Hi everybody.... I'm trying to build a fileserver with samba. And I had it
ok when users where authenticating via samba, but I changed the
authentication method to OpenLDAP, and for some strange reason users can
not access the shares anymore... it is giving me this error:
"create_connection_server_info failed: NT_STATUS_ACCESS_DENIED".
I have chacked the permission in the SO and is 777 for the hole share
estructure.
I have tried to use "username =" but it enters any user, not only the
permited ones.
The LDAP server is authenticating right, I know because I use him as a base
for my DC's.
The server with that problem is not my PDC. It is just a fileserver.
I've read that it is because I'm using "valid users = " is that right? I've
tried to use "valid users" whit "write list" but it had no effect. I don't
know what to do any more.
thank's in advance. If anyone can help me, I will be very grateful
Here is my smb.conf
[global]
# ---------------- AutenticaĆ§Ć£o -------------------
workgroup = <DOMAIN IN PDC>
netbios name = <NETBIOS NAME>
security = DOMAIN
password server = <IP OF LDAP>
dos charset = ISO8859-1
unix charset = UTF-8
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
# ----------------- Recycle ---------------------
recycle: keeptree = Yes
recycle:maxsize = 0
recycle:touch = True
recycle:exclude = *.tmp,*.log,*.obj,~*.*,*.bak,*.iso,*.temp,*.o,~$*
recycle:repository = /opt/FNMA/lixeira/%U
recycle:noversions = *.doc|*.xls|*.ppt|*.dwg|*.dxf|*.txt
recycle:exclude_dir = tmp, cache
recycle:versions = Yes
# ---------------- Audit ---------------------
full_audit:priority = notice
full_audit:prefix = %m|%I|%u|%S
full_audit:facility = local5
full_audit:success = rename rmdir unlink open write
full_audit:failure = none
# ---------------- Log --------------------
log level = 1
log file = /var/log/samba/%m.log
syslog = 0
max log size = 1000
# --------------- Misc ---------------------
veto files =
/*.mp3/*.ogg/autorun.inf/autorun.vbs/autorun.bat/autorun.wsh/autorun.bin/autorun.reg/autorun.txt/AUTORUN.BMK/copy.exe/host.exe/*.tmp/*.temp/~$*/
dns proxy = no
load printers = no
hide dot files = yes
# -------------------- Compartilhamentos -------------------
[FNMA]
vfs objects = recycle, full_audit
path = /opt/FNMA
write list = <users>
comment = Todos arquivos do FNMA
valid users = <users>
create mode = 0770
directory mode = 775
#vfs object = recycle, full_audit
[DIRETORIA]
vfs objects = recycle, full_audit
browseable = yes
writeable = yes
path = /opt/FNMA/Diretoria
force user = root
comment = Arquivos da Diretoria
valid users = @dir
write list = @dir
create mode = 770
public = yes
directory mode = 775
[CINF]
force user = root
comment = Coordenadoria de Informatica
browseable = no
valid users = @gead-cinf
write list = @gead-cinf
writeable = yes
create mode = 770
path = /opt/FNMA/GEAD/CINF
directory mode = 775
#vfs objects = recycle, full_audit
[CCON]
vfs objects = recycle, full_audit
writeable = yes
path = /opt/FNMA/GEAD/CCON
force user = root
comment = Coordenadoria de Contratos e Convenios
valid users = @gead-ccon,@gead
write list = @gead-ccon,@gead
public = yes
create mode = 770
directory mode = 775
[CFIN]
vfs objects = recycle, full_audit
writeable = yes
path = /opt/FNMA/GEAD/CFIN
force user = root
comment = Coordenadoria de Financas
valid users = @gead-cfin,@gead
write list = @gead-cfin,@gead
create mode = 770
directory mode = 775
[COAD]
vfs objects = recycle, full_audit
writeable = yes
path = /opt/FNMA/GEAD/COAD
comment = Coordenadoria Administrativa
valid users = @gead-coad, @gead, @gead-cdoc
write list = @gead-coad, @gead, @gead-cdoc
create mode = 770
directory mode = 775
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
