Andrew Boling
2006-Apr-06 16:54 UTC
[Samba] smbclient can't write to windows share with domain account
Samba version: 3.0.22 netbios for my PC: abolingbox netbios for my colinux sandbox, running on the same PC: fileserver2 domain: USWA2 I have a colinux sandbox on my PC (Win XP Professional) which I'm using as a domain controller. This lets me test my PDC configuration without putting it live in our production environment. I've successfully ported our old smbpasswd database to pdbsam and created group mappings for Domain Admins, Domain Users, and Domain Guests. I've created a share on abolingbox called "stuff". On this share, I've assigned full control to the user "USWA2\llarue". This user can only access the share if the proper domain password is provided, which tells me that the domain authentication is working to some extent. However, if I attempt to upload a file, I receive a "NT_STATUS_ACCESS_DENIED" message. Does anyone have a suggestion as to what is going on? The "USWA2\llarue" user has been granted "Allow" for every single privilege in the Security tab of the shared folder, Windows-side. It would be helpful if I knew a registry setting to make the "NT_STATUS_ACCESS_DENIED" event generate an error in my event log that provided a more detailed explanation of what is going on. Sample session from "fileserver" to "abolingbox": colinux samba # bin/smbclient //abolingbox/stuff -U llarue -W USWA2 Password: Domain=[USWA2] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] smb: \> ls . D 0 Thu Apr 6 16:05:04 2006 .. D 0 Thu Apr 6 16:05:04 2006 test1.txt A 0 Thu Apr 6 14:59:16 2006 47692 blocks of size 2097152. 41547 blocks available smb: \> put test2.txt NT_STATUS_ACCESS_DENIED opening remote file \test2.txt smb: \> Sample showing what happens if I provide an invalid password: colinux samba # bin/smbclient //abolingbox/stuff -U llarue -W USWA2 Password: session setup failed: NT_STATUS_LOGON_FAILURE Proof that llarue is a valid user: colinux samba # grep llarue /etc/passwd llarue:x:568:585:USWA User:/home/llarue:/dev/null colinux samba # bin/pdbedit llarue llarue:568:USWA User global config: [global] netbios name = FILESERVER2 workgroup = USWA2 os level = 64 preferred master = yes domain master = yes local master = yes time server = yes security = user encrypt passwords = yes server string = Samba %v on %L %h admin users = @ntadmin #domain admin group = @ntadmin add user script = /usr/sbin/useradd -m '%u' -g 502 -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -A '%g' '%u' delete user from group script = /usr/sbin/usermod -R '%g' set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' logon script = login.bat logon path = \\%L\profiles\%a\%U logon drive = z: logon home = \\%L\%U domain logons = yes unix password sync = yes passdb backend = tdbsam #username map = /usr/local/samba/etc/smbusers enable privileges = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*Unix*password* %n\n*Retype*New*Unix*password*%n\n*passwd:*all*authentication*tokens*updated*successfully* hide dot files = yes hosts allow = 192.168.135. 192.168.142. 127. log level = 2 log file = /var/log/samba/%m.log max log size = 2000 debug timestamp = yes syslog = 1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 time server = yes wins support = yes Thanks, Andrew