Daniel Spannbauer
2010-Feb-10 08:06 UTC
[Samba] Samba PDC: "not permitted to access this share"
Hello, I run Samba 3.0.23d on a Host with SuSE 10.2, configured as PDC with LDAP-Backend. This is working so far since some month. But one USer can't log in. Ith seems that samba does not have the permission to acces the netlogon-share, whre the profile from "Default User" is located. The folder is readable for everyone, so, I think that this is not the Problem. Here is the smb.conf: --------------------------------- [global] workgroup = MARCO netbios aliases = homedirs server string = b-fs passdb backend = ldapsam:"ldap://10.3.1.3" username map = /etc/samba/smb-user-map log level = 3 debug uid = Yes smb ports = 139 name resolve order = wins host bcast deadtime = 300 printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon script = logon.bat logon path = \\%L\%U\.ntprofile logon drive = H: logon home = \\%L\%U domain logons = Yes preferred master = Yes local master = No domain master = Yes wins server = gate kernel oplocks = No ldap admin dn = cn=Administrator,dc=marco,dc=de ldap group suffix = ou=group ldap machine suffix = ou=Computers ldap suffix = dc=marco,dc=de ldap ssl = no ldap user suffix = ou=people create mask = 0775 directory mask = 0775 hide files = /Desktop.ini/desktop.ini/ntuser.ini/NTUSER.*/tmp/RECYCLER/ map archive = No share modes = No delete readonly = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root, ds csc policy = disable ------------------------------------------------------------------- Here is a snipplet from the3 messages with loglevel 3: -------------------------------------------------------------------- [2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/service.c:make_connection_snum(950) b-xp (10.3.1.6) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 28180) [2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/10 08:53:39, 2, effective(0, 0), real(0, 0)] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/reply.c:reply_tcon_and_X(716) tconX service=IPC$ [2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/process.c:process_smb(1110) Transaction 105 of length 92 [2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 28180) conn 0x8049b160 [2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/process.c:process_smb(1110) Transaction 106 of length 74 [2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/process.c:switch_message(914) switch message SMBtconX (pid 28180) conn 0x0 [2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/10 08:53:39, 2, effective(0, 0), real(0, 0)] smbd/service.c:make_connection_snum(569) guest user (from session setup) not permitted to access this share (ds) [2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/process.c:process_smb(1110) Transaction 107 of length 43 [2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/process.c:switch_message(914) switch message SMBulogoffX (pid 28180) conn 0x0 [2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/reply.c:reply_ulogoffX(1618) ulogoffX vuid=105 [2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/process.c:process_smb(1110) Transaction 108 of length 39 [2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/process.c:switch_message(914) switch message SMBtdis (pid 28180) conn 0x804998f8 --------------------------------------------------------------------------- Here is a ll on /var/lib/samba: ------------------------------------------------------------------ -rw------- 1 root root 8192 Aug 10 2007 account_policy.tdb -rw-r--r-- 1 root root 40200 Feb 10 08:53 brlock.tdb -rw-r--r-- 1 root root 523 Feb 10 08:59 browse.dat -rw-r--r-- 1 root root 8192 Feb 10 08:53 connections.tdb drwxrwxr-x 9 root ntadmin 4096 Nov 17 2008 drivers -rw-r--r-- 1 root root 8192 Aug 6 2007 gencache.tdb -rw------- 1 root root 8192 Aug 10 2007 group_mapping.tdb -rw-r--r-- 1 root root 49152 Feb 10 09:03 locking.tdb -rw-r--r-- 1 root root 696 Jul 31 2009 login_cache.tdb -rw------- 1 root root 8192 Jan 27 15:21 messages.tdb drwxr-xr-x 3 root root 4096 Feb 5 13:55 netlogon -rw------- 1 root root 8192 Aug 10 2007 ntdrivers.tdb -rw------- 1 root root 696 Aug 10 2007 ntforms.tdb -rw------- 1 root root 16384 Feb 8 2008 ntprinters.tdb drwxr-xr-x 2 root root 4096 Aug 10 2007 perfmon drwxr-xr-x 2 root root 4096 Oct 30 12:15 printing drwxrwx--- 2 root users 4096 Nov 27 2006 profiles -rw------- 1 root root 16384 Aug 10 2007 registry.tdb -rw-r--r-- 1 root root 24576 Feb 10 08:53 sessionid.tdb -rw------- 1 root root 8192 Aug 10 2007 share_info.tdb -rw-r--r-- 1 root root 16384 Jan 28 03:02 unexpected.tdb drwxrwx--T 2 root users 4096 Jul 31 2009 usershares ---------------------------------------------------------------------- ll on /var/lib/samba/netlogon: --------------------------------------------------------------------- drwxrwxrwx+ 14 root root 4096 Nov 3 16:05 Default User -rw-r--r-- 1 root root 515 Dec 6 17:57 logon.bat -------------------------------------------------------------------- Can anybody help me to figure out why there is a "permission denied"? If you need more information, please let me know. Regards Daniel -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds at marco.de Gesch?ftsf?hrer Martin Reuter HRB 171775 Amtsgericht M?nchen