Jason Ruiter
2005-May-25 13:38 UTC
[Samba] Trouble with access permissions from W2K client to Samba 3.0.2 server
Greetings, I'm using Samba (3.0.2) on debian sarge as a file server for W2K clients. I'm having problems with one user in particular. The user can connect to a share, but has no write access. On the Unix side of the world, he has full write access. Attached are the relevant portions of the log file and my smb.conf file. Other details: The domain controller is W2K ADS. I have several other users who have the correct write permission. Its been a while since I've looked into w2K, so I may be missing something fundamental here. Let me know if you need more info. Thanks Jason ---Begin smb.conf--- [global] realm=COMPANYX.COM encrypt passwords = yes security=ADS password server = ADS.COMPANYX.COM username map = /etc/samba/smbusers lanman auth = no min protocol = NT1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = no server string = %h server (Samba %v) wins support = no dns proxy = no log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes guest account = nobody invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX spassword:* %n\n . [gis_lab] path=/data/gis guest ok = yes read only = yes admin users = jruiter writelist = @eetdusers create mask = 775 directory mode = 775 [homes] comment = Home Directories read only = No VAlid USers = %S browseable = no writable =yes create mask = 0700 directory mask = 0700 [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no -- End smb.conf -- --begin logfile-- [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(179) Ticket name is [RPOWELL-MI-0260$@COMPANYX.COM] [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(236) Could not find short name -- winbind not running? [2005/05/25 09:31:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(245) Username COMPANYX.COM\RPOWELL-MI-0260$ is invalid on this system [2005/05/25 09:31:23, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2005/05/25 09:31:23, 3] smbd/error.c:error_packet(118) error packet at smbd/sesssetup.c(249) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE nas:/var/log/samba# tail -100 log.198.108.103.130 [2005/05/25 09:28:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(179) Ticket name is [RPOWELL-MI-0260$@COMPANYX.COM] [2005/05/25 09:28:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(236) Could not find short name -- winbind not running? [2005/05/25 09:28:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(245) Username COMPANYX.COM\RPOWELL-MI-0260$ is invalid on this system [2005/05/25 09:28:23, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2005/05/25 09:28:23, 3] smbd/error.c:error_packet(118) error packet at smbd/sesssetup.c(249) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2005/05/25 09:29:23, 3] smbd/process.c:process_smb(890) Transaction 86 of length 1400 [2005/05/25 09:29:23, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 32088) [2005/05/25 09:29:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X(638) wct=12 flg2=0xc807 [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(518) Doing spnego session setup [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(549) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 2 840 48018 1 2 2 [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 2 840 113554 1 2 2 [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(430) Got secblob of size 1198 [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(179) Ticket name is [RPOWELL-MI-0260$@COMPANYX.COM] [2005/05/25 09:29:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(236) Could not find short name -- winbind not running? [2005/05/25 09:29:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(245) Username COMPANYX.COM\RPOWELL-MI-0260$ is invalid on this system [2005/05/25 09:29:23, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2005/05/25 09:29:23, 3] smbd/error.c:error_packet(118) error packet at smbd/sesssetup.c(249) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2005/05/25 09:30:23, 3] smbd/process.c:process_smb(890) Transaction 87 of length 1400 [2005/05/25 09:30:23, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 32088) [2005/05/25 09:30:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X(638) wct=12 flg2=0xc807 [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(518) Doing spnego session setup [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(549) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 2 840 48018 1 2 2 [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 2 840 113554 1 2 2 [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(430) Got secblob of size 1198 [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(179) Ticket name is [RPOWELL-MI-0260$@COMPANYX.COM] [2005/05/25 09:30:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(236) Could not find short name -- winbind not running? [2005/05/25 09:30:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(245) Username COMPANYX.COM\RPOWELL-MI-0260$ is invalid on this system [2005/05/25 09:30:23, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2005/05/25 09:30:23, 3] smbd/error.c:error_packet(118) error packet at smbd/sesssetup.c(249) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2005/05/25 09:31:23, 3] smbd/process.c:process_smb(890) Transaction 88 of length 1400 [2005/05/25 09:31:23, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 32088) [2005/05/25 09:31:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X(638) wct=12 flg2=0xc807 [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(518) Doing spnego session setup [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(549) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 2 840 48018 1 2 2 [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 2 840 113554 1 2 2 [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(430) Got secblob of size 1198 [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(179) Ticket name is [RPOWELL-MI-0260$@COMPANYX.COM] [2005/05/25 09:31:23, 3] smbd/sesssetup.c:reply_spnego_kerberos(236) Could not find short name -- winbind not running? [2005/05/25 09:31:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(245) Username COMPANYX.COM\RPOWELL-MI-0260$ is invalid on this system [2005/05/25 09:31:23, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2005/05/25 09:31:23, 3] smbd/error.c:error_packet(118) error packet at smbd/sesssetup.c(249) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE --end logfile --
Apparently Analagous Threads
- Session setup with machine account
- 3.0.2 works with kerberos 1.2.7 for a while, then stops
- Help: Failed to verify incoming ticket! revisited, problems with Samba/2003
- another one of those "cannot authenticate against AD" posts :(
- W2K, W2K Server and samba 3.0.1
Wisdom of the Ancients
