Hey Jeremy, Thanks for the advice. I followed your suggestion collected the logged information for a single connection attempt (i.e. smbclient //servername/sharename -U username); I've included the log data below (in the postscript). It looks like Samba is still looking for a Unix user account and not finding one. I should mention that it seems that I am able to authenticate as the user; the following command executes properly, for example: smbclient -L //servername -U username So I'm guessing that problem is that the user doesn't have permission to access the shares they're trying to access. However, my (extremely limited) understanding is that Samba inherits permissions from the host Linux system, and in this case the corresponding Linux user is a member of the appropriate group for each corresponding share. Any further thoughts would be greatly appreciated. Thanks again! Cheers, Itamar Here's the log data: [2015/04/18 13:41:26.261983, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [Sharename]\[username]@[Server] with the new password interface [2015/04/18 13:41:26.262024, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [Sharename]\[username]@[Server] [2015/04/18 13:41:26.275787, 3] lib/smbldap.c:803(smb_ldap_start_tls) StartTLS issued: using a TLS connection [2015/04/18 13:41:26.275830, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2015/04/18 13:41:26.277053, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2015/04/18 13:41:26.277795, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: username [2015/04/18 13:41:26.279734, 0] passdb/lookup_sid.c:1684(get_primary_group_sid) Failed to find a Unix account for username User username in passdb, but getpwnam() fails! [2015/04/18 13:41:26.279895, 0] auth/check_samsec.c:492(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2015/04/18 13:41:26.279929, 3] auth/auth_winbind.c:60(check_winbind_security) check_winbind_security: Not using winbind, requested domain [Sharename] was for this SAM. [2015/04/18 13:41:26.279954, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [username] -> [username] FAILED with error NT_STATUS_NO_SUCH_USER [2015/04/18 13:41:26.279981, 3] smbd/sesssetup.c:63(do_map_to_guest) No such user username [Sharename] - using guest account [2015/04/18 13:41:26.280011, 3] smbd/password.c:297(register_existing_vuid) register_existing_vuid: User name: nobody Real name: (null) [2015/04/18 13:41:26.280039, 3] smbd/password.c:307(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2015/04/18 13:41:26.280327, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 116 (0 toread) [2015/04/18 13:41:26.280396, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 32646) conn 0x0 [2015/04/18 13:41:26.280443, 3] lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2015/04/18 13:41:26.280481, 3] smbd/service.c:837(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2015/04/18 13:41:26.280531, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2015/04/18 13:41:26.280562, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2015/04/18 13:41:26.280630, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID ig3223 is not in a valid format [2015/04/18 13:41:26.281305, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: ig3223 [2015/04/18 13:41:26.282110, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1080 [2015/04/18 13:41:26.283328, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1080 [2015/04/18 13:41:26.283448, 3] smbd/service.c:1081(make_connection_snum) Server (127.0.0.1) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 32646) [2015/04/18 13:41:26.283485, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2015/04/18 13:41:26.283699, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 136 (0 toread) [2015/04/18 13:41:26.283769, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 32646) conn 0x7f0404cc8590 [2015/04/18 13:41:26.283836, 3] smbd/msdfs.c:891(get_referred_path) get_referred_path: |Sharename| in dfs path \Server.hosturl\Sharename is not a dfs root. [2015/04/18 13:41:26.283867, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(8345) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [2015/04/18 