Michael Lueck
2004-Aug-22 12:30 UTC
[Samba] Someone with "Access Denied" from Windows pls try this test to compare notes with me
Long day yesterday for us here, first production implementation of Samba has to be rolled out and the client's old network reinstalled... cause: this "access deneied" issue which seems to be randomly affecting Samba implementations and from what I can see folks say Samba 3.0.2 was the last good build. If that describes you, please test this as I have come up with a way to turn the problem on/off like a light switch. (Samba team... have I got your attention????) Again, you may review how I have configured Samba PDC from my KLUG presentation. ftp://ftp.lueckdatasystems.com/pub/presentations/klugsamba3pdc-bookreview.pdf Specifically jump to pages 7 through 9, that is the critical part. I have configured the security environment to allow for independant assignment of permissions to three different areas of security: 1) The user in the Linux workd (SSH to the server, X logon, etc...) 2) The Samba domain user / PDC 3) The local permissions on the Win2K (WinXP) desktop. This error ONLY happens... (ah, the error affects either command prompt use or Windows explorer use of NET USE'ed network drives, but does NOT affect UNC access to the same) when the configuration being tested includes the user having Administrator permissions to the workstation. If I make the user a member of the Linux group ntadmins, bang "Access Denied". If I move the user to ntpwrusr and relogin, the mapped drives work fine. Further, I have logged in workstation only to the local Administrator account and then used ANY ID known to smbpasswd to NET USE to the server, 100% "Access Denied" so the account allowing local access to the Windows computer need not be a domain account. I have not tested (yet) from a workstation which has not joined the Samba PDC to see if those are affected as well. This has only happened for us with the Samba 3.0.5 Debian package. We banged the Samba 3.0.4 Debian package hard in the process of coming up with our standard configuration and the demo to KLUG, "access denied" was never an issue. Unfortunately 3.0.2 and 3.0.4 Debian packages seem to have been purged from both debian.org and samba.org, so not at all sure how we would be able to roll back that far... I will be testing the Debian package of 3.0.6 soon. Could someone with the "Access Denied" errors happening consistently test the configuration of local administrator permissions turning the problem on/off please? TIA! -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly.
Michael Lueck
2004-Aug-23 13:17 UTC
[Samba] Update -> Someone with "Access Denied" from Windows pls try this test to compare notes with me
I quickly tested the 3.0.6 Debian packages from samba.org on a test box and local admin causing Access Denied to server drives seems not to happen. So the production server has now had the 3.0.5 packages purged, 3.0.6 packages installed, reconfigured, and thus far no Access Denied error while testing. I don't see that "Access Denied" issues were specifically addressed with 3.0.6. However since we had purged and reinstalled the 3.0.5 packages and the problem had persisted through that operation, I must give some credit that it probably was not a corrupted tdb file or something and might indeed be a code related cause. Not sure I will have more to report on this, unless of course the error comes back. I did manage to find 3.0.4 and 3.0.2 deb's via a couple of mirrors with old code, so we do have those to fall back to should the error come back with 3.0.6. I would be interested to hear if others with this error can turn it on/off via workstation admin permissions. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly.
Apparently Analagous Threads
- make_user_info_map in log with blank Doman and UserID args
- Not seeing the expected group memberships with ifmember.exe /list
- Q about net groupmap examples on samba.org
- Update -> Someone with "Access Denied" from Windows plstry this test to compare notes with me
- Update -> Someone with "Access Denied" from Windows pls try this test to compare notes with me