[Samba] Access to shares is denied after upgrading from 3.6.3 (openSUSE 12.1) to 4.1.17 (openSUSE 13.2)

Rowland Penny rowlandpenny at googlemail.com
Fri Mar 20 05:45:03 MDT 2015 

On 20/03/15 11:16, Reinhard Nißl wrote:
> Hi Rowland,
>
> Am 20.03.2015 um 10:33 schrieb Rowland Penny:
>
>>>> ---8<---8<---8<---8<---8<---8<--- smb.conf
>>>> ---8<---8<---8<---8<---8<---8<---
>>>>
>>>> # smb.conf is the main Samba configuration file. You find a full
>>>> commented
>>>> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE 
>>>> if the
>>>> # samba-doc package is installed.
>>>> # Date: 2012-05-02
>>>> [global]
>>>>      workgroup = FEE
>>>>      realm = FEE.DE
>>>>      netbios name = PLATON
>>>>      server string = Web- und Internet-Mail-Server
>
> [further lines removed]
>
>> I do not think that you are going to get any further help until you post
>> your smb.conf
>
> No I don't, that's why I had included it three mails earlier.
>
> For your convinience:
> smb.conf: http://pastebin.com/nyaRSv5F
> smbusers: http://pastebin.com/hs4csQLu
>
> Bye.
> -- 
> Reinhard Nißl, TB3, -198

OK, as far as I can see, you didn't include your smb.conf, I think you 
added it via an attachment, this mailing list generally strips off 
attachments.

Try replacing the global part of your smb.conf with this:

[global]
     netbios name = PLATON
     workgroup = FEE
     security = ADS
     realm = FEE.DE
     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     server string = Web- und Internet-Mail-Server
     interfaces = 10.73.0.6/255.255.0.0
     bind interfaces only = Yes
     username map = /etc/samba/smbusers
     name resolve order = wins hosts
     os level = 0
     local master = No
     wins server = 10.73.0.7 10.73.0.21

     guest ok = Yes
     hide dot files = No

     idmap config *:backend = tdb
     idmap config *:range = 2000-9999
     idmap config FEE:backend = rid
     idmap config FEE:range = 10000-20000

     winbind cache time = 10
     template shell = /bin/false
     template homedir = /tmp

     winbind use default domain = yes
     winbind enum users = yes
     winbind enum groups = yes
     winbind expand groups = 1
     winbind trusted domains only = no
     winbind refresh tickets = Yes

     deadtime = 1
     load printers = no
     printing = bsd

Remove all the 'valid users' etc from the shares and use ACLs instead , 
either from windows or with setfacl on the member server, see:

https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs

Rowland

More information about the samba mailing list