bdehn@oreillyauto.com
2008-Dec-22 21:25 UTC
[Samba] Authentication fails - 3.0.26a-0.9-1787-SUSE-SLES9
I recently brought up our fifth Samba domain member server with 3.0.26a-0.9-1787-SUSE-SLES9 against an NT4 domain on a new subnet. The subnet also has an NT4 BDC that is working correctly. Wbinfo and getent both work properly but users can not get to the [homes] service but can get to another share that is on the same system. If I setup a share definition in smb.conf for myself as a home share it fails with the same error. All of our other Samba servers are working correctly. When a connection is attempted they get the following: '/data2/home/OREILLY2/bdehn' does not exist or permission denied when connecting to [bdehn] Error was Permission denied. I turned up the log level (5) and see that winbind show's me authenticating correctly but still the Permission denied message. If I stop and restart windbind I see the following in log.winbind: rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine OREILLYTS6 pipe \lsarpc fnum 0x801! rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601) cli_pipe_validate_current_pdu: Bind NACK received from remote machine OREILLYTS6 pipe \samr fnum 0x802! rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2362) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED I have re-joined the domain several times and deleted all tdb's. Any help would be much appreciated! Bob Dehn
bdehn@oreillyauto.com
2008-Dec-23 19:11 UTC
[Samba] Re: Authentication fails - 3.0.26a-0.9-1787-SUSE-SLES9
> I recently brought up our fifth Samba domain member server with > 3.0.26a-0.9-1787-SUSE-SLES9 against an NT4 domain on a new subnet. The > subnet also has an NT4 BDC that is working correctly. Wbinfo and getent > both work properly but users can not get to the [homes] service but can > get to another share that is on the same system. If I setup a share > definition in smb.conf for myself as a home share it fails with the same> error. All of our other Samba servers are working correctly. When a > connection is attempted they get the following: > > '/data2/home/OREILLY2/bdehn' does not exist or permission denied when > connecting to [bdehn] Error was Permission denied. > > I turned up the log level (5) and see that winbind show's me > authenticating correctly but still the Permission denied message. If I > stop and restart windbind I see the following in log.winbind: > > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR> received from remote machine OREILLYTS6 pipe \lsarpc fnum 0x801! > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601) > cli_pipe_validate_current_pdu: Bind NACK received from remote machine > OREILLYTS6 pipe \samr fnum 0x802! > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2362) > cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed witherror> NT_STATUS_NETWORK_ACCESS_DENIED > > I have re-joined the domain several times and deleted all tdb's. > > Any help would be much appreciated! > > Bob DehnMore info... The [homes] section path had been defined as path = /data2/home/%D/%U/ which is identical to our other member servers. I changed the path statement to path = /data2/home/%U/ and moved the directories and it works fine. What could I have mis-configured that would cause the '%D' to not pickup the domain name? As I mentioned previously wbinfo and getent work great... Thanks in advance for any help! Bob Dehn