[Samba] About error: 'Windows cannot access, you do not have permission to access'

Rowland Penny rpenny at samba.org
Thu Dec 29 09:43:05 UTC 2016 

On Thu, 29 Dec 2016 00:54:43 +0000
Chenyehua <chen.yehua at h3c.com> wrote:

> Thanks for your attention.
> First, use local users at samba server, and client login success.
> 
> [global]
>    workgroup = H3C ONESTOR
>    server string = %h server (Samba NAS)
>    dns proxy = no
>    log file = /var/log/samba/log.%m
>    max log size = 100000
>    log level = 10
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    server role = standalone server
>    obey pam restrictions = yes
>    unix password sync = yes
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes usershare max shares = 100
>    usershare allow guests = yes
>    clustering = yes
>    ctdbd socket = /var/run/ctdb/ctdbd.socket
>    max protocol = SMB2
>    large readwrite = yes
>    idmap config *:range = 1000000-1999999
>    use sendfile = yes
>    store dos attributes = yes
>    acl_xattr:ignore system acls = yes
>    aio read size = 1024
>    oplocks = no
>    deadtime = 10
>    aio write behind = true
>    socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
>    vfs objects = acl_xattr
>    load printers = no
>    idmap config *:backend = tdb2
>    security = user
>    idmap config ROOT:range = 2000000-2999999
>    idmap config ROOT:backend = rid
>    restrict anonymous = 2
> 
> then,it changed to use LADP, and restart smbd, so that samba server
> close the connection.
> 
> [global]
>    workgroup = H3C ONESTOR
>    server string = %h server (Samba NAS)
>    dns proxy = no
>    log file = /var/log/samba/log.%m
>    max log size =100000
>    log level = 10
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    server role = standalone server
>    obey pam restrictions = yes
>    unix password sync = yes
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes usershare max shares = 100
>    usershare allow guests = yes
>    clustering = yes
>    ctdbd socket = /var/run/ctdb/ctdbd.socket
>    max protocol = SMB2
>    large readwrite = yes
>    idmap config *:range = 1000000-1999999
>    use sendfile = yes
>    store dos attributes = yes
>    acl_xattr:ignore system acls = yes
>    aio read size = 1024
>    oplocks = no
>    deadtime = 10
>    aio write behind = true
>    socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
>    vfs objects = acl_xattr
>    load printers = no
>    idmap config *:backend = tdb2
>    security = user
>    idmap config ROOT:range = 2000000-2999999
>    idmap config ROOT:backend = rid
>    restrict anonymous = 2
>    passdb backend = ldapsam:ldap://xxx
>    ldap admin dn = "xxx"
>    ldap suffix = "xxx"
>    ldap delete dn = no
>    ldap ssl = off
> 
> Now,clent need to re-login because server has closed the connection.
> Then try to access samba and report error:' Windows cannot access,
> you do not have permission to access' I reboot client but it still
> report this error.
> 

Lets start with the obvious:

Your workgroup is:

   workgroup = H3C ONESTOR

But you are trying to get users for another workgroup:

   idmap config ROOT:range = 2000000-2999999
   idmap config ROOT:backend = rid

Why ??

Rowland

More information about the samba mailing list