Help, I have set up RHEL5 to authenticate against Windows Server 2003 R2 Active Directory using ldap/kerberos. Everything works fine except that I cannot map a drive from Windows machines to the shares I have set up in Samba on the linux machine. I can log into Linux using accounts in AD, and running smbclient \\\\linuxserver\\sambashare works fine on the linux box using account information from AD. Kinit returns a ticket successfully. "wbinfo -u" successfully returns a list of users in AD, and "wbinfo -g" successfully returns a list of groups from AD. "getent passwd username" successfully returns information from AD. But if I go to a Windows machine and map a network drive, it returns the error "The network connection is longer available".
My smb.conf is as follows: I have also tried it without the socket options line. [global] socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 workgroup = phx password server = phxwn01 realm = PHX.ENG security = ads idmap backend = ad template shell = /bin/tcsh winbind use default domain = false winbind offline logon = false [vobstore] comment = PHX Vob storage path = /vobstore writeable = yes browseable = yes guest ok = yes In smbd debug mode 5, the latter part of the log.smbd file shows the following when trying to connect from the Windows machine. It seems to find the account from AD fine and grant access, but unexpectedly closes the connection for some reason. [2008/12/04 09:48:04, 5] smbd/connection.c:claim_connection(142) claiming [vobstore] [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(249) [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2693496084-966658720-213559819-1120 se_access_check: also S-1-5-21-2693496084-966658720-213559819-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2693496084-966658720-213559819-518 se_access_check: also S-1-5-21-2693496084-966658720-213559819-512 se_access_check: also S-1-5-21-2693496084-966658720-213559819-519 [2008/12/04 09:48:04, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted.. [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(249) [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2693496084-966658720-213559819-1120 se_access_check: also S-1-5-21-2693496084-966658720-213559819-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2693496084-966658720-213559819-518 se_access_check: also S-1-5-21-2693496084-966658720-213559819-512 se_access_check: also S-1-5-21-2693496084-966658720-213559819-519 [2008/12/04 09:48:04, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (10000, 4) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-2693496084-966658720-213559819-1120 contains 8 SIDs SID[ 0]: S-1-5-21-2693496084-966658720-213559819-1120 SID[ 1]: S-1-5-21-2693496084-966658720-213559819-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2693496084-966658720-213559819-518 SID[ 6]: S-1-5-21-2693496084-966658720-213559819-512 SID[ 7]: S-1-5-21-2693496084-966658720-213559819-519 SE_PRIV 0x0 0x0 0x0 0x0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 10000 Primary group is 4 and contains 1 supplementary groups Group[ 0]: 10002 [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(0,10000) gid=(0,4) [2008/12/04 09:48:04, 1] smbd/service.c:make_connection_snum(1190) phxwn01 (::ffff:192.168.50.20) connect to service vobstore initially as user p53044 (uid=10000, gid=4) (pid 6819) [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/12/04 09:48:04, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=VOBSTORE [2008/12/04 09:48:04, 5] lib/util.c:show_msg(642) [2008/12/04 09:48:04, 5] lib/util.c:show_msg(652) size=62 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=256 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 31 (0x1F) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_bcc=13 [2008/12/04 09:48:04, 0] lib/util_sock.c:read_socket_with_timeout(939) [2008/12/04 09:48:04, 0] lib/util_sock.c:get_peer_addr_internal(1607) getpeername failed. Error was Transport endpoint is not connected read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2008/12/04 09:48:04, 3] smbd/process.c:smbd_process(2035) receive_message_or_smb failed: NT_STATUS_ACCESS_DENIED, exiting [2008/12/04 09:48:04, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2008/12/04 09:48:04, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/12/04 09:48:04, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /vobstore [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/12/04 09:48:04, 1] smbd/service.c:close_cnum(1401) phxwn01 (::ffff:192.168.50.20) closed connection to service vobstore [2008/12/04 09:48:04, 3] smbd/connection.c:yield_connection(31) Yielding connection to vobstore [2008/12/04 09:48:04, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/12/04 09:48:04, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/12/04 09:48:04, 3] smbd/server.c:exit_server_common(945) Server exit (normal exit) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
