Hector Lopez
2005-Sep-01 22:50 UTC
[Samba] Access Denied using samba 3.0.4 and Solaris 5.10 i386
Access Denied using samba 3.0.4 and Solaris 5.10 i386 I have some samba machines running freebsd without problems, two running Solaris and one Win NT 4 server on the same LAN. The Solaris was done over two PC machines one a no brand Pentium III (only for testing) and Other a HP Proliant, for production. The server that has the problem is an HP Proliant ML110 G2 Tower P3.2Ghz Hot Plug SATA with RAID SATA controller and two *) GB SATA disks (The production one). The Operating system is a Solaris, SunOS, Release = 5.10, KernelID = Generic, Machine = i86pc. Samba 3.0.4 (The version that Solaris distributes in their software comanion cd). The clients are Windows 2000 and some win 95/98, all can logon to all servers. The win95/98 has not problems (We use some administrative software that run over DOS). All clients can use the samba shares, upload and download files, create directories, etc, not is a permanent problem. After a period of time "some" Win 2000 clients have problems using the shares at the HP server, the error message is Access Denied But there are two simtoms: 1) You see the shares, you see the disk (for example M:) but you can't see the content, the disk don't appear as disconnected. If you deletes the share (net use j:/delete) and reconnects if (net use j: \\server\share) the problem persists. 2) You can see and use the shares, you can access they using Windows, but not using DOS. It gives an "Access denied Error". The only way to fix the situation is closing the current session and open a new one. Then you can access the shares without problems. I detect that all windows 2000 machines logs first as the username/password scheme, then after a period of time changes to the guest account. I change the default autodisconnect time for windows 2000 clients from 10 minutes to 10 hours with (net config server /autodisconnect:600), this not fix the problem. Anybody has an idea about how to fix this problem ? Please take in care that is not the first time that I use samba, and I search the web and this list for a solution before post this note. Very thanks In Advance!! PD, Samba Configuration and log files. # Samba config file created using SWAT # from 10.0.0.10 (10.0.0.10) # Date: 2005/08/30 15:37:38 # Global parameters [global] workgroup = SAMBA netbios name = SAMBA netbios aliases = SAMBA server string = Server interfaces = 127.0.0.1/32, 192.168.32.1/24 bind interfaces only = Yes min passwd length = 6 guest account = validguest passwd program = /usr/bin/passwd log file = /var/log/samba/log.%U max log size = 50 time server = Yes socket options = SO_KEEPALIVE SO_BROADCAST TCP_NODELAY SO_RCVBUF=4096 SO_SNDBUF=4096 load printers = No logon script = %U.bat logon path = \\%N\Profiles\%U domain logons = Yes os level = 65 preferred master = Yes ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/sh winbind cache time = 10 valid users = @staff admin users = root read list = @staff write list = @staff printer admin = @staff create mask = 0764 security mask = 0775 hosts allow = 127., 192.168. [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon browseable = No locking = No [profiles] comment = User's Profiles path = /usr/local/samba/profiles read only = No browseable = No [data] comment = datos path = /export/home/data read list = read only = No create mask = 0664 directory mask = 0775 Username = lionel User log log.lionel [2005/08/22 13:43:55, 1] smbd/service.c:(619) pclionel (10.0.0.10) connect to service data initially as user lionel (uid=0, gid=10) (pid 956) [2005/08/22 13:44:36, 1] auth/auth_util.c:(822) User noacces in passdb, but getpwnam() fails! [2005/08/22 13:44:36, 1] smbd/service.c:(619) pclionel (10.0.0.10) connect to service data initially as user lionel (uid=0, gid=10) (pid 956) [2005/08/22 13:47:53, 1] auth/auth_util.c:(822) User noacces in passdb, but getpwnam() fails! [2005/08/22 13:58:20, 1] smbd/service.c:(801) pclionel (10.0.0.10) closed connection to service data After creating a valid Guest account validguest (I add some lines, not the full log) : [2005/08/29 17:48:20, 10] lib/username.c:(530) user_in_list: checking user |lionel| against |@staff| ======================= [2005/08/29 17:48:20, 6] param/loadparm.c:(2665) lp_file_list_changed() file /etc/sfw/smb.conf -> /etc/sfw/smb.conf last mod_time: Mon Aug 29 17:28:09 2005 [2005/08/29 17:48:20, 10] lib/username.c:(526) user_in_list: checking user lionel in list [2005/08/29 17:48:20, 10] lib/username.c:(530) user_in_list: checking user |lionel| against |@staff| [2005/08/29 17:48:20, 5] lib/username.c:(315) Unable to get default yp domain [2005/08/29 17:48:20, 5] lib/username.c:(293) Finding user lionel [2005/08/29 17:48:20, 5] lib/username.c:(223) Trying _Get_Pwnam(), username as lowercase is lionel [2005/08/29 17:48:20, 5] lib/username.c:(251) Get_Pwnam_internals did find user [lionel]! [2005/08/29 17:48:20, 5] auth/auth_util.c:(505) UNIX token of user 102 Primary group is 10 and contains 2 supplementary groups Group[ 0]: 10 Group[ 1]: 100 [2005/08/29 17:48:20, 5] smbd/uid.c:(267) change_to_user uid=(0,102) gid=(0,10) [2005/08/29 17:48:20, 1] smbd/service.c:(619) pc-lionel (10.0.0.10) connect to service datos initially as user lionel (uid=102, gid=10) (pid 4090) [2005/08/29 17:48:21, 3] smbd/sesssetup.c:(529) Doing spnego session setup [2005/08/29 17:48:21, 3] smbd/sesssetup.c:(560) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/08/29 17:48:21, 3] libsmb/ntlmssp.c:(615) Got user=[] domain=[] workstation=[PC-LIONEL] len1=1 len2=0 [2005/08/29 17:48:21, 6] param/loadparm.c:(2665) lp_file_list_changed() file /etc/sfw/smb.conf -> /etc/sfw/smb.conf last mod_time: Mon Aug 29 17:28:09 2005 [2005/08/29 17:48:21, 5] auth/auth_util.c:(225) make_user_info_map: Mapping user []\[] from workstation [PC-LIONEL] [2005/08/29 17:48:21, 3] auth/auth.c:(219) check_ntlm_password: Checking password for unmapped user []\[]@[PC-LIONEL] with the new password interface [2005/08/29 17:48:21, 3] auth/auth.c:(222) check_ntlm_password: mapped user is: [PHTEST]\[]@[PC-LIONEL] [2005/08/29 17:48:21, 10] auth/auth.c:(231) check_ntlm_password: auth_context challenge created by random [2005/08/29 17:48:21, 10] auth/auth.c:(233) challenge is: