[Samba] About error: 'Windows cannot access, you do not have permission to access'

L.P.H. van Belle belle at bazuin.nl
Fri Dec 30 08:31:20 UTC 2016


> 
> Lets start with the obvious:
> 
> Your workgroup is:
> 
>    workgroup = H3C ONESTOR
> 
> But you are trying to get users for another workgroup:
> 
>    idmap config ROOT:range = 2000000-2999999
>    idmap config ROOT:backend = rid
> 
> Why ??
> 
> Rowland
>

You missed..  ;-)

workgroup = H3C ONESTOR

Spaces in workgroup names is not allowed, only alphanumeric characters.
https://msdn.microsoft.com/en-us/library/dd891456.aspx
a space is NOT an alphanumeric character.

So change that to (suggesting): 
workgroup = H3C-ONESTOR

and a good thing to read :
Naming conventions in Active Directory for computers, domains, sites & OUs.
https://support.microsoft.com/en-us/kb/909264

Then change these to something like 

> >    idmap config *:backend = tdb2
> >    idmap config *:range = 1000000-1999999
> >    idmap config H3C-ONESTOR:range = 2000000-2999999
> >    idmap config H3C-ONESTOR:backend = rid

Now as of this point try again. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: donderdag 29 december 2016 10:43
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] About error: 'Windows cannot access, you do not
> have permission to access'
> 
> On Thu, 29 Dec 2016 00:54:43 +0000
> Chenyehua <chen.yehua at h3c.com> wrote:
> 
> > Thanks for your attention.
> > First, use local users at samba server, and client login success.
> >
> > [global]
> >    workgroup = H3C ONESTOR
> >    server string = %h server (Samba NAS)
> >    dns proxy = no
> >    log file = /var/log/samba/log.%m
> >    max log size = 100000
> >    log level = 10
> >    syslog = 0
> >    panic action = /usr/share/samba/panic-action %d
> >    server role = standalone server
> >    obey pam restrictions = yes
> >    unix password sync = yes
> >    passwd program = /usr/bin/passwd %u
> >    passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> > pam password change = yes usershare max shares = 100
> >    usershare allow guests = yes
> >    clustering = yes
> >    ctdbd socket = /var/run/ctdb/ctdbd.socket
> >    max protocol = SMB2
> >    large readwrite = yes
> >    idmap config *:range = 1000000-1999999
> >    use sendfile = yes
> >    store dos attributes = yes
> >    acl_xattr:ignore system acls = yes
> >    aio read size = 1024
> >    oplocks = no
> >    deadtime = 10
> >    aio write behind = true
> >    socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
> >    vfs objects = acl_xattr
> >    load printers = no
> >    idmap config *:backend = tdb2
> >    security = user
> >    idmap config ROOT:range = 2000000-2999999
> >    idmap config ROOT:backend = rid
> >    restrict anonymous = 2
> >
> > then???it changed to use LADP, and restart smbd, so that samba server
> > close the connection.
> >
> > [global]
> >    workgroup = H3C ONESTOR
> >    server string = %h server (Samba NAS)
> >    dns proxy = no
> >    log file = /var/log/samba/log.%m
> >    max log size =100000
> >    log level = 10
> >    syslog = 0
> >    panic action = /usr/share/samba/panic-action %d
> >    server role = standalone server
> >    obey pam restrictions = yes
> >    unix password sync = yes
> >    passwd program = /usr/bin/passwd %u
> >    passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> > pam password change = yes usershare max shares = 100
> >    usershare allow guests = yes
> >    clustering = yes
> >    ctdbd socket = /var/run/ctdb/ctdbd.socket
> >    max protocol = SMB2
> >    large readwrite = yes
> >    idmap config *:range = 1000000-1999999
> >    use sendfile = yes
> >    store dos attributes = yes
> >    acl_xattr:ignore system acls = yes
> >    aio read size = 1024
> >    oplocks = no
> >    deadtime = 10
> >    aio write behind = true
> >    socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
> >    vfs objects = acl_xattr
> >    load printers = no
> >    idmap config *:backend = tdb2
> >    security = user
> >    idmap config ROOT:range = 2000000-2999999
> >    idmap config ROOT:backend = rid
> >    restrict anonymous = 2
> >    passdb backend = ldapsam:ldap://xxx
> >    ldap admin dn = "xxx"
> >    ldap suffix = "xxx"
> >    ldap delete dn = no
> >    ldap ssl = off
> >
> > Now???clent need to re-login because server has closed the connection.
> > Then try to access samba and report error:' Windows cannot access,
> > you do not have permission to access' I reboot client but it still
> > report this error.
> >
> 
> Lets start with the obvious:
> 
> Your workgroup is:
> 
>    workgroup = H3C ONESTOR
> 
> But you are trying to get users for another workgroup:
> 
>    idmap config ROOT:range = 2000000-2999999
>    idmap config ROOT:backend = rid
> 
> Why ??
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list