Re: [Samba] cannot access shares
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ryan Johnson wrote, On 16-07-2007 02:49: [...] so why might i be able to access the user directories, but not my self made one? i have tried adding another that points to another random directory i created to test out, and that too does not work. i should mention that /netshare is the mount point for /dev/hdb1 (just a 120GB drive that is used to store shared stuff) Hi Ryan, Do you have any logs? Can you try increase the log level and check what the logs says about your tries to access 'netshare'? Kind regards - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGnhlNCj65ZxU4gPQRCP9BAJ9JWQ8cJE9zSbCHgYbo9vxwvn5rxgCgjPwT pgat8/u9gETXI85LA6eSc60= =hBbm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cannot access shares
i had my file server setup with suse 10.1, and i did a clean upgrade to suse 10.2 (if it matters much), now trying to setup samba again, i have run into a slight problem. on my windows machines, i can access the home directories of the users, however when i try and get into directories i setup myself (in my case 'netshare'), it says that the directory is not accessible. check permissions etc. my user list: user1, user2 both belong to group: window permission for the directory '/netshare' is set for 775 'netshare' is owned by user1 in group window here is the smb.conf file *** START smb.conf # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2007/07/14 14:06:14 [global] workgroup = HOME server string = Our File Repository map to guest = Bad User printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile os level = 2 domain master = No usershare allow guests = Yes hosts allow = 192.168.1.0/255.255.255.0 cups options = raw include = /etc/samba/dhcp.conf [homes] comment = Home Directories valid users = %S, %D%w%S read only = No inherit acls = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netshare] comment = store stuff here path = /netshare valid users = user1, user2 admin users = user1, user2 force group = window read only = No acl group control = Yes inherit permissions = Yes inherit acls = Yes guest ok = Yes case sensitive = No strict locking = No msdfs proxy = no *** END smb.conf so why might i be able to access the user directories, but not my self made one? i have tried adding another that points to another random directory i created to test out, and that too does not work. i should mention that /netshare is the mount point for /dev/hdb1 (just a 120GB drive that is used to store shared stuff) thanks in advance for your help. -Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot access shares on domain member server
Hello, I have a Samba 3.0.23 server being a domain member server (security = ads). I was able to join the domain without problems, but I cannot access shares on the server using domain accounts. A log level = 10 log shows the following errors: [2006/10/20 18:24:15, 10] passdb/secrets.c:secrets_named_mutex(778) secrets_named_mutex: got mutex for replay cache mutex [2006/10/20 18:24:15, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type [2006/10/20 18:24:15, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type [2006/10/20 18:24:16, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(252) ads_secrets_verify_ticket: enc type [23] decrypted message ! [2006/10/20 18:24:16, 10] passdb/secrets.c:secrets_named_mutex_release(790) secrets_named_mutex: released mutex for replay cache mutex [2006/10/20 18:24:16, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(685) Got KRB5 session key of length 16 The domain controller is a Windows 2003 server, the client trying to connect a Windows XP SP2 machine. Regards, Christoph Kling -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot Access Shares (Permission Denied)
Hello, I am having trouble accessing my shares. I have set up a homes directory, public and temp directory. Every time I try to either browse to my samba server, or map to it I am prompted with a password dialog box. I have tried to set up samba to be a member server in Active Directory and set my valid users = @DOMAIN+info_sys , which is the security group that I belong to. When I enter my user name and password nothing happens. I desperately want to get this working, but I cannot seem to figure out how to make Samba use my Active Directory user accounts for accessing shares. Do I need to assign permissions to the folder (/data) itself? If so can someone please explain how to give ownership or full control over a linux folder (/data) to a security group from Active Directory? Any help is greatly appreciated. Adam Katulak -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot access shares from a Win2k client
Hey all.
I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain. I'm
attempting to view shares on the samba server via a Win2000 client.
I've been getting the following messages from the smbd logs and I'm
wondering why. I can connect to the Samba server (using the IP only) to
view which shares are available, but when I double click the share to access
it, I get a network name cannot be found on the share.
From smbd log:
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147)
unable to create MEMORY: keytab (Unknown Key table type)
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
ads_verify_ticket: unable to setup keytab
[2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Can anyone shed some light on what this might be caused by?
Also, I'm running winbind for UNIX/Windows user/group mapping. The 'wbinfo
-u' command works, but it spits out only the user names rather than
DOMAIN\username. Since usernames aren't unique across our OSes, 'getent
passwd' results in duplicate entries. Groups are not prefixed by their
domain either. Anyone have this problem?
Below are my configs:
smb.conf
--
[global]
; smbd settings
log level = 3
log file = /var/log/samba/log.%m
server string = %U [Samba Server %v]
; Active Directory settings
;dns proxy = yes
workgroup = FOO
security = ADS
realm = FOO.COM
local master = no
domain master = no
preferred master = no
os level = 0
; winbind stuff
winbind separator = +
winbind enum users = yes
idmap uid = 1-2
winbind enum groups = yes
idmap gid = 1-2
winbind use default domain = yes
password server = dc.foo.com
encrypt passwords = yes
[test]
comment = Samba functionality test directory
path = /home/user/test/
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf
--
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FOO.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FOO.COM = {
kdc = dc.foo.com:88
admin_server = dc.foo.com:749
default_domain = foo.com
}
[domain_realm]
.foo.com = FOO.COM
foo.com = FOO.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
--
...
passwd: files winbind
shadow: files
group: files winbind
host: files dns winbind
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Cannot access shares from a Win2k client
Here's a followup. I also get these errors in the smbd logs. The thing is,
the share directory has full permissions (0777) and the smb.conf is set to
be fully readable, writeable and okay for guests.
[2003/12/19 15:21:23, 0] smbd/service.c:make_connection_snum(677)
'/home/bspiegel/test/' does not exist or is not a directory, when
connecting to [test]
[2003/12/19 15:21:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/12/19 15:21:23, 3] smbd/connection.c:yield_connection(69)
Yielding connection to test
[2003/12/19 15:21:23, 3] smbd/error.c:error_packet(94)
error string = Permission denied
[2003/12/19 15:21:23, 3] smbd/error.c:error_packet(118)
error packet at smbd/reply.c(286) cmd=117 (SMBtconX)
NT_STATUS_BAD_NETWORK_NAME
-Original Message-
From: Brian Spiegel [mailto:[EMAIL PROTECTED]
Sent: Friday, December 19, 2003 2:53 PM
To: '[EMAIL PROTECTED]'
Subject: [Samba] Cannot access shares from a Win2k client
Hey all.
I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain. I'm
attempting to view shares on the samba server via a Win2000 client.
I've been getting the following messages from the smbd logs and I'm
wondering why. I can connect to the Samba server (using the IP only) to
view which shares are available, but when I double click the share to access
it, I get a network name cannot be found on the share.
From smbd log:
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147)
unable to create MEMORY: keytab (Unknown Key table type)
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
ads_verify_ticket: unable to setup keytab
[2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Can anyone shed some light on what this might be caused by?
Also, I'm running winbind for UNIX/Windows user/group mapping. The 'wbinfo
-u' command works, but it spits out only the user names rather than
DOMAIN\username. Since usernames aren't unique across our OSes, 'getent
passwd' results in duplicate entries. Groups are not prefixed by their
domain either. Anyone have this problem?
Below are my configs:
smb.conf
--
[global]
; smbd settings
log level = 3
log file = /var/log/samba/log.%m
server string = %U [Samba Server %v]
; Active Directory settings
;dns proxy = yes
workgroup = FOO
security = ADS
realm = FOO.COM
local master = no
domain master = no
preferred master = no
os level = 0
; winbind stuff
winbind separator = +
winbind enum users = yes
idmap uid = 1-2
winbind enum groups = yes
idmap gid = 1-2
winbind use default domain = yes
password server = dc.foo.com
encrypt passwords = yes
[test]
comment = Samba functionality test directory
path = /home/user/test/
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf
--
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FOO.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FOO.COM = {
kdc = dc.foo.com:88
admin_server = dc.foo.com:749
default_domain = foo.com
}
[domain_realm]
.foo.com = FOO.COM
foo.com = FOO.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
--
...
passwd: files winbind
shadow: files
group: files winbind
host: files dns winbind
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] Cannot access shares from a Win2k client
This is keeping you from seeing DOMAIN\username:
winbind use default domain = yes
Personally I like this option especially when you have large domains
with trust relationships.
You also may want to look at putting client use spnego = yes into your
smb.conf since your using W2k3.
Can you get a valid kerberoes ticket from kinit?
What does your klist -e look like?
Several of us are trying to nail out similiar errors. I have this
working correctly on a Mandrake 9.2 server using Samba3.0.pre1.but
it's not working on my Gentoo box running Samba3.0.1
Look for my post and maybe compare notes...
Tim
On Fri, 2003-12-19 at 23:22, Brian Spiegel wrote:
Here's a followup. I also get these errors in the smbd logs. The thing is,
the share directory has full permissions (0777) and the smb.conf is set to
be fully readable, writeable and okay for guests.
[2003/12/19 15:21:23, 0] smbd/service.c:make_connection_snum(677)
'/home/bspiegel/test/' does not exist or is not a directory, when
connecting to [test]
[2003/12/19 15:21:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/12/19 15:21:23, 3] smbd/connection.c:yield_connection(69)
Yielding connection to test
[2003/12/19 15:21:23, 3] smbd/error.c:error_packet(94)
error string = Permission denied
[2003/12/19 15:21:23, 3] smbd/error.c:error_packet(118)
error packet at smbd/reply.c(286) cmd=117 (SMBtconX)
NT_STATUS_BAD_NETWORK_NAME
-Original Message-
From: Brian Spiegel [mailto:[EMAIL PROTECTED]
Sent: Friday, December 19, 2003 2:53 PM
To: '[EMAIL PROTECTED]'
Subject: [Samba] Cannot access shares from a Win2k client
Hey all.
I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain. I'm
attempting to view shares on the samba server via a Win2000 client.
I've been getting the following messages from the smbd logs and I'm
wondering why. I can connect to the Samba server (using the IP only) to
view which shares are available, but when I double click the share to access
it, I get a network name cannot be found on the share.
From smbd log:
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147)
unable to create MEMORY: keytab (Unknown Key table type)
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
ads_verify_ticket: unable to setup keytab
[2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Can anyone shed some light on what this might be caused by?
Also, I'm running winbind for UNIX/Windows user/group mapping. The 'wbinfo
-u' command works, but it spits out only the user names rather than
DOMAIN\username. Since usernames aren't unique across our OSes, 'getent
passwd' results in duplicate entries. Groups are not prefixed by their
domain either. Anyone have this problem?
Below are my configs:
smb.conf
--
[global]
; smbd settings
log level = 3
log file = /var/log/samba/log.%m
server string = %U [Samba Server %v]
; Active Directory settings
;dns proxy = yes
workgroup = FOO
security = ADS
realm = FOO.COM
local master = no
domain master = no
preferred master = no
os level = 0
; winbind stuff
winbind separator = +
winbind enum users = yes
idmap uid = 1-2
winbind enum groups = yes
idmap gid = 1-2
winbind use default domain = yes
password server = dc.foo.com
encrypt passwords = yes
[test]
comment = Samba functionality test directory
path = /home/user/test/
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf
--
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FOO.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FOO.COM = {
kdc = dc.foo.com:88
admin_server = dc.foo.com:749
default_domain = foo.com
}
[domain_realm]
.foo.com = FOO.COM
foo.com = FOO.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
--
...
passwd: files winbind
shadow: files
group: files winbind
host: files dns winbind
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot access shares
Hi everybody!, I installed Samba w/Active Directory Support with the instructions Ron Gage sent to the list yesterday, everything works fine, I can join to the domain, if I make a wbinfo -u I can see the users of the domain etc... I start winbind with: [EMAIL PROTECTED] samba]# winbindd -i -s /etc/samba/smb.conf winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 Added domain NUMARDOM GRUPO.NUMAR.NET krb5_cc_get_principal failed (No credentials cache found) scanning trusted domain list Added domain QUEPOS S-1-5-21-1086925928-1616591249-2076119496 Added domain COTO S-1-5-21-1675657023-1519021507-825688854 scanning trusted domain list name_to_sid: mailman not found user 'mailman' does not exist And then it keeps saying that the user 'mailman' does not exist. But samba is working, so i go with a WinXP machine and look at the shares of the samba server through the network. I can see the shares but when I tried to double click one of them I get the following from winbindd logs: user 'sj-EsancHez$' does not exist user 'sj-EsanchEz$' does not exist Sj-esanchez is the winxp machine name. Here[1] is my smb.conf file, the share i'm trying to access is [finanzas]. Any help or suggestion would be appreciated.. Thanks in advance. Regards, -eduardo s.m. [1] # Global parameters [global] workgroup = NUMARDOM #Cambios en samba para soportar Active Directory realm = GRUPO.NUMAR.NET security = ADS password server = 192.168.0.12 username map = /etc/samba/smbusers os level = 10 dns proxy = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind use default domain = yes winbind enum users = yes winbind enum groups = yes template homedir = /home%D/%U template shell = /bin/bash domain logons = yes add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Maquina del dominio' -s /bin/false -M %u # netbios name = linux01 server string = Linux - Servidor de Archivos encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully unix password sync = Yes username level = 15 log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No hosts allow = 192.168.0. printing = lprng [Finanzas] comment = Archivos de 2003 path = /finanzas valid users = @Domain Users admin users = mmontealegre,ebarboza write list = mmontealegre,ebarboza read list = @Domain Users read only = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
