Hi all,
my samba server has security set to user, and it works for each share I
specify a valid users list. However, the following public share does not
work:
[PUB_SMB]
comment = Cartella pubblica (Mac e PC) - Non viene fatto il
backup
path = /mnt/samba/pub_smb
browsable = yes
available = yes
writable = yes
printable = no
force group = pub
guest ok = yes
public = yes
I found in the logs that
make_connection: connection to PUB_SMB denied due to security descriptor.
If I connect to the share authenticating as a user I can log-in, but as a
guest no. I've tried to delete the file /var/lib/samba/share_info.tbd, but
once I try to reconnect the file appears again, and even when the file is
absent I cannot connect to the share.
Any idea?
Thanks,
Luca
you will need to show us your entire config, not just the share do you have a map to guest line? does your guest user exist? *Michael Heydon - IT Administrator * michaelh@jaswin.com.au <mailto:michaelh@jaswin.com.au> Luca Ferrari wrote:> Hi all, > my samba server has security set to user, and it works for each share I > specify a valid users list. However, the following public share does not > work: > > [PUB_SMB] > comment = Cartella pubblica (Mac e PC) - Non viene fatto il > backup > path = /mnt/samba/pub_smb > browsable = yes > available = yes > writable = yes > printable = no > force group = pub > guest ok = yes > public = yes > > I found in the logs that > make_connection: connection to PUB_SMB denied due to security descriptor. > > If I connect to the share authenticating as a user I can log-in, but as a > guest no. I've tried to delete the file /var/lib/samba/share_info.tbd, but > once I try to reconnect the file appears again, and even when the file is > absent I cannot connect to the share. > > Any idea? > > Thanks, > Luca >
On Wednesday 9 April 2008 your cat, walking on the keyboard, wrote:> you will need to show us your entire config, not just the share > > do you have a map to guest line? does your guest user exist? >[global] netbios name = SEDELDAP workgroup = LDAP security = user passdb backend = ldapsam:ldap://localhost/ obey pam restrictions = no ldap admin dn = cn=admin,dc=MyHost,dc=com ldap suffix = dc=MyHost,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = off domain logons = yes follow symlinks = yes wide links = yes unix extensions = no map to guest = Bad User guest account = guest.samba [PUB_SMB] comment = Cartella pubblica (Mac e PC) - Non viene fatto il backup path = /mnt/samba/pub_smb browsable = yes available = yes writable = yes printable = no force group = pub public = yes guest ok = yes Please note that the user guest.samba belongs to the pub group, the permissions are right: # id guest.samba uid=1035(guest.samba) gid=513(Domain Users) groups=513(Domain Users),1002 (sassuolo),1050(pub) # ls -ld /mnt/samba/pub_smb/ drwxrwxrwx 114 guest.samba pub 4096 2008-04-08 21:50 /mnt/samba/pub_smb/ However, if I try to log in specifying the guest.samba account, then I succeed, but if I try to login without specifying a username, then I got a NT_STATUS_ACCESS_DENIED. smbclient //sedeldap/pub_smb WARNING: The "printer admin" option is deprecated Password: Domain=[LDAP] OS=[Unix] Server=[Samba 3.0.26a] tree connect failed: NT_STATUS_ACCESS_DENIED and if I try to login as guest.samba (or another registered user) I got access to the share. Any idea? Thanks, Luca
Luca Ferrari wrote:> On Wednesday 9 April 2008 your cat, walking on the keyboard, wrote: > >> you will need to show us your entire config, not just the share >> >> do you have a map to guest line? does your guest user exist? >> >> > <snip> >Your config looks reasonable to me...> However, if I try to log in specifying the guest.samba account, then I > succeed, but if I try to login without specifying a username, then I got a > NT_STATUS_ACCESS_DENIED. > > smbclient //sedeldap/pub_smb > WARNING: The "printer admin" option is deprecated > Password: > Domain=[LDAP] OS=[Unix] Server=[Samba 3.0.26a] > tree connect failed: NT_STATUS_ACCESS_DENIED >SMB connections always have a username (when using user level security). Is there a user called "guest" on the server? Is $USER set on the client machine? What happens if you do a: smbclient //sedeldap/pub_smb -U SomeNameThatDefinitelyDoesntExist> and if I try to login as guest.samba (or another registered user) I got access > to the share. > > Any idea? > > > Thanks, > Luca >