Nolan Garrett wrote:
Gary Dale wrote:
Nolan Garrett wrote:
I have a linux box, Samba 3.0.23a, that is joined to a W2K3 domain.
I cannot connect to the "MP3s" share (all legal!) on this system - I
can connect to home directories and printers. When I try to connect
to MP3s as any user on the domain, I get an Access is denied message,
or it prompts me for the username and password again. I am using
Winbind (if that matters), so none of these accounts exist locally on
the system.
Here is the applicable part of my smb.conf: [MP3s] path =
/home/samba/MP3s ; writeable = no browseable = yes valid users
= @"MASSIVEGEEK+Domain Users" writeable = yes
And here is the actual file permissions: drwxrwx--- 93 root domain
users 4096 Jul 14 18:54 MP3s
Any ideas here? I've tried connecting from several different systems
(XP, 2003, Linux), with no luck. Here is output from smbclient:
[EMAIL PROTECTED] ~]# smbclient //mggryphont.massivegeek.local/MP3s -U
MASSIVEGEEK\\mgwinxpvm1vpn -d 2 added interface ip=192.168.0.1
bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1
bcast=127.255.255.255 nmask=255.0.0.0 Password: Domain=[MASSIVEGEEK]
OS=[Unix] Server=[Samba 3.0.23a-1.fc5.1] tree connect failed:
NT_STATUS_ACCESS_DENIED
Thank you!
Nolan
Your valid users looks a little funny. Have you tried
valid users = @"Domain Users"
instead?
I'm assuming that your server is a member of the domain.
Yeah, the server is a member of the domain. I tried that line above, no
luck either. I've also tried it with no "valid users" line, but still
no luck. I did find this in the logs:
[2006/07/28 10:37:12, 0] smbd/service.c:make_connection_snum(773)
make_connection: connection to MP3s denied due to security descriptor.
Any idea what that means?
Here's my [global]:
[global]
workgroup = MASSIVEGEEK
server string = Samba Server
printcap name = /etc/printcap
load printers = yes
printer admin = MASSIVEGEEK+ngarrett MASSIVEGEEK+Administrator root
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
security = ADS
realm = MASSIVEGEEK.LOCAL
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = yes
username map = /etc/samba/smbusers
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%D/%U
admin users = @"MASSIVEGEEK+Domain Admins"
Thanks!
Sorry, you've passed beyond my level of expertise here with Kerberos and
ADS.
I can suggest you try some simple things like bumping up your log level
and doing some testing. Perhaps try a share connecting as a user where
the user is local as well as a domain user. The message looks like it is
complaining about security, so I suspect it isn't getting the
information it expects from your DC (if it is even communicating with it).
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
