Help,
???? I have set up?RHEL5 to authenticate against Windows Server 2003 R2 Active
Directory using ldap/kerberos.?? Everything works fine except that I cannot map
a drive from Windows machines to the shares I have set up in Samba on the linux
machine.??? I can log into Linux using accounts in AD, and running smbclient
\\\\linuxserver\\sambashare works fine on the linux box using account
information from AD.??? Kinit returns a ticket successfully.?? "wbinfo
-u" successfully returns a list of users in AD, and "wbinfo -g"
successfully returns a list of groups from AD.?? "getent passwd
username" successfully returns information from AD.??? But if I go to a
Windows machine and map a network drive, it returns the error "The network
connection is longer available".???????
My smb.conf is as follows:?? I have also tried it without the socket options
line.
[global]
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384????
workgroup = phx
password server = phxwn01
realm = PHX.ENG
security = ads
idmap backend = ad
template shell = /bin/tcsh
winbind use default domain = false
winbind offline logon = false
[vobstore]
comment = PHX Vob storage
path = /vobstore
writeable = yes
browseable = yes
guest ok = yes
?
In smbd debug mode 5, the latter part of the log.smbd file shows the following
when trying to connect from the Windows machine.?? It seems to find the account
from AD fine and grant access, but unexpectedly closes the connection for some
reason.
?[2008/12/04 09:48:04, 5] smbd/connection.c:claim_connection(142)
claiming [vobstore]
[2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(249)
[2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2693496084-966658720-213559819-1120
se_access_check: also S-1-5-21-2693496084-966658720-213559819-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2693496084-966658720-213559819-518
se_access_check: also S-1-5-21-2693496084-966658720-213559819-512
se_access_check: also S-1-5-21-2693496084-966658720-213559819-519
[2008/12/04 09:48:04, 5] lib/util_seaccess.c:se_access_check(310)
se_access_check: access (2) granted..
[2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(249)
[2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2693496084-966658720-213559819-1120
se_access_check: also S-1-5-21-2693496084-966658720-213559819-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2693496084-966658720-213559819-518
se_access_check: also S-1-5-21-2693496084-966658720-213559819-512
se_access_check: also S-1-5-21-2693496084-966658720-213559819-519
[2008/12/04 09:48:04, 5] lib/util_seaccess.c:se_access_check(310)
se_access_check: access (2) granted.
[2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (10000, 4) - sec_ctx_stack_ndx = 0
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(470)
NT user token of user S-1-5-21-2693496084-966658720-213559819-1120
contains 8 SIDs
SID[ 0]: S-1-5-21-2693496084-966658720-213559819-1120
SID[ 1]: S-1-5-21-2693496084-966658720-213559819-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-21-2693496084-966658720-213559819-518
SID[ 6]: S-1-5-21-2693496084-966658720-213559819-512
SID[ 7]: S-1-5-21-2693496084-966658720-213559819-519
SE_PRIV 0x0 0x0 0x0 0x0
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490)
UNIX token of user 10000
Primary group is 4 and contains 1 supplementary groups
Group[ 0]: 10002
[2008/12/04 09:48:04, 5] smbd/uid.c:change_to_user(272)
change_to_user uid=(0,10000) gid=(0,4)
[2008/12/04 09:48:04, 1] smbd/service.c:make_connection_snum(1190)
phxwn01 (::ffff:192.168.50.20) connect to service vobstore initially as user
p53044 (uid=10000, gid=4) (pid 6819)
[2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464)
NT user token: (NULL)
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/12/04 09:48:04, 3] smbd/reply.c:reply_tcon_and_X(727)
tconX service=VOBSTORE
[2008/12/04 09:48:04, 5] lib/util.c:show_msg(642)
[2008/12/04 09:48:04, 5] lib/util.c:show_msg(652)
size=62
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=101
smb_mid=256
smt_wct=7
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 1 (0x1)
smb_vwv[ 3]= 511 (0x1FF)
smb_vwv[ 4]= 31 (0x1F)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_bcc=13
[2008/12/04 09:48:04, 0] lib/util_sock.c:read_socket_with_timeout(939)
[2008/12/04 09:48:04, 0] lib/util_sock.c:get_peer_addr_internal(1607)
getpeername failed. Error was Transport endpoint is not connected
read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
[2008/12/04 09:48:04, 3] smbd/process.c:smbd_process(2035)
receive_message_or_smb failed: NT_STATUS_ACCESS_DENIED, exiting
[2008/12/04 09:48:04, 5] lib/gencache.c:gencache_shutdown(93)
Closing cache file
[2008/12/04 09:48:04, 5] libsmb/namecache.c:namecache_shutdown(81)
namecache_shutdown: netbios namecache closed successfully.
[2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464)
NT user token: (NULL)
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/12/04 09:48:04, 4] smbd/vfs.c:vfs_ChDir(733)
vfs_ChDir to /vobstore
[2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464)
NT user token: (NULL)
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/12/04 09:48:04, 1] smbd/service.c:close_cnum(1401)
phxwn01 (::ffff:192.168.50.20) closed connection to service vobstore
[2008/12/04 09:48:04, 3] smbd/connection.c:yield_connection(31)
Yielding connection to vobstore
[2008/12/04 09:48:04, 4] smbd/vfs.c:vfs_ChDir(733)
vfs_ChDir to /
[2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464)
NT user token: (NULL)
[2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/12/04 09:48:04, 3] smbd/connection.c:yield_connection(31)
Yielding connection to
[2008/12/04 09:48:04, 3] smbd/server.c:exit_server_common(945)
Server exit (normal exit)