samba - Sep 2009 - not permitted to access this share

I've checked the wbinfo all returns as expected .

I've checked the user on the UNIX server can access the files and dir -
no problem.

I don't understand if SAMBA is actually try to map
FIRSTGROUP\admandymarr on to the share ?

If it is then it wont work, as the share only specifies the username not
the domain and username.

I'm not using PAM for these shares , is it needed ? Am I missing a trick
?

Anything would be a help

Regards
Andy





-----Original Message-----
From: Marr,A,Andy,DGE62 C 
Sent: 29 September 2009 11:01
To: samba at lists.samba.org
Subject: not permitted to access this share 

 
Hi all

I've a SAMBA 3.0.33 server running  on Solaris 10 sparc.

The server is joined  to a Windows ADS.

I'm getting the following error when trying to access the share as an AD
user from a windows machine.

[2009/09/29 10:48:05, 2] smbd/service.c:(616)
  user 'FIRSTGROUP\admandymarr' (from session setup) not permitted to
access thi s share (lsww)
[2009/09/29 10:48:05, 3] smbd/error.c:(106)
  error packet at smbd/reply.c(514) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
)

I setup a temp share with an empty valid users list , but I get the same
issue.

I'm not sure if the user should have the domain\user when trying to
access the share ? 

I'm so close :-)

Any pointers would be great ?

Smb.conf
[global]
        workgroup = FIRSTGROUP
        netbios name = FGUKSHPPAY001
        realm = FIRSTGROUP.COM
        preferred master = no
        server string =  DR Samba Server
        security = ADS
        encrypt passwords = yes
        allow trusted domains = yes
        log level = 5
        log file = /var/samba/log/log.%m
        max log size = 250
        printcap name = /dev/null
        load printers = no
        idmap uid = 62000-73000
        idmap gid = 6200-7300
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /export/home/%U
        template shell = /bin/bash
        password server = fgukcbpadc001.firstgroup.com

#============================ Share Definitions
=============================
[temp]
   comment = lsww
   path = /tmp
   valid users    public = yes
   browseable = yes
   read only = yes


[lsww]
   comment = lsww
   path = /mirror/livesww/list
   valid users = admandymarr
   public = yes
   browseable = yes
   read only = yes

Update if anyone's reading.

I've turn off winbind and removed winbind from nsswitch.conf on the
samba server.

I can now get a connection using smbclient on the samba server - using
the users AD password.
 /usr/sfw/bin/smbclient //fgukshppay001/lsww -U admandymarr
Password:
Domain=[FIRSTGROUP] OS=[Unix] Server=[Samba 3.0.33]
smb: \>


But I still cannot get a connection via the PC's in the domain.


P:\>net use *  \\FGUKSHPPAY001\LSWW
System error 64 has occurred.

The specified network name is no longer available.


P:\>

Any ideas ?





-----Original Message-----
From: Marr,A,Andy,DGE62 C 
Sent: 29 September 2009 14:38
To: samba at lists.samba.org
Cc: Marr,A,Andy,DGE62 C
Subject: RE: not permitted to access this share 

I've checked the wbinfo all returns as expected .

I've checked the user on the UNIX server can access the files and dir -
no problem.

I don't understand if SAMBA is actually try to map
FIRSTGROUP\admandymarr on to the share ?

If it is then it wont work, as the share only specifies the username not
the domain and username.

I'm not using PAM for these shares , is it needed ? Am I missing a trick
?

Anything would be a help

Regards
Andy





-----Original Message-----
From: Marr,A,Andy,DGE62 C
Sent: 29 September 2009 11:01
To: samba at lists.samba.org
Subject: not permitted to access this share 

 
Hi all

I've a SAMBA 3.0.33 server running  on Solaris 10 sparc.

The server is joined  to a Windows ADS.

I'm getting the following error when trying to access the share as an AD
user from a windows machine.

[2009/09/29 10:48:05, 2] smbd/service.c:(616)
  user 'FIRSTGROUP\admandymarr' (from session setup) not permitted to
access thi s share (lsww)
[2009/09/29 10:48:05, 3] smbd/error.c:(106)
  error packet at smbd/reply.c(514) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
)

I setup a temp share with an empty valid users list , but I get the same
issue.

I'm not sure if the user should have the domain\user when trying to
access the share ? 

I'm so close :-)

Any pointers would be great ?

Smb.conf
[global]
        workgroup = FIRSTGROUP
        netbios name = FGUKSHPPAY001
        realm = FIRSTGROUP.COM
        preferred master = no
        server string =  DR Samba Server
        security = ADS
        encrypt passwords = yes
        allow trusted domains = yes
        log level = 5
        log file = /var/samba/log/log.%m
        max log size = 250
        printcap name = /dev/null
        load printers = no
        idmap uid = 62000-73000
        idmap gid = 6200-7300
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /export/home/%U
        template shell = /bin/bash
        password server = fgukcbpadc001.firstgroup.com

#============================ Share Definitions
=============================
[temp]
   comment = lsww
   path = /tmp
   valid users    public = yes
   browseable = yes
   read only = yes


[lsww]
   comment = lsww
   path = /mirror/livesww/list
   valid users = admandymarr
   public = yes
   browseable = yes
   read only = yes