We have a Ubuntu/Samba setup to serve Windows-XP users using Active Directory
credentials.
The application is a backup service using rsync from their workstations to the
server.
Ubuntu: 9.10, Samba: 3.4.0.
The backups work fine, and individual users logged onto XP with AD credentials
can see the contents of their shares on the server.
However, we have been unable to configure Samba to allow specified users
(domain admins) access to Samba shares, which is needed for administration of
the shares.
The "valid user" and "admin user" constructs are not working in our environment.
When smb.conf is configured with these constructs (see testparm output below),
which should allow access, instead we get an error message on the XP side and
the following messages in /var/log/samba: (in the example, trying to access the
share \\<server>\wirt)
[2010/02/08 21:31:21, 0] param/loadparm.c:8546(process_usershare_file)
process_usershare_file: stat of /var/lib/samba/usershares/wirt failed.
Permission denied
[2010/02/08 21:31:21, 0] param/loadparm.c:8546(process_usershare_file)
process_usershare_file: stat of /var/lib/samba/usershares/wirt failed.
Permission denied
[2010/02/08 21:31:21, 0] param/loadparm.c:8546(process_usershare_file)
process_usershare_file: stat of /var/lib/samba/usershares/wirt failed. No such
file or directory
[2010/02/08 21:31:21, 0] smbd/service.c:1188(make_connection) __ffff_10.0.3.56
(::ffff:10.0.3.56) couldn't find service wirt
The error in XP says: "Windows cannot find '\\<server>\wirt'. Check the
spelling and try again...."
Is there something wrong with the smb.conf settings, or something else that
needs to be done to allow domain admins access to user shares?
Could something with the pam or winbind settings explain this behavior?
One clue is that when we cranked the log level to 3, the log messages indicated
that the Samba connection was being made to a UNIX user DOMAIN\lfvr3tk1$ rather
than DOMAIN\admin as would be expected. The name of the admin's XP computer is
"lfvr3tk1". The logfile is quite large so I did not include it here.
What's going on????
Thanks,
Eric Peterson
======output from testparm=========
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[public]"
Processing section "[public_rw]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = %h server (Samba, Ubuntu)
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
[homes]
comment = Home Directories
valid users = DOMAIN\%S, DOMAIN\admin
admin users = DOMAIN\admin
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
browsable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[public]
path = /export/public
guest ok = Yes
[public_rw]
path = /export/public_rw
read only = No
guest ok = Yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
