[Samba] Samba Active Directory NT_STATUS_ACCESS_DENIED - expired?

[Andreas Unterkircher]

Hello list,

I'm using several samba server (mix between v2.2 and v3.0 versions) 
within an Active Directory domain. These servers are normal domain 
members and winbind is used to lookup the domain users on the linux 
machines.


Sometimes it looks like that some of the servers get kicked out of the 
domain. In the samba logs suddenly NT_STATUS_ACCESS_DENIED messages 
appear and samba stopps authenticate users against domain.


The computer account is still present in Active Directory. I've check 
if the account has expired but it's expired time is far away 
(9223372036854775807, in 2038 ...). The account is neither inactive, 
disabled or locked out.


When I try to rejoin on the existing computer account (smbpasswd -j, 
net join) it works on samba side but in the domain controllers event 
log I see some of the following errors:


The session setup from the computer SRV-MFM-30 failed to authenticate. 
The name of the account referenced in the security database is 
SRV-MFM-30$.  The following error occurred: Access is denied.


I have to remove the computer object and join the domain again. Then 
everything works again (for some time).


This happens with security=domain (rpc) and also with security=ads 
(ldap,kdc,...). The timeframe ist mostly 2 or 3 months.


Anyone has a clue what can cause this or encountered similar problems?

Cheers,
Andreas Unterkircher

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba & MS Office

[Andreas Unterkircher]

Hello!

I have a strange probleme with samba (debian sid, 3.0final) and
Microsoft Office (in moment 97 is in use, but the same error
with Office XP). I didn't found something in the Mailing-Lists-Archive, 
so I simple ask - Samba is used as PDC with Domain-Logons.

When creating a new Document in Microsoft Word and try to save
it on a samba share, we always get an error - Word says, that
saving this file failed (no more information), than it asks, if we
would try to safe again, we click on Yes and than it works!?!?

Debugging is fully turned on (level 10), but we only see, that samba
says, writing ist ok, but in the first try, it hasn't saved this file!

This happens only with the MS Office. I also tried it with (as example)
notepad to save a simple txt-file and this makes no problem!

If found some informations in the Mailing-List and enabled following
things:
strict allocate = Yes
strict locking = Yes
strict sync = Yes

But that hasn't solved the Problem.

Here is a snap of our smb.conf

# Global parameters
[global]
workgroup = OURSMBDOMAIN
security=user
name resolve order=wins bcast
server string = %h server (Samba %v)
interfaces = 192.168.193.0/24
encrypt passwords = true
unix password sync = Yes
log level = 10
time server = Yes
keepalive = 30
guest account = nobody
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
SO_RCVBUF=4096
domain admin group = root, Administrator, @smbusers
add user script = /usr/sbin/useradd -g 100 -d /dev/null -s
/bin/false -M %u
logon path = \\%N\profiles\%U
logon script = %U.bat
domain logons = Yes
os level = 64
preferred master = True
domain master = True
wins support = Yes
printing = cups
strict allocate = Yes
strict locking = Yes
strict sync = Yes
unix charset = 850

[office]
comment = Office 
path = /mnt/shares/office
public = no
force group = +office
force create mode = 2510
force directory mode = 2510
security mask = 0267
directory security mask = 0267
writeable = yes
create mode = 2770
directory mode = 2770
valid users = @office 


Thank's for any information!

Greetings, Andreas




Andreas Unterkircher
CUBiT IT Solutions GmbH

Albertgasse 43
A-1080 Wien
Tel: +43-1-7189880-0
Fax: +43-1-7189880-11

[EMAIL PROTECTED]
http://www.cubit.at
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba