Mauricio Perez
2012-Aug-15 02:22 UTC
[Samba] samba 3 create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
Hi everybody.... I'm trying to build a fileserver with samba. And I had it
ok when users where authenticating via samba, but I changed the
authentication method to OpenLDAP, and for some strange reason users can
not access the shares anymore... it is giving me this error:
"create_connection_server_info failed: NT_STATUS_ACCESS_DENIED".
I have chacked the permission in the SO and is 777 for the hole share
estructure.
I have tried to use "username =" but it enters any user, not only the
permited ones.
The LDAP server is authenticating right, I know because I use him as a base
for my DC's.
The server with that problem is not my PDC. It is just a fileserver.
I've read that it is because I'm using "valid users = " is
that right? I've
tried to use "valid users" whit "write list" but it had no
effect. I don't
know what to do any more.
thank's in advance. If anyone can help me, I will be very grateful
Here is my smb.conf
[global]
# ---------------- Autentica??o -------------------
workgroup = <DOMAIN IN PDC>
netbios name = <NETBIOS NAME>
security = DOMAIN
password server = <IP OF LDAP>
dos charset = ISO8859-1
unix charset = UTF-8
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
# ----------------- Recycle ---------------------
recycle: keeptree = Yes
recycle:maxsize = 0
recycle:touch = True
recycle:exclude = *.tmp,*.log,*.obj,~*.*,*.bak,*.iso,*.temp,*.o,~$*
recycle:repository = /opt/FNMA/lixeira/%U
recycle:noversions = *.doc|*.xls|*.ppt|*.dwg|*.dxf|*.txt
recycle:exclude_dir = tmp, cache
recycle:versions = Yes
# ---------------- Audit ---------------------
full_audit:priority = notice
full_audit:prefix = %m|%I|%u|%S
full_audit:facility = local5
full_audit:success = rename rmdir unlink open write
full_audit:failure = none
# ---------------- Log --------------------
log level = 1
log file = /var/log/samba/%m.log
syslog = 0
max log size = 1000
# --------------- Misc ---------------------
veto files
/*.mp3/*.ogg/autorun.inf/autorun.vbs/autorun.bat/autorun.wsh/autorun.bin/autorun.reg/autorun.txt/AUTORUN.BMK/copy.exe/host.exe/*.tmp/*.temp/~$*/
dns proxy = no
load printers = no
hide dot files = yes
# -------------------- Compartilhamentos -------------------
[FNMA]
vfs objects = recycle, full_audit
path = /opt/FNMA
write list = <users>
comment = Todos arquivos do FNMA
valid users = <users>
create mode = 0770
directory mode = 775
#vfs object = recycle, full_audit
[DIRETORIA]
vfs objects = recycle, full_audit
browseable = yes
writeable = yes
path = /opt/FNMA/Diretoria
force user = root
comment = Arquivos da Diretoria
valid users = @dir
write list = @dir
create mode = 770
public = yes
directory mode = 775
[CINF]
force user = root
comment = Coordenadoria de Informatica
browseable = no
valid users = @gead-cinf
write list = @gead-cinf
writeable = yes
create mode = 770
path = /opt/FNMA/GEAD/CINF
directory mode = 775
#vfs objects = recycle, full_audit
[CCON]
vfs objects = recycle, full_audit
writeable = yes
path = /opt/FNMA/GEAD/CCON
force user = root
comment = Coordenadoria de Contratos e Convenios
valid users = @gead-ccon, at gead
write list = @gead-ccon, at gead
public = yes
create mode = 770
directory mode = 775
[CFIN]
vfs objects = recycle, full_audit
writeable = yes
path = /opt/FNMA/GEAD/CFIN
force user = root
comment = Coordenadoria de Financas
valid users = @gead-cfin, at gead
write list = @gead-cfin, at gead
create mode = 770
directory mode = 775
[COAD]
vfs objects = recycle, full_audit
writeable = yes
path = /opt/FNMA/GEAD/COAD
comment = Coordenadoria Administrativa
valid users = @gead-coad, @gead, @gead-cdoc
write list = @gead-coad, @gead, @gead-cdoc
create mode = 770
directory mode = 775
Andrew Bartlett
2012-Aug-15 04:32 UTC
[Samba] samba 3 create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
On Tue, 2012-08-14 at 23:22 -0300, Mauricio Perez wrote:> Hi everybody.... I'm trying to build a fileserver with samba. And I had it > ok when users where authenticating via samba, but I changed the > authentication method to OpenLDAP, and for some strange reason users can > not access the shares anymore... it is giving me this error: > "create_connection_server_info failed: NT_STATUS_ACCESS_DENIED". > I have chacked the permission in the SO and is 777 for the hole share > estructure. > I have tried to use "username =" but it enters any user, not only the > permited ones. > The LDAP server is authenticating right, I know because I use him as a base > for my DC's. > The server with that problem is not my PDC. It is just a fileserver. > > I've read that it is because I'm using "valid users = " is that right? I've > tried to use "valid users" whit "write list" but it had no effect. I don't > know what to do any more. > > thank's in advance. If anyone can help me, I will be very grateful > > Here is my smb.conf > > [global] > # ---------------- Autentica??o ------------------- > workgroup = <DOMAIN IN PDC> > netbios name = <NETBIOS NAME> > security = DOMAIN > password server = <IP OF LDAP> > dos charset = ISO8859-1 > unix charset = UTF-8 > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind use default domain = yesThis is not how you connect Samba to OpenLDAP. This is how you connect Samba to Samba classic (eg 3.x) domain. Perhaps you need to join the domain using 'net rpc join'? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org