[Samba] Cannot share folders access denid PDC+LDAP.

Alberto Moreno portsbsd at gmail.com
Fri Jun 3 00:30:01 UTC 2016

Hi, is time to get help.

I have a DOMAIN with samba3.6.23-9.el5_11 Centos 5.11 x64
Windows XP/Win7/Win8.1 domain no issues.(x32/x64)
I have even 2 Linux Centos 5.x in my domain x64

Now, I have add 1 Centos 6.x x64 updated.

Samba 3.6.23-35.el6_8

I had setup LDAP client on this server to get users/groups  and add to my
domain with net rpc join, no issue.

I can see the server on my domain no issue, the problem start went I setup
my shares folders and some users.

Public folders no problem, the problem are went I use  usernames where have
'Uppercase' the firs letter.

For some strange reason cannot talk very well with my ldap server.

Case 1: upper and lower case.


[root at servera ~]# id Test
uid=1062(test) gid=513(Domain Users) groups=513(Domain Users)
[root at aervera ~]# id test
uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw)
[root at servera ~]#

Test or test return info.

Now let test the SERVER-BAD
[root at mbx-server2 opt]# id test
uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw)
[root at mbx-server2 opt]# id Test
id: Test: No such user
[root at mbx-server2 opt]#

test is diff than Test.

Now, what happen on my domain?

I have some users that appear like this on windows:


I setup my share:

        path = /opt/it
        writeable = Yes
        public = No
        guest ok = No
        valid users = test, Notadmin, dflores
        create mode = 0770
        directory mode = 0770
        force group = itmbx
        force create mode = 0770
        force directory mode = 0770
        admin users = root Notadmin

The user Notadmin cannot access this share.

I had check settings but I use the same us the other servers, some new
flags but nothing that took my attention:

        workgroup = MYDOMAIN
        netbios name = mbx-server2
        hosts allow = 192.168.2., 192.168.1., 127., 192.168.20.,
192.168.30., 192.168.40., 192.168.50.
        hosts deny =
        smb ports = 139 445
        lanman auth = Yes
        client lanman auth = Yes
        security = DOMAIN
        encrypt passwords = yes
        syslog = 1
        log level = 1
        log file = /var/log/samba/%m.%U.log
        max log size = 2048
        socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384
        name resolve order = wins bcast hosts lmhost
        username map = /etc/samba/usermap
        domain logons = No
        domain master = No
        local master = No
        preferred master = No
        wins server =
        idmap config * : backend = ldap
        idmap config * : range = 10000-20000
        logon path =
        logon home =
        display charset = LOCALE
        unix charset = UTF-8
        dos charset = CP850
        client ipc signing = auto
        map to guest = Bad User
        load printers = No
        show add printer wizard = No
        use sendfile = Yes
        map readonly = no
        case sensitive = No
        dns proxy = No
        winbind separator = +

What SAMBA-BAD say on logs:

[2016/05/31 09:24:48.856147,  3]
  Got user=[Notadmin] domain=[MYDOMAIN] workstation=[MBX-WIN8R1PM] len1=24
[2016/05/31 09:24:48.856641,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[MYDOMAIN\[Notadmin]@[MBX-WIN8R1PM] with the new password interface
[2016/05/31 09:24:48.856751,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [MYDOMAIN]\[Notadmin]@[MBX-WIN8R1PM]
[2016/05/31 09:24:48.864733,  3] auth/auth_util.c:1087(check_account)
  Failed to find authenticated user MYDOMAIN\Notadmin via getpwnam(),
denying access.
[2016/05/31 09:24:48.864888,  2] auth/auth.c:330(check_ntlm_password)
  check_ntlm_password:  Authentication for user [Notadmin] -> [Notadmin]
[2016/05/31 09:24:48.864935,  3] smbd/sesssetup.c:63(do_map_to_guest)

Any recomendation about I will appreciated, thanks!!!
LIving the dream...

More information about the samba mailing list