[Samba] Access to shares is denied after upgrading from 3.6.3 (openSUSE 12.1) to 4.1.17 (openSUSE 13.2)
Rowland Penny
rowlandpenny at googlemail.com
Fri Mar 20 03:33:43 MDT 2015
On 20/03/15 06:11, Reinhard Nißl wrote:
> Hi Marc,
>
> Am 19.03.2015 um 22:53 schrieb Marc Muehlfeld:
>
>> Am 19.03.2015 um 14:35 schrieb Nissl Reinhard:
>>> When I try to access share \\platon\root<file:///\\platon\root> as
>>> fee\administrator I get the following:
>>>
>>> platon:~ # smbclient -c dir -W fee -U administrator%secret
>>> //platon/root
>>> Domain=[FEE] OS=[Unix] Server=[Samba
>>> 4.1.17-5.1-3375-SUSE-oS13.2-x86_64]
>>> tree connect failed: NT_STATUS_ACCESS_DENIED
>>> platon:~ #
>>
>> We need some information about your environment to help:
>> - smb.conf (global + share configuration)
>
> see below, was already part of my other email.
>
>> - PDC/DC/Member
>
> Member
>
>> - If member: in an AD or NT4 domain
>
> AD
>
>> - Does samba have it's databases (secrets.tdb and LOCK|STATE|CACHEDIR)
>> in the same places like it was on the old installation? Or are the
>> databases copied to the right, expected location?
>
> I hadn't configured anything special on the old system. Cannot tell
> what openSUSE actually changed during the update.
>
> At least find / -name secrets.tdb found that file here:
> /etc/samba/secrets.tdb
>
>> - etc.
>
> cannot supply that kind of information ;-)
>
> Thanks in advance.
>
> Bye.
> --
> Reinhard Nißl, TB3, -198
>
>> ---8<---8<---8<---8<---8<---8<--- smbusers
>> ---8<---8<---8<---8<---8<---8<---
>>
>> # This file allows you to map usernames from the clients to the server.
>> # Unix_name = SMB_name1 SMB_name2 ...
>> #
>> # See section 'username map' in the manual page of smb.conf for more
>> # information.
>> #
>> # This file is _not_ included in the default configuration as it
>> makes the
>> # usage of an user named administrator impossible.
>>
>> #root = administrator
>> #;nobody = guest pcguest smbguest
>>
>> !root =
>> fee\backup,fee\administrator,fee\markus.ni,fee\chris.we,fee\rainer.sc,fee\juergen.ju
>>
>> ---8<---8<---8<---8<---8<---8<--- smb.conf
>> ---8<---8<---8<---8<---8<---8<---
>>
>> # smb.conf is the main Samba configuration file. You find a full
>> commented
>> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
>> # samba-doc package is installed.
>> # Date: 2012-05-02
>> [global]
>> workgroup = FEE
>> realm = FEE.DE
>> netbios name = PLATON
>> server string = Web- und Internet-Mail-Server
>> interfaces = 10.73.0.6/255.255.0.0
>> bind interfaces only = Yes
>> # security = DOMAIN
>> security = ADS
>> encrypt passwords = Yes
>> passdb backend = tdbsam
>> password server = feesv1 svar1
>> username map = /etc/samba/smbusers
>> name resolve order = wins hosts
>> # read size = 65535
>> # character set = ISO8859-1
>> os level = 0
>> local master = No
>> wins server = 10.73.0.7 10.73.0.21
>>
>> guest ok = Yes
>> hide dot files = No
>>
>> # winbind separator = +
>> winbind cache time = 10
>> template shell = /bin/false
>> template homedir = /tmp
>> winbind uid = 10000-20000
>> winbind gid = 10000-20000
>> winbind use default domain = yes
>> # winbind nested groups = yes
>> # auth methods = winbind
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind expand groups = 1
>> deadtime = 1
>>
>> load printers = no
>> printing = bsd
>>
>> [web]
>> comment = Web-Konfiguration
>> path = /data/web
>> valid users =
>> @webadmin,fee\gabi,fee\franz.la,fee\hans,fee\eva.gi,fee\robert.lo,fee\peter.me,fee\chris.sch,fee\jeremy.pr
>> write list =
>> @webadmin,fee\gabi,fee\franz.la,fee\hans,fee\eva.gi,fee\robert.lo,fee\peter.me,fee\chris.sch,fee\jeremy.pr
>>
>> force group = webadmin
>> create mask = 0664
>> # security mask = 0664
>> force create mode = 0664
>> # force security mode = 0664
>> directory mask = 0775
>> # directory security mask = 0775
>> force directory mode = 0775
>> # force directory security mode = 0775
>>
>> writeable = Yes
>> guest ok = No
>>
>> [webTest]
>> comment = Web-Konfiguration
>> path = /data/web/webTest
>> valid users = @webadmin,fee\gabi,fee\franz.la,fee\hans,fee\johann.fl
>> write list = @webadmin,fee\gabi,fee\franz.la,fee\hans,fee\johann.fl
>>
>> force group = webadmin
>> create mask = 0664
>> # security mask = 0664
>> force create mode = 0664
>> # force security mode = 0664
>> directory mask = 0775
>> # directory security mask = 0775
>> force directory mode = 0775
>> # force directory security mode = 0775
>>
>> writeable = Yes
>> guest ok = No
>>
>> [FactWork]
>> comment = FactWork-Downloadportal
>> path = /web/Fee/download/factwork
>> valid users =
>> @webadmin,fee\gabi, at fee\g_tb3,fee\administrator,fee\svtb3$
>> write list = @webadmin,fee\gabi, at fee\g_tb3,fee\administrator
>>
>> force group = webadmin
>> create mask = 0664
>> # security mask = 0664
>> force create mode = 0664
>> # force security mode = 0664
>> directory mask = 0775
>> # directory security mask = 0775
>> force directory mode = 0775
>> # force directory security mode = 0775
>>
>> writeable = Yes
>> guest ok = No
>>
>> [root]
>> comment = Root-Verzeichnis
>> path = /
>> valid users = root
>> write list = root
>> writeable = Yes
>> guest ok = No
>>
>> [sms]
>> comment = sms-Mailverzeichnis
>> path = /var/spool/mail
>> valid users = root
>> write list = root
>> writeable = Yes
>> guest ok = No
>>
>> [spamMail]
>> comment = Spam Mail
>> path = /data/spamMail
>> valid users = root,webadmin
>> write list = root,webadmin
>>
>> force user = root
>> force group = root
>> create mask = 0600
>> # security mask = 0600
>> force create mode = 0600
>> # force security mode = 0600
>> directory mask = 0755
>> # directory security mask = 0755
>> force directory mode = 0755
>> # force directory security mode = 0755
>>
>> writeable = No
>> guest ok = No
>>
>> root preexec = /root/bin/updateSpamMail
>>
>> [spamlog]
>> comment = spamlog
>> path = /var/spool/mail
>> valid users = root
>> write list = root
>>
>> force user = root
>> force group = root
>> create mask = 0600
>> # security mask = 0600
>> force create mode = 0600
>> # force security mode = 0600
>> directory mask = 0755
>> # directory security mask = 0755
>> force directory mode = 0755
>> # force directory security mode = 0755
>>
>> writeable = Yes
>> guest ok = No
>>
>> [mqueue]
>> comment = Mail-Queue
>> path = /var/spool/mqueue
>> valid users = root,webadmin
>> write list = root,webadmin
>>
>> force user = root
>> force group = root
>> create mask = 0600
>> # security mask = 0600
>> force create mode = 0600
>> # force security mode = 0600
>> directory mask = 0755
>> # directory security mask = 0755
>> force directory mode = 0755
>> # force directory security mode = 0755
>>
>> writeable = Yes
>> guest ok = No
>>
>>
>>
>
I do not think that you are going to get any further help until you post
your smb.conf
Rowland
More information about the samba
mailing list