Anders Berg
2004-May-06 15:43 UTC
[Samba] Authenticates right on AD server, but still no access...
I have a linux (redhat 8.0) samba server that is a part of a Windows ADS. I have gotten user authentication to work fine (I THINK), but still I have some problems with access to share. The strange thing is that I can access the share from smbclient (on the linux server: #smbclient -d4 //Bones/share -U foo where user foo has no user on the linux box itself, so the authentication is done on/with the ADS server. Cut from log: [2004/05/06 16:23:12, 1] smbd/service.c:make_connection_snum(619) bones (10.221.32.80) connect to service vgdesk initially as user FIRM+foo (uid=15006, gid=15000) (pid 5811) And I can access the share from a windows XP computer where I have logged in on the XP machine locally first, then accessed the share with authentication (user foo). Then like the linux client test, I am all good. Cut from log: [2004/05/06 16:04:29, 1] smbd/service.c:make_connection_snum(619) hoth3 (10.221.32.20) connect to service vgdesk initially as user FIRM+foo (uid=15006, gid=15000) (pid 5512) But then I try accessing the share from a windows XP computer where I have logged in from the start (the machine is in the ADS domain) as an ADS user (foo). When I then try to access the share it does not ask me for authentication (which is shouldn't) but it does not give me any access to the share. There is only an error message (No need to tell you exactly what is says, since It is a non-english Windows OS), that tells me I do not have access to the share. If I right click the share it tells me under properties that I (foo) have no rights at all on the folder (and this I had on the examples over). Strange part is that it seems like it has autenticated alright to... Cut from log: [2004/05/06 16:17:00, 1] smbd/service.c:make_connection_snum(619) vg-andersb (10.221.75.121) connect to service vgdesk initially as user FIRM+foo (uid=15006, gid=15000) (pid 5749) So as you can see it looks like it has authenticated alright, but still no access to the same folder I have access to from 2 other machines. FYI: There is no TCP wrapper that blocks that machine (10.221.75.121) or anything. Here is the smb.conf file (foo is in VGMM group, ADS server = 10.221.1.202): [global] workgroup = FIRM server string = Bones security = ads encrypt passwords = yes realm = FIRM.LOCAL #auth methods = sam, winbind password server = 10.221.1.202 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 local master = No wins server = pluto idmap uid = 15000-20000 idmap gid = 15000-20000 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = Yes use sendfile = Yes [vgdesk] path = /samba/shared/vgdesk valid users = @VGMM write list = @VGMM read only = No create mask = 0664 directory mask = 0775 inherit permissions = Yes hide unreadable = Yes writeable = yes Samba version: 3.0.3 Anybody have a clue? YS TheBog ***************************************************************** Denne fotnoten bekrefter at denne e-postmeldingen ble skannet av MailSweeper og funnet fri for virus. ***************************************************************** This footnote confirms that this email message has been swept by MailSweeper for the presence of computer viruses. *****************************************************************