>
>>>>> 3762 ? Z 0:00 [nmbd] <defunct>
>>>>> 3780 ? Z 0:00 [nmbd] <defunct>
>>>>> 3802 ? Z 0:00 [nmbd] <defunct>
>>>>> 3820 ? Z 0:00 [nmbd] <defunct>
>>>>> 3838 ? Z 0:00 [nmbd] <defunct>
>>>>> 3856 ? Z 0:00 [nmbd] <defunct>
>>>>> 3878 ? Z 0:00 [nmbd] <defunct>
>>>>> 3896 ? Z 0:00 [nmbd] <defunct>
>>>>> 3914 ? Z 0:00 [nmbd] <defunct>
>>>>> 3932 ? Z 0:00 [nmbd] <defunct>
>>>>> 3954 ? Z 0:00 [nmbd] <defunct>
>>>>> 3972 ? Z 0:00 [nmbd] <defunct>
>>>>> 3990 ? Z 0:00 [nmbd] <defunct>
>>>>> 4008 ? Z 0:00 [nmbd] <defunct>
>>>>> 4030 ? Z 0:00 [nmbd] <defunct>
>>>>> 4048 ? Z 0:00 [nmbd] <defunct>
>>>>> 4066 ? Z 0:00 [nmbd] <defunct>
>>>>> 4084 ? Z 0:00 [nmbd] <defunct>
>>>>> 4106 ? Z 0:00 [nmbd] <defunct>
>>>>> 4124 ? Z 0:00 [nmbd] <defunct>
>>>>> 4142 ? Z 0:00 [nmbd] <defunct>
>>>>> 4160 ? Z 0:00 [nmbd] <defunct>
>>>>> 4182 ? Z 0:00 [nmbd] <defunct>
>>>>> 4200 ? Z 0:00 [nmbd] <defunct>
>>>>> 4220 ? Z 0:00 [nmbd] <defunct>
>>>>> 4238 ? Z 0:00 [nmbd] <defunct>
>>>>> 4261 ? Z 0:00 [nmbd] <defunct>
>>>>> 4279 ? Z 0:00 [nmbd] <defunct>
>>>>> 4297 ? Z 0:00 [nmbd] <defunct>
>>>>> 4315 ? Z 0:00 [nmbd] <defunct>
>>>>> 4337 ? Z 0:00 [nmbd] <defunct>
>>>>> 4355 ? Z 0:00 [nmbd] <defunct>
>>>>> 4373 ? Z 0:00 [nmbd] <defunct>
>>>>> 4391 ? Z 0:00 [nmbd] <defunct>
>>>>> 4413 ? Z 0:00 [nmbd] <defunct>
>>>>> 4431 ? Z 0:00 [nmbd] <defunct>
>>>>> 4449 ? Z 0:00 [nmbd] <defunct>
>>>>> 4467 ? Z 0:00 [nmbd] <defunct>
>>>>> 4489 ? Z 0:00 [nmbd] <defunct>
>>>>> 4507 ? Z 0:00 [nmbd] <defunct>
>>>>> 4525 ? Z 0:00 [nmbd] <defunct>
>>>>> 4543 ? Z 0:00 [nmbd] <defunct>
>>>>> 4565 ? Z 0:00 [nmbd] <defunct>
>>>>> 4583 ? Z 0:00 [nmbd] <defunct>
>>>>> 4601 ? Z 0:00 [nmbd] <defunct>
>>>>> 4619 ? Z 0:00 [nmbd] <defunct>
>>>>> 4641 ? Z 0:00 [nmbd] <defunct>
>>>>> 4659 ? Z 0:00 [nmbd] <defunct>
>>>>> 4677 ? Z 0:00 [nmbd] <defunct>
>>>>> 4694 ? Z 0:00 [nmbd] <defunct>
>>>>> 4716 ? Z 0:00 [nmbd] <defunct>
>>>>> 4734 ? Z 0:00 [nmbd] <defunct>
>>>>> 4752 ? Z 0:00 [nmbd] <defunct>
>>>>> 4770 ? Z 0:00 [nmbd] <defunct>
>>>>> 4792 ? Z 0:00 [nmbd] <defunct>
>>>>> 4811 ? Z 0:00 [nmbd] <defunct>
>>>>> 4829 ? Z 0:00 [nmbd] <defunct>
>>>>> 4847 ? Z 0:00 [nmbd] <defunct>
>>>>> 4869 ? Z 0:00 [nmbd] <defunct>
>>>>> 4887 ? Z 0:00 [nmbd] <defunct>
>>>>> 4905 ? Z 0:00 [nmbd] <defunct>
