Hi! I've strange access problem. I'm migrating samba server from Suse to Ubuntu, and seems like it won't work like expected. All the time problem is that normal users without admin rights can't access shares. They can access their own home directories, but not common shares which are limited to some groups.
Running samba 3.5.11. Below is output from few commands, config file and 2 snippets of logs as links (too big to include to this email). Logs are quite long, but with log level 2 there was nothing relevant, and loglevel 3 prints out a lots of log :-( If I have forgot to give some relevant information, don't hesitate to ask. All hints are welcome, I'me getting desperate with this. tavasti@mydomain:~$ smbclient //mydomainserver/asiakkaat -USome-User%passwd Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.11] tree connect failed: NT_STATUS_ACCESS_DENIED tavasti@mydomain:~$ id Some-User uid=1017(Some-User) gid=1001(staff) groups=1001(staff),1004(some),05(other) Log from this: http://tavasti.fi/~tavasti/misc/samba_2011-10-06_1.log pdbedit -Lv shows: --------------- Unix username: Some-User NT username: Account Flags: [U ] User SID: S-1-5-21-332992484-2805335912-4147396850-3034 Primary Group SID: S-1-5-21-332992484-2805335912-4147396850-513 Full Name: Some-User Surname Home Directory: HomeDir Drive: Logon Script: logon.bat Profile Path: Domain: MYDOMAIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 17:06:39 EET Kickoff time: Wed, 06 Feb 2036 17:06:39 EET Password last set: Wed, 05 Oct 2011 16:13:14 EEST Password can change: Wed, 05 Oct 2011 16:13:14 EEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --------------- root@mydomain:~# net -l groupmap list Domain Users SID : S-1-5-21-332992484-2805335912-4147396850-513 Unix gid : 50 Unix group: staff Group type: Domain Group Comment : Domain Unix group Domain Admins SID : S-1-5-21-332992484-2805335912-4147396850-3001 Unix gid : 1000 Unix group: ntadmins Group type: Domain Group Comment : Domain Unix group Tried to add user to group manually: root@mydomain:/var/log/samba_local# net rpc group addmem "Domain Users" Some-User Enter root's password: Could not add Some-User to Domain Users: NT_STATUS_ACCESS_DENIED Log from this: http://tavasti.fi/~tavasti/misc/samba_2011-10-06_2.log Config: ---------------------------------------------------------------------- [global] log level = 3 passwd chat = *New*password* %n\n *Retype*new*password* %n\n \ obey pam restrictions = yes socket options = TCP_NODELAY domain master = Yes time server = yes encrypt passwords = yes #passdb backend = smbpasswd passdb backend = tdbsam:/etc/samba_local/passdb.tdb logon home = passwd program = /usr/bin/passwd %u wins support = Yes unix extensions = no dns proxy = Yes oplocks = yes netbios name = mydomainserver cups options = raw server string = MYDOMAIN logon script = logon.bat ldap suffix = unix password sync = yes local master = Yes workgroup = MYDOMAIN logon path = os level = 65 security = user preferred master = Yes add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %u pam password change = yes domain logons = Yes admin users = root Mika tavasti [homes] browseable = No comment = Kotihakemistot writeable = yes valid users = %S,@staff,@root inherit acls = Yes create mode = 0660 directory mode = 0770 [profiles] browseable = No comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no writable = no #share modes = no [yleiset] writeable = yes write list = @ntadmins,@staff path = /shares/Yleiset force directory mode = 2770 force group = staff force create mode = 0770 valid users = @ntadmins,@staff create mode = 0770 directory mode = 2770 ---------------------------------------------------------------------- -- M. Tavasti / [email protected] / +358-40-5078254 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
