[Samba] Access to shares is denied after upgrading from 3.6.3 (openSUSE 12.1) to 4.1.17 (openSUSE 13.2)
Reinhard Nißl
reinhard.nissl at fee.de
Fri Mar 20 00:11:36 MDT 2015
Hi Marc,
Am 19.03.2015 um 22:53 schrieb Marc Muehlfeld:
> Am 19.03.2015 um 14:35 schrieb Nissl Reinhard:
>> When I try to access share \\platon\root<file:///\\platon\root> as fee\administrator I get the following:
>>
>> platon:~ # smbclient -c dir -W fee -U administrator%secret //platon/root
>> Domain=[FEE] OS=[Unix] Server=[Samba 4.1.17-5.1-3375-SUSE-oS13.2-x86_64]
>> tree connect failed: NT_STATUS_ACCESS_DENIED
>> platon:~ #
>
> We need some information about your environment to help:
> - smb.conf (global + share configuration)
see below, was already part of my other email.
> - PDC/DC/Member
Member
> - If member: in an AD or NT4 domain
AD
> - Does samba have it's databases (secrets.tdb and LOCK|STATE|CACHEDIR)
> in the same places like it was on the old installation? Or are the
> databases copied to the right, expected location?
I hadn't configured anything special on the old system. Cannot tell what
openSUSE actually changed during the update.
At least find / -name secrets.tdb found that file here:
/etc/samba/secrets.tdb
> - etc.
cannot supply that kind of information ;-)
Thanks in advance.
Bye.
--
Reinhard Nißl, TB3, -198
> ---8<---8<---8<---8<---8<---8<--- smbusers ---8<---8<---8<---8<---8<---8<---
>
> # This file allows you to map usernames from the clients to the server.
> # Unix_name = SMB_name1 SMB_name2 ...
> #
> # See section 'username map' in the manual page of smb.conf for more
> # information.
> #
> # This file is _not_ included in the default configuration as it makes the
> # usage of an user named administrator impossible.
>
> #root = administrator
> #;nobody = guest pcguest smbguest
>
> !root = fee\backup,fee\administrator,fee\markus.ni,fee\chris.we,fee\rainer.sc,fee\juergen.ju
>
> ---8<---8<---8<---8<---8<---8<--- smb.conf ---8<---8<---8<---8<---8<---8<---
>
> # smb.conf is the main Samba configuration file. You find a full commented
> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
> # samba-doc package is installed.
> # Date: 2012-05-02
> [global]
> workgroup = FEE
> realm = FEE.DE
> netbios name = PLATON
> server string = Web- und Internet-Mail-Server
> interfaces = 10.73.0.6/255.255.0.0
> bind interfaces only = Yes
> # security = DOMAIN
> security = ADS
> encrypt passwords = Yes
> passdb backend = tdbsam
> password server = feesv1 svar1
> username map = /etc/samba/smbusers
> name resolve order = wins hosts
> # read size = 65535
> # character set = ISO8859-1
> os level = 0
> local master = No
> wins server = 10.73.0.7 10.73.0.21
>
> guest ok = Yes
> hide dot files = No
>
> # winbind separator = +
> winbind cache time = 10
> template shell = /bin/false
> template homedir = /tmp
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind use default domain = yes
> # winbind nested groups = yes
> # auth methods = winbind
> winbind enum users = yes
> winbind enum groups = yes
> winbind expand groups = 1
> deadtime = 1
>
> load printers = no
> printing = bsd
>
> [web]
> comment = Web-Konfiguration
> path = /data/web
> valid users = @webadmin,fee\gabi,fee\franz.la,fee\hans,fee\eva.gi,fee\robert.lo,fee\peter.me,fee\chris.sch,fee\jeremy.pr
> write list = @webadmin,fee\gabi,fee\franz.la,fee\hans,fee\eva.gi,fee\robert.lo,fee\peter.me,fee\chris.sch,fee\jeremy.pr
>
> force group = webadmin
> create mask = 0664
> # security mask = 0664
> force create mode = 0664
> # force security mode = 0664
> directory mask = 0775
> # directory security mask = 0775
> force directory mode = 0775
> # force directory security mode = 0775
>
> writeable = Yes
> guest ok = No
>
> [webTest]
> comment = Web-Konfiguration
> path = /data/web/webTest
> valid users = @webadmin,fee\gabi,fee\franz.la,fee\hans,fee\johann.fl
> write list = @webadmin,fee\gabi,fee\franz.la,fee\hans,fee\johann.fl
>
> force group = webadmin
> create mask = 0664
> # security mask = 0664
> force create mode = 0664
> # force security mode = 0664
> directory mask = 0775
> # directory security mask = 0775
> force directory mode = 0775
> # force directory security mode = 0775
>
> writeable = Yes
> guest ok = No
>
> [FactWork]
> comment = FactWork-Downloadportal
> path = /web/Fee/download/factwork
> valid users = @webadmin,fee\gabi, at fee\g_tb3,fee\administrator,fee\svtb3$
> write list = @webadmin,fee\gabi, at fee\g_tb3,fee\administrator
>
> force group = webadmin
> create mask = 0664
> # security mask = 0664
> force create mode = 0664
> # force security mode = 0664
> directory mask = 0775
> # directory security mask = 0775
> force directory mode = 0775
> # force directory security mode = 0775
>
> writeable = Yes
> guest ok = No
>
> [root]
> comment = Root-Verzeichnis
> path = /
> valid users = root
> write list = root
> writeable = Yes
> guest ok = No
>
> [sms]
> comment = sms-Mailverzeichnis
> path = /var/spool/mail
> valid users = root
> write list = root
> writeable = Yes
> guest ok = No
>
> [spamMail]
> comment = Spam Mail
> path = /data/spamMail
> valid users = root,webadmin
> write list = root,webadmin
>
> force user = root
> force group = root
> create mask = 0600
> # security mask = 0600
> force create mode = 0600
> # force security mode = 0600
> directory mask = 0755
> # directory security mask = 0755
> force directory mode = 0755
> # force directory security mode = 0755
>
> writeable = No
> guest ok = No
>
> root preexec = /root/bin/updateSpamMail
>
> [spamlog]
> comment = spamlog
> path = /var/spool/mail
> valid users = root
> write list = root
>
> force user = root
> force group = root
> create mask = 0600
> # security mask = 0600
> force create mode = 0600
> # force security mode = 0600
> directory mask = 0755
> # directory security mask = 0755
> force directory mode = 0755
> # force directory security mode = 0755
>
> writeable = Yes
> guest ok = No
>
> [mqueue]
> comment = Mail-Queue
> path = /var/spool/mqueue
> valid users = root,webadmin
> write list = root,webadmin
>
> force user = root
> force group = root
> create mask = 0600
> # security mask = 0600
> force create mode = 0600
> # force security mode = 0600
> directory mask = 0755
> # directory security mask = 0755
> force directory mode = 0755
> # force directory security mode = 0755
>
> writeable = Yes
> guest ok = No
>
>
>
More information about the samba
mailing list