>>>>> 4923 ? Z 0:00 [nmbd] <defunct>
>>>>> 4945 ? Z 0:00 [nmbd] <defunct>
>>>>> 4963 ? Z 0:00 [nmbd] <defunct>
>>>>> 4981 ? Z 0:00 [nmbd] <defunct>
>>>>> 4999 ? Z 0:00 [nmbd] <defunct>
>>>>> 5021 ? Z 0:00 [nmbd] <defunct>
>>>>> 5039 ? Z 0:00 [nmbd] <defunct>
>>>>> 5057 ? Z 0:00 [nmbd] <defunct>
>>>>> 5075 ? Z 0:00 [nmbd] <defunct>
>>>>> 5097 ? Z 0:00 [nmbd] <defunct>
>>>>> 5115 ? Z 0:00 [nmbd] <defunct>
>>>>> 5133 ? Z 0:00 [nmbd] <defunct>
>>>>> 5151 ? Z 0:00 [nmbd] <defunct>
>>>>> 5173 ? Z 0:00 [nmbd] <defunct>
>>>>> 5191 ? Z 0:00 [nmbd] <defunct>
>>>>> 5209 ? Z 0:00 [nmbd] <defunct>
>>>>> 5227 ? Z 0:00 [nmbd] <defunct>
>>>>> 5249 ? Z 0:00 [nmbd] <defunct>
>>>>> 5267 ? Z 0:00 [nmbd] <defunct>
>>>>> 5285 ? Z 0:00 [nmbd] <defunct>
>>>>> 5303 ? Z 0:00 [nmbd] <defunct>
>>>>> 5325 ? Z 0:00 [nmbd] <defunct>
>>>>> 5343 ? Z 0:00 [nmbd] <defunct>
>>>>> 5361 ? Z 0:00 [nmbd] <defunct>
>>>>> 5379 ? Z 0:00 [nmbd] <defunct>
>>>>> 5525 ? Z 0:00 [nmbd] <defunct>
>>>>> 5543 ? Z 0:00 [nmbd] <defunct>
>>>>> 5571 ? Z 0:00 [nmbd] <defunct>
>>>>> 5589 ? Z 0:00 [nmbd] <defunct>
>>>>> 5611 ? Z 0:00 [nmbd] <defunct>
>>>>> 5630 ? Z 0:00 [nmbd] <defunct>
>>>>> 5648 ? Z 0:00 [nmbd] <defunct>
>>>>> 5666 ? Z 0:00 [nmbd] <defunct>
>>>>> 5688 ? Z 0:00 [nmbd] <defunct>
>>>>> 5706 ? Z 0:00 [nmbd] <defunct>
>>>>> 5724 ? Z 0:00 [nmbd] <defunct>
>>>>> 5742 ? Z 0:00 [nmbd] <defunct>
>>>>> 5764 ? Z 0:00 [nmbd] <defunct>
>>>>> 5782 ? Z 0:00 [nmbd] <defunct>
>>>>> 5800 ? Z 0:00 [nmbd] <defunct>
>>>>> 5818 ? Z 0:00 [nmbd] <defunct>
>>>>> 5840 ? Z 0:00 [nmbd] <defunct>
>>>>> 5858 ? Z 0:00 [nmbd] <defunct>
>>>>> 5876 ? Z 0:00 [nmbd] <defunct>
>>>>> 5894 ? Z 0:00 [nmbd] <defunct>
>>>>> 5916 ? Z 0:00 [nmbd] <defunct>
>>>>> 5934 ? Z 0:00 [nmbd] <defunct>
>>>>> 5952 ? Z 0:00 [nmbd] <defunct>
>>>>> 5970 ? Z 0:00 [nmbd] <defunct>
>>>>> 5992 ? Z 0:00 [nmbd] <defunct>
>>>>> 6010 ? Z 0:00 [nmbd] <defunct>
>>>>> 6028 ? Z 0:00 [nmbd] <defunct>
>>>>> 6046 ? Z 0:00 [nmbd] <defunct>
>>>>> 6068 ? Z 0:00 [nmbd] <defunct>
>>>>> 6086 ? Z 0:00 [nmbd] <defunct>
>>>>> 6104 ? Z 0:00 [nmbd] <defunct>
>>>>> 6122 ? Z 0:00 [nmbd] <defunct>
>>>>> 6144 ? Z 0:00 [nmbd] <defunct>
>>>>> 6161 ? Z 0:00 [nmbd] <defunct>
>>>>> 6179 ? Z 0:00 [nmbd] <defunct>
>>>>> 6197 ? Z 0:00 [nmbd] <defunct>
>>>>> 6219 ? Z 0:00 [nmbd] <defunct>
>>>>> 6238 ? Z 0:00 [nmbd] <defunct>
>>>>> 6256 ? Z 0:00 [nmbd] <defunct>
>>>>> 6274 ? Z 0:00 [nmbd] <defunct>
>>>>> 6296 ? Z 0:00 [nmbd] <defunct>
>>>>> 6314 ? Z 0:00 [nmbd] <defunct>
>>>>> 6332 ? Z 0:00 [nmbd] <defunct>
>>>>> 6350 ? Z 0:00 [nmbd] <defunct>
>>>>> 6372 ? Z 0:00 [nmbd] <defunct>
>>>>> 6390 ? Z 0:00 [nmbd] <defunct>
>>>>> 6408 ? Z 0:00 [nmbd] <defunct>
>>>>> 6426 ? Z 0:00 [nmbd] <defunct>
>>>>> 6448 ? Z 0:00 [nmbd] <defunct>
>>>>> 6466 ? Z 0:00 [nmbd] <defunct>
>>>>> 6484 ? Z 0:00 [nmbd] <defunct>
>>>>> 6502 ? Z 0:00 [nmbd] <defunct>
>>>>> 6524 ? Z 0:00 [nmbd] <defunct>
>>>>> 6542 ? Z 0:00 [nmbd] <defunct>
>>>>> 6560 ? Z 0:00 [nmbd] <defunct>
>>>>> 6578 ? Z 0:00 [nmbd] <defunct>
>>>>> 6600 ? Z 0:00 [nmbd] <defunct>
>>>>> 6618 ? Z 0:00 [nmbd] <defunct>
>>>>> 6636 ? Z 0:00 [nmbd] <defunct>
>>>>> 6654 ? Z 0:00 [nmbd] <defunct>
>>>>> 6676 ? Z 0:00 [nmbd] <defunct>
>>>>> 6694 ? Z 0:00 [nmbd] <defunct>
>>>>> 6712 ? Z 0:00 [nmbd] <defunct>
>>>>> 6730 ? Z 0:00 [nmbd] <defunct>
>>>>> 6752 ? Z 0:00 [nmbd] <defunct>
>>>>> 6770 ? Z 0:00 [nmbd] <defunct>
>>>>> 6789 ? Z 0:00 [nmbd] <defunct>
>>>>> 6807 ? Z 0:00 [nmbd] <defunct>
>>>>> 6829 ? Z 0:00 [nmbd] <defunct>
>>>>> 6847 ? Z 0:00 [nmbd] <defunct>
>>>>> 6852 ? S 0:01 [kworker/0:0]
>>>>> 6867 ? Z 0:00 [nmbd] <defunct>
>>>>> 6885 ? Z 0:00 [nmbd] <defunct>
>>>>> 6906 ? Z 0:00 [nmbd] <defunct>
>>>>> 6924 ? Z 0:00 [nmbd] <defunct>
>>>>> 6942 ? Z 0:00 [nmbd] <defunct>
>>>>> 6960 ? Z 0:00 [nmbd] <defunct>
>>>>> 6982 ? Z 0:00 [nmbd] <defunct>
>>>>> 7000 ? Z 0:00 [nmbd] <defunct>
>>>>> 7018 ? Z 0:00 [nmbd] <defunct>
>>>>> 7036 ? Z 0:00 [nmbd] <defunct>
>>>>> 7058 ? Z 0:00 [nmbd] <defunct>
>>>>> 7076 ? Z 0:00 [nmbd] <defunct>
>>>>> 7094 ? Z 0:00 [nmbd] <defunct>
>>>>> 7112 ? Z 0:00 [nmbd] <defunct>
>>>>> 7134 ? Z 0:00 [nmbd] <defunct>
>>>>> 7152 ? Z 0:00 [nmbd] <defunct>
>>>>> 7170 ? Z 0:00 [nmbd] <defunct>
>>>>> 7188 ? Z 0:00 [nmbd] <defunct>
>>>>> 7210 ? Z 0:00 [nmbd] <defunct>
>>>>> 7228 ? Z 0:00 [nmbd] <defunct>
>>>>> 7246 ? Z 0:00 [nmbd] <defunct>
>>>>> 7264 ? Z 0:00 [nmbd] <defunct>
>>>>> 7286 ? Z 0:00 [nmbd] <defunct>
>>>>> 7304 ? Z 0:00 [nmbd] <defunct>
>>>>> 7322 ? Z 0:00 [nmbd] <defunct>
