Mansell, Gary
2004-Jan-29 11:09 UTC
[Samba] Can't map [homes] share with Samba 3 configured as PDC
Hi,
I have followed the worked example in the HOWTO documentation for the small
Engineering Office which demonstrates how to configure Samba-3 as the PDC for an
NT domain.
I have setup a RHAS 3.0 Linux box and have configured Samba as per the
instructions in the book.
Using an NT 4.0 client workstation I can sucessfully login as the user grma (It
authenticates against the Samba PDC OK) but I cannot seem to map the user's
home directory. The log file indicates: NT_STATUS_ACCESS_DENIED
This seems strange to me as I have had home directories working fine on previous
versions of Samba that are not acting as PDC's.
Here is my smb.conf file:
[root@mistysrv samba]# more /etc/samba/smb.conf
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2004/01/28 15:11:06
# Global parameters
[global]
debug level = 10
workgroup = MISTY
server string = MISTYSRV Samba Server %v
passdb backend = tdbsam
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
delete user from group script = /usr/sbin/useradd -s /bin/false -d
/dev/null %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = no
idmap uid = 15000-20000
idmap gid = 15000-20000
printing = cups
[homes]
comment = Home Directories
valid users = %S
browseable = No
writeable = yes
create mode = 0644
directory mode = 0755
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Share
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
browseable = No
[print$]
comment = Printer Drivers Share
path = /var/lib/samba/drivers
write list = root
printer admin = root
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
Here is some of the output from the workstation's logfile that I think is
pertinent. The problem seems to be highlighted as NT_STATUS_ACCESS_DENIED
[2004/01/29 10:49:25, 6] lib/util_sock.c:write_socket(407)
write_socket(16,128)
[2004/01/29 10:49:25, 6] lib/util_sock.c:write_socket(410)
write_socket(16,128) wrote 128
[2004/01/29 10:49:35, 5] smbd/uid.c:change_to_root_user(218)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2004/01/29 10:49:35, 4] smbd/reply.c:reply_tcon_and_X(266)
Client requested device type [A:] for share [GRMA]
[2004/01/29 10:49:35, 5] smbd/service.c:make_connection(830)
making a connection to 'homes' service [GRMA] created at session setup
time
[2004/01/29 10:49:35, 10] lib/username.c:user_in_list(504)
user_in_list: checking user grma in list
[2004/01/29 10:49:35, 10] lib/username.c:user_in_list(508)
user_in_list: checking user |grma| against |%S|
[2004/01/29 10:49:35, 2] smbd/service.c:make_connection_snum(384)
user 'grma' (from session setup) not permitted to access this share
(grma)
[2004/01/29 10:49:35, 3] smbd/error.c:error_packet(113)
error packet at smbd/reply.c(274) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2004/01/29 10:49:35, 5] lib/util.c:show_msg(478)
[2004/01/29 10:49:35, 5] lib/util.c:show_msg(488)
size=35
smb_com=0x75
smb_rcls=34
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=51966
smb_uid=101
smb_mid=1856
smt_wct=0
smb_bcc=0
[2004/01/29 10:49:35, 6] lib/util_sock.c:write_socket(407)
Some help would be very gladly appreciated
Regards
Gary Mansell
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.If you
have received this e-mail in error please notify the sender immediately and
delete this e-mail from your system.Please note that any views or opinions
presented in this e-mail are solely those of the author and do not necessarily
represent those of Ricardo (save for reports and other documentation formally
approved and signed for release to the intended recipient).Only Directors or
Duly Authorised Officers are authorised to enter into legally binding
obligations on behalf of Ricardo unless the obligation is contained within a
Ricardo Purchase Order. Ricardo may monitor outgoing and incoming e-mails and
other telecommunications on its e-mail and telecommunications systems. By
replying to this e-mail you give consent to such monitoring.The recipient should
check this e-mail and any attachments for the presence of viruses. Ricardo
accepts no liability for any damage caused by any virus transmitted by this
e-mail. "Ricardo" means Ricardo plc and its subsidiary companies.
Ricardo plc is a public limited company registered in England with registered
number 00222915.
The registered office of Ricardo plc is Bridge Works, Shoreham-by Sea, West
Sussex, BN43 5FG.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
Knut Kroeger
2004-Jan-29 12:08 UTC
[Samba] Can't map [homes] share with Samba 3 configured as PDC
Hi Gary, Mansell, Gary schrieb:> Hi, > > I have followed the worked example in the HOWTO documentation for the small Engineering Office which demonstrates how to configure Samba-3 as the PDC for an NT domain. > > I have setup a RHAS 3.0 Linux box and have configured Samba as per the instructions in the book. > > Using an NT 4.0 client workstation I can sucessfully login as the user grma (It authenticates against the Samba PDC OK) but I cannot seem to map the user's home directory. The log file indicates: NT_STATUS_ACCESS_DENIED > > This seems strange to me as I have had home directories working fine on previous versions of Samba that are not acting as PDC's. > > Here is my smb.conf file: > > [root@mistysrv samba]# more /etc/samba/smb.conf > # Samba config file created using SWAT > # from 127.0.0.1 (127.0.0.1) > # Date: 2004/01/28 15:11:06 > > # Global parameters > [global] > debug level = 10 > workgroup = MISTY > server string = MISTYSRV Samba Server %v > passdb backend = tdbsam > log file = /var/log/samba/%m.log > max log size = 50 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > printcap name = cups > add user script = /usr/sbin/useradd -m %u > delete user script = /usr/sbin/userdel -r %u > add group script = /usr/sbin/groupadd %g > delete group script = /usr/sbin/groupdel %g > add user to group script = /usr/sbin/usermod -G %g %u > delete user from group script = /usr/sbin/useradd -s /bin/false -d /dev/null %u > logon script = scripts\logon.bat > logon path = \\%L\Profiles\%U > logon drive = H: > logon home = \\%L\%U > domain logons = Yes > os level = 35 > preferred master = Yes > domain master = Yes > dns proxy = No > ldap ssl = no > idmap uid = 15000-20000 > idmap gid = 15000-20000 > printing = cupsOT: wins support = yes would be a good idea for a PDC if you haven?t wins running on any other machine.> > [homes] > comment = Home Directories > valid users = %SAFAIK this wont?t work properly with samba 3.x. Did you tried this without "valid users = %S"? [....] Your smb.conf looks good, but did you check it with testparm? Greeting from Germany Knut