Re: [Samba] "not permitted to access this share"
On Tue, Mar 19, 2013 at 02:54:52PM -0400, Mark Drummond wrote: > Hello all, > > Been fighting with this all day and I am at a loss. Maybe I've been > staring at it too long. I'm getting a "not permitted to access this > share error" where I think I should be getting in no problem. > > user 'fizbin' (from session setup) not permitted to access this share (logs) > > Configuration: > > Two AIX 6.1 (6100-06-06) LPARs both running Samba 3.3.12 binaries > from IBM. LPAR1 is working great. No problem accessing the shares > created there. On LPAR2 I cannot access any shares. Both are > configured for domain authentication and that seems to be working. > wbinfo -u returns a list of domain users. On both systems I get: > > check_ntlm_password: authentication for user [fizbin] -> [fizbin] -> > [fizbin] succeeded > > The global sections of smb.conf are the same on both machines. Not > sure where to go from here. The two systems seem to be identical. Any > tips would be appreciated. Debug level 10 log. Look into the lines just before the "not permitted to access this share" message. My guess would be ACLs on the share itself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] "not permitted to access this share"
Hello all, Been fighting with this all day and I am at a loss. Maybe I've been staring at it too long. I'm getting a "not permitted to access this share error" where I think I should be getting in no problem. user 'fizbin' (from session setup) not permitted to access this share (logs) Configuration: Two AIX 6.1 (6100-06-06) LPARs both running Samba 3.3.12 binaries from IBM. LPAR1 is working great. No problem accessing the shares created there. On LPAR2 I cannot access any shares. Both are configured for domain authentication and that seems to be working. wbinfo -u returns a list of domain users. On both systems I get: check_ntlm_password: authentication for user [fizbin] -> [fizbin] -> [fizbin] succeeded The global sections of smb.conf are the same on both machines. Not sure where to go from here. The two systems seem to be identical. Any tips would be appreciated. - Mark The content of this message is subject to our e-mail confidentiality policy. http://www.empire.ca/docs/email/conf Le contenu de ce message est assujetti à notre politique en matière de confidentialité des courriels. http://www.empire.ca/docs/email/conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] not permitted to access this share [Solved]
Turned out to be Require Ntlmv2 and 128Bit encryption was set via Group Policy Object on the clients. Once these were turn off the shares could be mounted no problem. Not had chance to try Samba 3.4.x , its assumed that 3.0.33 doesn't work with the client settings mentioned above. Thanks To all who replied. Andy -Original Message- From: Marr,A,Andy,DGE62 C Sent: 30 September 2009 13:39 To: samba@lists.samba.org Subject: RE: [Samba] not permitted to access this share It seems the SMBclient software on the SAMBA server has no issues mounting a share using ADS for authentication , but the PC Clients in the AD are unable to mount the share. Can anyone point in the right direction to look ? -Original Message- From: Eero Volotinen [mailto:eero.voloti...@iki.fi] Sent: 29 September 2009 17:44 To: Marr,A,Andy,DGE62 C Cc: samba@lists.samba.org Subject: Re: [Samba] not permitted to access this share andy.m...@bt.com kirjoitti: > Update if anyone's reading. > > I've turn off winbind and removed winbind from nsswitch.conf on the > samba server. > > I can now get a connection using smbclient on the samba server - using > the users AD password. > /usr/sfw/bin/smbclient //fgukshppay001/lsww -U admandymarr > Password: > Domain=[FIRSTGROUP] OS=[Unix] Server=[Samba 3.0.33] > smb: \> > > > But I still cannot get a connection via the PC's in the domain. > > > P:\>net use * \\FGUKSHPPAY001\LSWW > System error 64 has occurred. > > The specified network name is no longer available. Can you ping FGUKSHPPAY001 from cmd.exe on windows machine ? If not, maybe it is wins (dns) name resolving issue? Try using \\full.dns.name\LSWW on windows machine? -- Eero, RHCE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] not permitted to access this share
It seems the SMBclient software on the SAMBA server has no issues mounting a share using ADS for authentication , but the PC Clients in the AD are unable to mount the share. Can anyone point in the right direction to look ? -Original Message- From: Eero Volotinen [mailto:eero.voloti...@iki.fi] Sent: 29 September 2009 17:44 To: Marr,A,Andy,DGE62 C Cc: samba@lists.samba.org Subject: Re: [Samba] not permitted to access this share andy.m...@bt.com kirjoitti: > Update if anyone's reading. > > I've turn off winbind and removed winbind from nsswitch.conf on the > samba server. > > I can now get a connection using smbclient on the samba server - using > the users AD password. > /usr/sfw/bin/smbclient //fgukshppay001/lsww -U admandymarr > Password: > Domain=[FIRSTGROUP] OS=[Unix] Server=[Samba 3.0.33] > smb: \> > > > But I still cannot get a connection via the PC's in the domain. > > > P:\>net use * \\FGUKSHPPAY001\LSWW > System error 64 has occurred. > > The specified network name is no longer available. Can you ping FGUKSHPPAY001 from cmd.exe on windows machine ? If not, maybe it is wins (dns) name resolving issue? Try using \\full.dns.name\LSWW on windows machine? -- Eero, RHCE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] not permitted to access this share
Thanks Eero I've tried , but I get the same error :( still looking ... P:\>net use * \\FGUKSHPPAY001.FirstGroup.com\LSWW System error 64 has occurred. The specified network name is no longer available. P:\>ping FGUKSHPPAY001.FirstGroup.com Pinging FGUKSHPPAY001.FirstGroup.com [XXX.XXX.XXX.XXX] with 32 bytes of data: Reply from XXX.XXX.XXX.XXX: bytes=32 time<1ms TTL=252 Reply from XXX.XXX.XXX.XXX: bytes=32 time<1ms TTL=252 Reply from XXX.XXX.XXX.XXX: bytes=32 time<1ms TTL=252 Ping statistics for XXX.XXX.XXX.XX: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms -Original Message- From: Eero Volotinen [mailto:eero.voloti...@iki.fi] Sent: 29 September 2009 17:44 To: Marr,A,Andy,DGE62 C Cc: samba@lists.samba.org Subject: Re: [Samba] not permitted to access this share andy.m...@bt.com kirjoitti: > Update if anyone's reading. > > I've turn off winbind and removed winbind from nsswitch.conf on the > samba server. > > I can now get a connection using smbclient on the samba server - using > the users AD password. > /usr/sfw/bin/smbclient //fgukshppay001/lsww -U admandymarr > Password: > Domain=[FIRSTGROUP] OS=[Unix] Server=[Samba 3.0.33] > smb: \> > > > But I still cannot get a connection via the PC's in the domain. > > > P:\>net use * \\FGUKSHPPAY001\LSWW > System error 64 has occurred. > > The specified network name is no longer available. Can you ping FGUKSHPPAY001 from cmd.exe on windows machine ? If not, maybe it is wins (dns) name resolving issue? Try using \\full.dns.name\LSWW on windows machine? -- Eero, RHCE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] not permitted to access this share
andy.m...@bt.com kirjoitti: Update if anyone's reading. I've turn off winbind and removed winbind from nsswitch.conf on the samba server. I can now get a connection using smbclient on the samba server - using the users AD password. /usr/sfw/bin/smbclient //fgukshppay001/lsww -U admandymarr Password: Domain=[FIRSTGROUP] OS=[Unix] Server=[Samba 3.0.33] smb: \> But I still cannot get a connection via the PC's in the domain. P:\>net use * \\FGUKSHPPAY001\LSWW System error 64 has occurred. The specified network name is no longer available. Can you ping FGUKSHPPAY001 from cmd.exe on windows machine ? If not, maybe it is wins (dns) name resolving issue? Try using \\full.dns.name\LSWW on windows machine? -- Eero, RHCE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] not permitted to access this share
Update if anyone's reading. I've turn off winbind and removed winbind from nsswitch.conf on the samba server. I can now get a connection using smbclient on the samba server - using the users AD password. /usr/sfw/bin/smbclient //fgukshppay001/lsww -U admandymarr Password: Domain=[FIRSTGROUP] OS=[Unix] Server=[Samba 3.0.33] smb: \> But I still cannot get a connection via the PC's in the domain. P:\>net use * \\FGUKSHPPAY001\LSWW System error 64 has occurred. The specified network name is no longer available. P:\> Any ideas ? -Original Message- From: Marr,A,Andy,DGE62 C Sent: 29 September 2009 14:38 To: samba@lists.samba.org Cc: Marr,A,Andy,DGE62 C Subject: RE: not permitted to access this share I've checked the wbinfo all returns as expected . I've checked the user on the UNIX server can access the files and dir - no problem. I don't understand if SAMBA is actually try to map FIRSTGROUP\admandymarr on to the share ? If it is then it wont work, as the share only specifies the username not the domain and username. I'm not using PAM for these shares , is it needed ? Am I missing a trick ? Anything would be a help Regards Andy -Original Message- From: Marr,A,Andy,DGE62 C Sent: 29 September 2009 11:01 To: samba@lists.samba.org Subject: not permitted to access this share Hi all I've a SAMBA 3.0.33 server running on Solaris 10 sparc. The server is joined to a Windows ADS. I'm getting the following error when trying to access the share as an AD user from a windows machine. [2009/09/29 10:48:05, 2] smbd/service.c:(616) user 'FIRSTGROUP\admandymarr' (from session setup) not permitted to access thi s share (lsww) [2009/09/29 10:48:05, 3] smbd/error.c:(106) error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED ) I setup a temp share with an empty valid users list , but I get the same issue. I'm not sure if the user should have the domain\user when trying to access the share ? I'm so close :-) Any pointers would be great ? Smb.conf [global] workgroup = FIRSTGROUP netbios name = FGUKSHPPAY001 realm = FIRSTGROUP.COM preferred master = no server string = DR Samba Server security = ADS encrypt passwords = yes allow trusted domains = yes log level = 5 log file = /var/samba/log/log.%m max log size = 250 printcap name = /dev/null load printers = no idmap uid = 62000-73000 idmap gid = 6200-7300 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes template homedir = /export/home/%U template shell = /bin/bash password server = fgukcbpadc001.firstgroup.com # Share Definitions == [temp] comment = lsww path = /tmp valid users = public = yes browseable = yes read only = yes [lsww] comment = lsww path = /mirror/livesww/list valid users = admandymarr public = yes browseable = yes read only = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] not permitted to access this share
I've checked the wbinfo all returns as expected . I've checked the user on the UNIX server can access the files and dir - no problem. I don't understand if SAMBA is actually try to map FIRSTGROUP\admandymarr on to the share ? If it is then it wont work, as the share only specifies the username not the domain and username. I'm not using PAM for these shares , is it needed ? Am I missing a trick ? Anything would be a help Regards Andy -Original Message- From: Marr,A,Andy,DGE62 C Sent: 29 September 2009 11:01 To: samba@lists.samba.org Subject: not permitted to access this share Hi all I've a SAMBA 3.0.33 server running on Solaris 10 sparc. The server is joined to a Windows ADS. I'm getting the following error when trying to access the share as an AD user from a windows machine. [2009/09/29 10:48:05, 2] smbd/service.c:(616) user 'FIRSTGROUP\admandymarr' (from session setup) not permitted to access thi s share (lsww) [2009/09/29 10:48:05, 3] smbd/error.c:(106) error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED ) I setup a temp share with an empty valid users list , but I get the same issue. I'm not sure if the user should have the domain\user when trying to access the share ? I'm so close :-) Any pointers would be great ? Smb.conf [global] workgroup = FIRSTGROUP netbios name = FGUKSHPPAY001 realm = FIRSTGROUP.COM preferred master = no server string = DR Samba Server security = ADS encrypt passwords = yes allow trusted domains = yes log level = 5 log file = /var/samba/log/log.%m max log size = 250 printcap name = /dev/null load printers = no idmap uid = 62000-73000 idmap gid = 6200-7300 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes template homedir = /export/home/%U template shell = /bin/bash password server = fgukcbpadc001.firstgroup.com # Share Definitions == [temp] comment = lsww path = /tmp valid users = public = yes browseable = yes read only = yes [lsww] comment = lsww path = /mirror/livesww/list valid users = admandymarr public = yes browseable = yes read only = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] not permitted to access this share
Hi all I've a SAMBA 3.0.33 server running on Solaris 10 sparc. The server is joined to a Windows ADS. I'm getting the following error when trying to access the share as an AD user from a windows machine. [2009/09/29 10:48:05, 2] smbd/service.c:(616) user 'FIRSTGROUP\admandymarr' (from session setup) not permitted to access thi s share (lsww) [2009/09/29 10:48:05, 3] smbd/error.c:(106) error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED ) I setup a temp share with an empty valid users list , but I get the same issue. I'm not sure if the user should have the domain\user when trying to access the share ? I'm so close :-) Any pointers would be great ? Smb.conf [global] workgroup = FIRSTGROUP netbios name = FGUKSHPPAY001 realm = FIRSTGROUP.COM preferred master = no server string = DR Samba Server security = ADS encrypt passwords = yes allow trusted domains = yes log level = 5 log file = /var/samba/log/log.%m max log size = 250 printcap name = /dev/null load printers = no idmap uid = 62000-73000 idmap gid = 6200-7300 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes template homedir = /export/home/%U template shell = /bin/bash password server = fgukcbpadc001.firstgroup.com # Share Definitions == [temp] comment = lsww path = /tmp valid users = public = yes browseable = yes read only = yes [lsww] comment = lsww path = /mirror/livesww/list valid users = admandymarr public = yes browseable = yes read only = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba