Folks,
<snip>
Folks,
I'm running SUSE Pro 9.3 with Samba 3.0.13, and I have LAN with 2
subnets. The problem (or the symptom; I may actually have two problems)
is that I can't get into some of the shares from my Win2k box (one subnet)
or from my XP laptop (other subnet). The directory structure is
/data
/data/accounts
/data/finsvcs
and the shares are accounts and finsvcs. /data is owned by root:root,
while the share directories are owned by mfwic:accounts and mfwic:finsvcs.
Each user can get into his own /home/directory just fine, and I've
confirmed that the users are correctly entered in the passwd and smbpasswd
files (as also implied by being able to get into the /home
directories). User access to the shares is granted via "valid
user=%G." From the windows devices, it's possible to browse over to (or
to go via Network Neighborhood), and see, the shares, but entering is
denied--the Windows devices invite me to log in and then reject the
login. Winbindd is running, and the windows devices are pointed to the
samba box for the WINS service.
I've run the checklist from TOSHARG2, and the only items that _don't_ work are
smbclient //lserver0/accounts -U<user> (including mfwic). That
gets me a tree connect failed: NT_STATUS_ACCESS_DENIED error. However,
if I run smbclient //lserver0/accounts -Uroot with the root password, I
get into the shares.
I cannot ping by name the machines (PC and laptop) from lserver0,
the samba box, or lserver0 from the windows machine. I can ping in both
directions by IP address.
nmblookup -B xxx '*' works when xxx=IP address, fails when
xxx=machine name.
net use x: \\lserver0\accounts fails with a bad password error
from my Win2k PC, and with a multiple connections not allowed error from
my XP laptop.
Any advice would be greatly appreciated.
Eric Hines
I got this to work, but I don't understand why, or what the implications
are on the change I made. Any advice would be greatly appreciated.
The change I made was to change valid users for the shares accounts and
finsvcs to %U from %G.
The documentation says that %G is the _primary_ group of the user in
question; the primary group of these users, from the way they were first
entered into the system is 'users;' they were only after that _added_ to
the groups owning the shares' directories. Could this be part of problem,
or is that a non-distinction? Also, what am I doing to security by
allowing the session user in and not mandating that that person be a member
of the share-owning group?
Thanks
Eric Hines
There is no nonsense so errant that it cannot be made the creed of the vast
majority by adequate governmental action.
--Bertrand Russell
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