13:41:26.284057, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 39 (0 toread) [2015/04/18 13:41:26.284127, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 32646) conn 0x7f0404cc8590 [2015/04/18 13:41:26.284182, 3] smbd/service.c:1345(close_cnum) Server (127.0.0.1) closed connection to service IPC$ [2015/04/18 13:41:26.284211, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2015/04/18 13:41:26.284347, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 116 (0 toread) [2015/04/18 13:41:26.284381, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 32646) conn 0x0 [2015/04/18 13:41:26.284417, 3] lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2015/04/18 13:41:26.284446, 2] smbd/service.c:616(create_connection_session_info) guest user (from session setup) not permitted to access this share (Sharename) [2015/04/18 13:41:26.284471, 1] smbd/service.c:770(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2015/04/18 13:41:26.284496, 3] smbd/error.c:81(error_packet_set) error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2015/04/18 13:41:26.284777, 3] smbd/server_exit.c:180(exit_server_common) Server exit (failed to receive smb request) On Fri, Apr 17, 2015 at 4:29 PM, Jeremy Allison <jra at samba.org> wrote:> On Fri, Apr 17, 2015 at 03:15:48PM -0500, Itamar Gal wrote: > > Hey Samba list, > > Home Directory: \\files\userid > > Profile Path: \\files\userid \profile > > > > 3. I reset the user's password: > > > > echo -e "password\npassword\n" | passwordsudo smbpasswd -s > > > > Then I tried to connect to the Samba server as the user: > > > > smbclient //fileserver/domain -U userid > > > > Unfortunately I was unable to authenticate; I get the following error > > message: > > > > Domain=[domain] OS=[Unix] Server=[Samba 3.6.3] > > tree connect failed: NT_STATUS_ACCESS_DENIED > > > > 4. I checked to see if there was in fact a Unix account for the user, and > > there wasn't, so I added one, and set the UNIX password to match the > > password set with smbpasswd. Then I tried again to connect to the Samba > > server, but was still unable to connect. > > > > Can anyone shed any light on this? Help! > > Set the log level in smbd to 10, then take a look > at the logs produced when smbclient tries to connect. > > Here's how I set that up in smb.conf: > > log file = /usr/local/samba/var/log.%m > max log size = 0 > log level = 10 > > That will be the quickest way to track down the problem. > > Jeremy. >
On 18/04/15 15:06, Itamar Gal wrote:> Hey Jeremy, > > Thanks for the advice. I followed your suggestion collected the logged > information for a single connection attempt (i.e. smbclient > //servername/sharename -U username); I've included the log data below (in > the postscript). It looks like Samba is still looking for a Unix user > account and not finding one. I should mention that it seems that I am able > to authenticate as the user; the following command executes properly, for > example: > > smbclient -L //servername -U username > > So I'm guessing that problem is that the user doesn't have permission to > access the shares they're trying to access. However, my (extremely limited) > understanding is that Samba inherits permissions from the host Linux > system, and in this case the corresponding Linux user is a member of the > appropriate group for each corresponding share. Any further thoughts would > be greatly appreciated. Thanks again! > > Cheers, > Itamar > > Here's the log data: > > [2015/04/18 13:41:26.261983, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user > [Sharename]\[username]@[Server] with the new password interface > [2015/04/18 13:41:26.262024, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: [Sharename]\[username]@[Server] > [2015/04/18 13:41:26.275787, 3] lib/smbldap.c:803(smb_ldap_start_tls) > StartTLS issued: using a TLS connection > [2015/04/18 13:41:26.275830, 2] lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened > [2015/04/18 13:41:26.277053, 3] lib/smbldap.c:1240(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > [2015/04/18 13:41:26.277795, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: username > [2015/04/18 13:41:26.279734, 0] > passdb/lookup_sid.c:1684(get_primary_group_sid) > Failed to find a Unix account for username User username in passdb, but > getpwnam() fails! > [2015/04/18 13:41:26.279895, 0] auth/check_samsec.c:492(check_sam_security) > check_sam_security: make_server_info_sam() failed with > 'NT_STATUS_NO_SUCH_USER' > [2015/04/18 13:41:26.279929, 3] > auth/auth_winbind.c:60(check_winbind_security) > check_winbind_security: Not using winbind, requested domain [Sharename] > was for this SAM. > [2015/04/18 13:41:26.279954, 2] auth/auth.c:319(check_ntlm_password) > check_ntlm_password: Authentication for user [username] -> [username] > FAILED with error NT_STATUS_NO_SUCH_USER > [2015/04/18 13:41:26.279981, 3] smbd/sesssetup.c:63(do_map_to_guest) > No such user username [Sharename] - using guest account > [2015/04/18 13:41:26.280011, 3] smbd/password.c:297(register_existing_vuid) > register_existing_vuid: User name: nobody Real name: (null) > [2015/04/18 13:41:26.280039, 3] smbd/password.c:307(register_existing_vuid) > register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be > vuid 100 > [2015/04/18 13:41:26.280327, 3] smbd/process.c:1662(process_smb) > Transaction 3 of length 116 (0 toread) > [2015/04/18 13:41:26.280396, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 32646) conn 0x0 > [2015/04/18 13:41:26.280443, 3] lib/access.c:338(allow_access) > Allowed connection from 127.0.0.1 (127.0.0.1) > [2015/04/18 13:41:26.280481, 3] smbd/service.c:837(make_connection_snum) > Connect path is '/tmp' for service [IPC$] > [2015/04/18 13:41:26.280531, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks > [2015/04/18 13:41:26.280562, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > [2015/04/18 13:41:26.280630, 3] > ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID ig3223 is not in a valid format > [2015/04/18 13:41:26.281305, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: ig3223 > [2015/04/18 13:41:26.282110, 2] > passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 1080 > [2015/04/18 13:41:26.283328, 2] > passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 1080 > [2015/04/18 13:41:26.283448, 3] smbd/service.c:1081(make_connection_snum) > Server (127.0.0.1) connect to service IPC$ initially as user nobody > (uid=65534, gid=65534) (pid 32646) > [2015/04/18 13:41:26.283485, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ > [2015/04/18 13:41:26.283699, 3] smbd/process.c:1662(process_smb) > Transaction 4 of length 136 (0 toread) > [2015/04/18 13:41:26.283769, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 32646) conn 0x7f0404cc8590 > [2015/04/18 13:41:26.283836, 3] smbd/msdfs.c:891(get_referred_path) > get_referred_path: |Sharename| in dfs path \Server.hosturl\Sharename is > not a dfs root. > [2015/04/18 13:41:26.283867, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/trans2.c(8345) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND > [2015/04/18 13:41:26.284057, 3] smbd/process.c:1662(process_smb) > Transaction 5 of length 39 (0 toread) > [2015/04/18 13:41:26.284127, 3] smbd/process.c:1467(switch_message) > switch message SMBtdis (pid 32646) conn 0x7f0404cc8590 > [2015/04/18 13:41:26.284182, 3] smbd/service.c:1345(close_cnum) > Server (127.0.0.1) closed connection to service IPC$ > [2015/04/18 13:41:26.284211, 3] smbd/connection.c:35(yield_connection) > Yielding connection to IPC$ > [2015/04/18 13:41:26.284347, 3] smbd/process.c:1662(process_smb) > Transaction 6 of length 116 (0 toread) > [2015/04/18 13:41:26.284381, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 32646) conn 0x0 > [2015/04/18 13:41:26.284417, 3] lib/access.c:338(allow_access) > Allowed connection from 127.0.0.1 (127.0.0.1) > [2015/04/18 13:41:26.284446, 2] > smbd/service.c:616(create_connection_session_info) > guest user (from session setup) not permitted to access this share > (Sharename) > [2015/04/18 13:41:26.284471, 1] smbd/service.c:770(make_connection_snum) > create_connection_session_info failed: NT_STATUS_ACCESS_DENIED > [2015/04/18 13:41:26.284496, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/reply.c(803) cmd=117 (SMBtconX) > NT_STATUS_ACCESS_DENIED > [2015/04/18 13:41:26.284777, 3] smbd/server_exit.c:180(exit_server_common) > Server