Update if anyone's reading.
I've turn off winbind and removed winbind from nsswitch.conf on the
samba server.
I can now get a connection using smbclient on the samba server - using
the users AD password.
/usr/sfw/bin/smbclient //fgukshppay001/lsww -U admandymarr
Password:
Domain=[FIRSTGROUP] OS=[Unix] Server=[Samba 3.0.33]
smb: \>
But I still cannot get a connection via the PC's in the domain.
P:\>net use * \\FGUKSHPPAY001\LSWW
System error 64 has occurred.
The specified network name is no longer available.
P:\>
Any ideas ?
-----Original Message-----
From: Marr,A,Andy,DGE62 C
Sent: 29 September 2009 14:38
To: samba at lists.samba.org
Cc: Marr,A,Andy,DGE62 C
Subject: RE: not permitted to access this share
I've checked the wbinfo all returns as expected .
I've checked the user on the UNIX server can access the files and dir -
no problem.
I don't understand if SAMBA is actually try to map
FIRSTGROUP\admandymarr on to the share ?
If it is then it wont work, as the share only specifies the username not
the domain and username.
I'm not using PAM for these shares , is it needed ? Am I missing a trick
?
Anything would be a help
Regards
Andy
-----Original Message-----
From: Marr,A,Andy,DGE62 C
Sent: 29 September 2009 11:01
To: samba at lists.samba.org
Subject: not permitted to access this share
Hi all
I've a SAMBA 3.0.33 server running on Solaris 10 sparc.
The server is joined to a Windows ADS.
I'm getting the following error when trying to access the share as an AD
user from a windows machine.
[2009/09/29 10:48:05, 2] smbd/service.c:(616)
user 'FIRSTGROUP\admandymarr' (from session setup) not permitted to
access thi s share (lsww)
[2009/09/29 10:48:05, 3] smbd/error.c:(106)
error packet at smbd/reply.c(514) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
)
I setup a temp share with an empty valid users list , but I get the same
issue.
I'm not sure if the user should have the domain\user when trying to
access the share ?
I'm so close :-)
Any pointers would be great ?
Smb.conf
[global]
workgroup = FIRSTGROUP
netbios name = FGUKSHPPAY001
realm = FIRSTGROUP.COM
preferred master = no
server string = DR Samba Server
security = ADS
encrypt passwords = yes
allow trusted domains = yes
log level = 5
log file = /var/samba/log/log.%m
max log size = 250
printcap name = /dev/null
load printers = no
idmap uid = 62000-73000
idmap gid = 6200-7300
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
template homedir = /export/home/%U
template shell = /bin/bash
password server = fgukcbpadc001.firstgroup.com
#============================ Share Definitions
=============================
[temp]
comment = lsww
path = /tmp
valid users public = yes
browseable = yes
read only = yes
[lsww]
comment = lsww
path = /mirror/livesww/list
valid users = admandymarr
public = yes
browseable = yes
read only = yes