>>>>> 7340 ? Z 0:00 [nmbd] <defunct>
>>>>> 7458 ? Z 0:00 [nmbd] <defunct>
>>>>> 7476 ? Z 0:00 [nmbd] <defunct>
>>>>> 7494 ? Z 0:00 [nmbd] <defunct>
>>>>> 7512 ? Z 0:00 [nmbd] <defunct>
>>>>> 7534 ? Z 0:00 [nmbd] <defunct>
>>>>> 7552 ? Z 0:00 [nmbd] <defunct>
>>>>> 7569 ? Z 0:00 [nmbd] <defunct>
>>>>> 7587 ? Z 0:00 [nmbd] <defunct>
>>>>> 7609 ? Z 0:00 [nmbd] <defunct>
>>>>> 7627 ? Z 0:00 [nmbd] <defunct>
>>>>> 7645 ? Z 0:00 [nmbd] <defunct>
>>>>> 7665 ? Z 0:00 [nmbd] <defunct>
>>>>> 7676 ? S 0:00 [kworker/0:2]
>>>>> 7687 ? Z 0:00 [nmbd] <defunct>
>>>>> 7697 ? Ss 0:00 sshd: root at pts/0
>>>>> 7699 pts/0 Ss 0:00 -bash
>>>>> 7711 ? S 0:00 [kworker/0:1]
>>>>> 7718 ? S 0:00 [flush-202:16]
>>>>> 7721 pts/0 R+ 0:00 ps x
>>>>>
>>>>> On 07/28/2014 09:18 AM, Ryan Ashley wrote:
>>>>>> I have never even played with apparmor. I do my Debian installs
>>>>>> using a net CD and doing the expert 64bit install. I disable
>>>>>> recommended and suggested packages and install only exactly what
>>>>>> I need, so I do not have apparmor or selinux. Good thought
>>>>>> though. I also tried disabling the firewall on a test PC and
>>>>>> still no go. This has NEVER happened before so I am lost.
>>>>>>
>>>>>> So where else should I look? The system in question is a domain
>>>>>> member server, can resolve users and groups, and can set ACLs
>>>>>> with user and groups from AD. It is simply denying access to
>>>>>> group members of said shares.
>>>>>>
>>>>>> On 07/28/2014 05:02 AM, Rowland Penny wrote:
>>>>>>> On 27/07/14 16:28, Ryan Ashley wrote:
>>>>>>>> I understand and I should have stated more clearly that I have
>>>>>>>> been going through those results for over a week now. Nothing
>>>>>>>> seems to help. Funny thing is that creating a second virtual
>>>>>>>> file-server and using share authentication works fine. Yet
>>>>>>>> another reason I am leaning towards group issues. If the
>>>>>>>> file-server is share-level the Windows 7 boxes are happy. As
>>>>>>>> soon as it goes AD and uses AD groups, they stop working. I
>>>>>>>> have not tried user-level security yet. Then again I may have
>>>>>>>> user-level and share-level confused. It has been a long week. I
>>>>>>>> will keep searching but so far nothing I have found and tried
>>>>>>>> works.
>>>>>>>>
>>>>>>>> Is there a way to get an actual reason for the denial? If it
>>>>>>>> flat-out told me a reason I could troubleshoot. Right now I am
>>>>>>>> just shooting in random directions hoping to hit something
>>>>>>>> since all I get is "Access Denied". Is it possible to see is S4
>>>>>>>> is denying the connection via a log or something, or if Windows
>>>>>>>> 7 is being stupid... again?
>>>>>>>>
>>>>>>>> On 7/27/2014 10:57 AM, Rowland Penny wrote:
>>>>>>>>> On 27/07/14 15:15, Ryan Ashley wrote:
>>>>>>>>>> That solution is for Windows 8. That also is not our issue.
>>>>>>>>>> The WIndows 7 Pro 64bit workstations see the server and
>>>>>>>>>> shares, and they map the shares according to group policy,
>>>>>>>>>> but then everybody gets access denied, despite being in the
>>>>>>>>>> domain groups for which the shares were created. Funny thing
>>>>>>>>>> is that if I logon as domain admin, I get to access the
>>>>>>>>>> shares. Due to this, I fully believe the S4 server is
>>>>>>>>>> ignoring or not accounting for group membership. The
>>>>>>>>>> "reachfp" account is the domain admin. This is also the
>>>>>>>>>> default owner of files on the shares. The group
>>>>>>>>>> "administration" contains many members and does not grant
>>>>>>>>>> access, despite the group being granted full control. This
>>>>>>>>>> lead e into believing I am still dealing with a permissions
>>>>>>>>>> issue and not another issue. If it was the other issue, I
>>>>>>>>>> would assume domain admin could not see the share or access
>>>>>>>>>> it. Is that about right?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> You are missing the point, I probably could have chosen a
>>>>>>>>> better target but I only spent about 30secs on the search:
>>>>>>>>>
>>>>>>>>> windows 7 64 bit access denied samba
>>>>>>>>>
>>>>>>>>> This returns About 116,000 results, here's another one:
>>>>>>>>>
>>>>>>>>> http://www.sevenforums.com/network-sharing/242602-can-t-connect-samba-share-win-7-ultimate-64-bit.html
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Try looking into this before dismissing it out of hand and
>>>>>>>>> insisting that samba is the problem.
>>>>>>>>>
>>>>>>>>> Rowland
>>>>>>>>
>>>>>>> OK, after more thought and re-reading your posts, a thought has
>>>>>>> popped into my head, apparmor, do you have this running on the
>>>>>>> server ?
>>>>>>> I have been caught out by this a few times, not being allowed to
>>>>>>> do things that I thought I should be able to do, or packages not
>>>>>>> running correctly because they were not allowed access, in every
>>>>>>> case it was apparmor. As I could never get apparmor to play ball
>>>>>>> with me (I thought that I had found all rights that needed
>>>>>>> modding and then another one would pop its head up and what is
>>>>>>> in the logs bares no resemblance to what you need to put in the
>>>>>>> conf file), I now disable apparmor straight after installing a
>>>>>>> new system.
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>
>>>>>
>>>> Somebody else reported this problem, he went to 4.1.8 and the
>>>> zombie nmbd problem went away, if you upgrade to the latest samba4
>>>> you may hit two birds with one stone, the nmbd problem and your
>>>> group problem ;-)
>>>>
>>>> Rowland
>>>
>> Hi, what you are using is not the stable branch, it is the branch
>> that will become the next release i.e. 4.2. This does not mean that
>> you shouldn't use it, it just means that it could be upgraded at any
>> time until it is 'frozen' just before release. These upgrades 'could'
>> break something, not saying they will, just that they could, for
>> production use I would use the latest version from here:
>>
>> https://ftp.samba.org/pub/samba/stable/
>>
>> Rowland
>>
>
More information about the samba
mailing list