exit (failed to receive smb request) > > > On Fri, Apr 17, 2015 at 4:29 PM, Jeremy Allison <jra at samba.org> wrote: > >> On Fri, Apr 17, 2015 at 03:15:48PM -0500, Itamar Gal wrote: >>> Hey Samba list, >>> Home Directory: \\files\userid >>> Profile Path: \\files\userid \profile >>> >>> 3. I reset the user's password: >>> >>> echo -e "password\npassword\n" | passwordsudo smbpasswd -s >>> >>> Then I tried to connect to the Samba server as the user: >>> >>> smbclient //fileserver/domain -U userid >>> >>> Unfortunately I was unable to authenticate; I get the following error >>> message: >>> >>> Domain=[domain] OS=[Unix] Server=[Samba 3.6.3] >>> tree connect failed: NT_STATUS_ACCESS_DENIED >>> >>> 4. I checked to see if there was in fact a Unix account for the user, and >>> there wasn't, so I added one, and set the UNIX password to match the >>> password set with smbpasswd. Then I tried again to connect to the Samba >>> server, but was still unable to connect. >>> >>> Can anyone shed any light on this? Help! >> Set the log level in smbd to 10, then take a look >> at the logs produced when smbclient tries to connect. >> >> Here's how I set that up in smb.conf: >> >> log file = /usr/local/samba/var/log.%m >> max log size = 0 >> log level = 10 >> >> That will be the quickest way to track down the problem. >> >> Jeremy. >>It does look like your user is unknown to samba, it might help if you posted the smb.conf, what OS you are using etc Rowland
Hey Rowland, Thanks for the advice. The host is running Ubuntu 12.04 and I've included the smb.conf below (reverted it to its "original" state prior to following Jeremy's advice). I don't suppose you know why the user is able obtain a list of Samba services (i.e. smbclient -L host -U user) if they aren't known to Samba? I find that confusing. - Itamar #======================= Global Settings ====================== [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = UserGroup # server string is the equivalent of the NT Description field server string = %h server (Samba, Ubuntu) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = yes # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast #### Networking #### # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes #### Debugging/Accounting #### # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Cap the size of the individual log files (in KiB). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. # syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ####### Authentication ####### # "security = user" is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html # in the samba-doc package for details. security = user # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true passdb backend = ldapsam:"ldap://hosturl" admin users = adminuser ldap suffix = o=org ldap ssl = start tls ldap admin dn="cn=admin,o=org" ldap delete dn = no ldap user suffix = ou=people ldap group suffix = ou=group obey pam restrictions = no unix password sync = no map to guest = bad user ########## Domains ########### domain logons = yes domain master = yes preferred master = yes usershare allow guests = no guest account = nobody logon home = \\%N\%U logon path = \\%N\%U\profile log level = 3 log file = /var/log/samba/%U.log max log size = 50 template shell = /bin/bash [homes] comment = Home Directories browseable = no writeable = yes guest ok = no create mask = 0700 directory mask = 0700 root preexec = /usr/local/sbin/mkhomedir.sh %U [groups] comment = group shares browseable = yes writeable = yes path = /export/groups guest ok = no create mask = 0664 directory mask = 2775 inherit owner = no inherit permissions = yes [UserGroup] comment = files for UserGroup group browseable = yes writeable = yes path = /export/groups/UserGroup guest ok = no create mask = 0664 directory mask = 2775 inherit owner = yes inherit permissions = yes directory mask = 2775 force directory mode = 2775 directory security mask = 2775 force directory security mode = 2775 force group = +UserGroup [AdminGroup] comment = files for admingroup group browseable = yes writeable = yes path = /export/groups/AdminGroup guest ok = no create mask = 0664 directory mask = 2775 inherit owner = yes inherit permissions = yes directory mask = 2775 force directory mode = 2775 directory security mask = 2775 force directory security mode = 2775 force group = +admingroup On Sat, Apr 18, 2015 at 9:16 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> On 18/04/15 15:06, Itamar Gal wrote: > >> Hey Jeremy, >> >> Thanks for the advice. I followed your suggestion collected the logged >> information for a single connection attempt (i.e. smbclient >> //servername/sharename -U username); I've included the log data below (in >> the postscript). It looks like Samba is still looking for a Unix user >> account and not finding one. I should mention that it seems that I am able >> to authenticate as the user; the following command executes properly, for >> example: >> >> smbclient -L //servername -U username >> >> So I'm guessing that problem is that the user doesn't have permission to >> access the shares they're trying to access. However, my (extremely >> limited) >> understanding is that Samba inherits permissions from the host Linux >> system, and in this case the corresponding Linux user is a member of the >> appropriate group for each corresponding share. Any further thoughts would >> be greatly appreciated. Thanks again! >> >> Cheers, >> Itamar >> >> Here's the log data: >> >> [2015/04/18 13:41:26.261983, 3] auth/auth.c:219(check_ntlm_password) >> check_ntlm_password: Checking password for unmapped user >> [Sharename]\[username]@[Server] with the new password interface >> [2015/04/18 13:41:26.262024, 3] auth/auth.c:222(check_ntlm_password) >> check_ntlm_password: mapped user is: [Sharename]\[username]@[Server] >> [2015/04/18 13:41:26.275787, 3] lib/smbldap.c:803(smb_ldap_start_tls) >> StartTLS issued: using a TLS connection >> [2015/04/18 13:41:26.275830, 2] >> lib/smbldap.c:1018(smbldap_open_connection) >> smbldap_open_connection: connection opened >> [2015/04/18 13:41:26.277053, 3] >> lib/smbldap.c:1240(smbldap_connect_system) >> ldap_connect_system: successful connection to the LDAP server >> [2015/04/18 13:41:26.277795, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) >> init_sam_from_ldap: Entry found for user: username >> [2015/04/18 13:41:26.279734, 0] >> passdb/lookup_sid.c:1684(get_primary_group_sid) >> Failed to find a Unix account for username User username in passdb, >> but >> getpwnam() fails! >> [2015/04/18 13:41:26.279895, 0] >> auth/check_samsec.c:492(check_sam_security) >> check_sam_security: make_server_info_sam() failed with >> 'NT_STATUS_NO_SUCH_USER' >> [2015/04/18 13:41:26.279929, 3] >> auth/auth_winbind.c:60(check_winbind_security) >> check_winbind_security: Not using winbind, requested domain [Sharename] >> was for this SAM. >> [2015/04/18 13:41:26.279954, 2] auth/auth.c:319(check_ntlm_password) >> check_ntlm_password: Authentication for user [username] -> [username] >> FAILED with error NT_STATUS_NO_SUCH_USER >> [2015/04/18 13:41:26.279981, 3] smbd/sesssetup.c:63(do_map_to_guest) >> No such user username [Sharename] - using guest account >> [2015/04/18 13:41:26.280011, 3] >> smbd/password.c:297(register_existing_vuid) >> register_existing_vuid: User name: nobody Real name: (null) >> [2015/04/18 13:41:26.280039, 3] >> smbd/password.c:307(register_existing_vuid) >> register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be >> vuid 100 >> [2015/04/18 13:41:26.280327, 3] smbd/process.c:1662(process_smb) >> Transaction 3 of length 116 (0 toread) >> [2015/04/18 13:41:26.280396, 3] smbd/process.c:1467(switch_message) >> switch message SMBtconX (pid 32646) conn 0x0 >> [2015/04/18 13:41:26.280443, 3] lib/access.c:338(allow_access) >> Allowed connection from 127.0.0.1 (127.0.0.1) >> [2015/04/18 13:41:26.280481, 3] smbd/service.c:837(make_connection_snum) >> Connect path is '/tmp' for service [IPC$] >> [2015/04/18 13:41:26.280531, 3] smbd/vfs.c:102(vfs_init_default) >> Initialising default vfs hooks >> [2015/04/18 13:41:26.280562, 3] smbd/vfs.c:128(vfs_init_custom) >> Initialising custom vfs hooks from [/[Default VFS]/] >> [2015/04/18 13:41:26.280630, 3] >> ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) >> string_to_sid: SID ig3223 is not in a valid format >> [2015/04/18 13:41:26.281305, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) >> init_sam_from_ldap: Entry found for user: ig3223 >> [2015/04/18 13:41:26.282110, 2] >> passdb/pdb_ldap.c:2427(init_group_from_ldap) >> init_group_from_ldap: Entry found for group: 1080 >> [2015/04/18 13:41:26.283328, 2] >> passdb/pdb_ldap.c:2427(init_group_from_ldap) >> init_group_from_ldap: Entry found for group: 1080 >> [2015/04/18 13:41:26.283448, 3] smbd/service.c:1081(make_connection_snum) >> Server (127.0.0.1) connect to service IPC$ initially as user nobody >> (uid=65534, gid=65534) (pid 32646) >> [2015/04/18 13:41:26.283485, 3] smbd/reply.c:871(reply_tcon_and_X) >> tconX service=IPC$ >> [2015/04/18 13:41:26.283699, 3] smbd/process.c:1662(process_smb) >> Transaction 4 of length 136 (0 toread) >> [2015/04/18 13:41:26.283769, 3] smbd/process.c:1467(switch_message) >> switch message SMBtrans2 (pid 32646) conn 0x7f0404cc8590 >> [2015/04/18 13:41:26.283836, 3] smbd/msdfs.c:891(get_referred_path) >> get_referred_path: |Sharename| in dfs path \Server.hosturl\Sharename is >> not a dfs root. >> [2015/04/18 13:41:26.283867, 3] smbd/error.c:81(error_packet_set) >> error packet at smbd/trans2.c(8345) cmd=50 (SMBtrans2) >> NT_STATUS_NOT_FOUND >> [2015/04/18 13:41:26.284057, 3] smbd/process.c:1662(process_smb) >> Transaction 5 of length 39 (0 toread) >> [2015/04/18 13:41:26.284127, 3] smbd/process.c:1467(switch_message) >> switch message SMBtdis (pid 32646) conn 0x7f0404cc8590 >> [2015/04/18 13:41:26.284182, 3] smbd/service.c:1345(close_cnum) >> Server (127.0.0.1) closed connection to service IPC$ >> [2015/04/18 13:41:26.284211, 3] smbd/connection.c:35(yield_connection) >> Yielding connection to IPC$ >> [2015/04/18 13:41:26.284347, 3] smbd/process.c:1662(process_smb) >> Transaction 6 of length 116 (0 toread) >> [2015/04/18 13:41:26.284381, 3] smbd/process.c:1467(switch_message) >> switch message SMBtconX (pid 32646) conn 0x0 >> [2015/04/18 13:41:26.284417, 3] lib/access.c:338(allow_access) >> Allowed connection from 127.0.0.1 (127.0.0.1) >> [2015/04/18 13:41:26.284446, 2] >> smbd/service.c:616(create_connection_session_info) >> guest user (from session setup) not permitted to access this share >> (Sharename) >> [2015/04/18 13:41:26.284471, 1] smbd/service.c:770(make_connection_snum) >> create_connection_session_info failed: NT_STATUS_ACCESS_DENIED >> [2015/04/18 13:41:26.284496, 3] smbd/error.c:81(error_packet_set) >> error packet at smbd/reply.c(803) cmd=117 (SMBtconX) >> NT_STATUS_ACCESS_DENIED >> [2015/04/18 13:41:26.284777, 3] >> smbd/server_exit.c:180(exit_server_common) >> Server exit (failed to receive smb request) >> >> >> On Fri, Apr 17, 2015 at 4:29 PM, Jeremy Allison <jra at samba.org> wrote: >> >> On Fri, Apr 17, 2015 at 03:15:48PM -0500, Itamar Gal wrote: >>> >>>> Hey Samba list, >>>> Home Directory: \\files\userid >>>> Profile Path: \\files\userid \profile >>>> >>>> 3. I reset the user's password: >>>> >>>> echo -e "password\npassword\n" | passwordsudo smbpasswd -s >>>> >>>> Then I tried to connect to the Samba server as the user: >>>> >>>> smbclient //fileserver/domain -U userid >>>> >>>> Unfortunately I was unable to authenticate; I get the following error >>>> message: >>>> >>>> Domain=[domain] OS=[Unix] Server=[Samba 3.6.3] >>>> tree connect failed: NT_STATUS_ACCESS_DENIED >>>> >>>> 4. I checked to see if there was in fact a Unix account for the user, >>>> and >>>> there wasn't, so I added one, and set the UNIX password to match the >>>> password set with smbpasswd. Then I tried again to connect to the Samba >>>> server, but was still unable to connect. >>>> >>>> Can anyone shed any light on this? Help! >>>> >>> Set the log level in smbd to 10, then take a look >>> at the logs produced when smbclient tries to connect. >>> >>> Here's how I set that up in smb.conf: >>> >>> log file = /usr/local/samba/var/log.%m >>> max log size = 0 >>> log level = 10 >>> >>> That will be the quickest way to track down the problem. >>> >>> Jeremy. >>> >>> > It does look like your user is unknown to samba, it might help if you > posted the smb.conf, what OS you are using etc > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >