-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi everybody,
I'm a french sysadmin and i'm using Samba from a long date.
Since my first use, i've write some usefull documentation, and usually,
i've just to follow this documentation and Samba works by itself ;)
Now, i'm trying to install Samba as the usuall but on a Debian-Etch
AMD64 plateform. All my previous install were done on an Debian-i386
plateform, and certainly a woody distribution.
This Samba version is 3.0.24, and uname -an gives me:
Linux rhea 2.6.18-5-amd64 #1 SMP Tue Oct 2 20:37:02 UTC 2007 x86_64
GNU/Linux
In all the case, i've install OpenLDAP, build my directory, parameter
nsswitch and so on. When i type a getent passwd, all my LDAP record are
seen and Samba authenticate well on LDAP; As the usual ;)
But, when i'm trying to join some workstation to this Samba seen as a
PDC server, sometime it works, and sometime not. I've search, changed a
lot of things in my configuration, and now, most workstation well join
the PDC, but i can't explore the network neighborhood, i've got an error
message, and when i give \\MYSERVER in the url, i can see my Server
Share. Another strange things, when two workstation join the domain,
they can't explore themselves their shares or printers...
In all the case, the most frequent error log message is:
smbd/service.c:make_connection_snum(782)
make_connection: connection to ipc$ denied due to security descriptor.
For example, here is a portion of a log file:
[2007/11/08 08:40:16, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2007/11/08 08:40:16, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2007/11/08 08:40:16, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2007/11/08 08:40:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 514
[2007/11/08 08:40:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 514
[2007/11/08 08:40:17, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.1.212)
[2007/11/08 08:40:17, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2007/11/08 08:40:17, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2007/11/08 08:40:17, 0] smbd/service.c:make_connection_snum(782)
make_connection: connection to ipc$ denied due to security descriptor.
[2007/11/08 08:43:21, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2007/11/08 08:43:21, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 514
[2007/11/08 08:43:21, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 514
[2007/11/08 08:43:21, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.1.212)
[2007/11/08 08:43:21, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2007/11/08 08:43:21, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2007/11/08 08:43:21, 0] smbd/service.c:make_connection_snum(782)
make_connection: connection to ipc$ denied due to security descriptor.
I think you want to see my smb.conf ?
You've got it as smb.sample join to this message.
My server IP is 192.168.1.2 and i've got an LDAP server on 127.0.0.1 and
a replicat server on 192.168.1.3
I've define some group mapping, and all my users have for primary group
the group named SmbDomUsers (gid=513).
Sometime, when i'm using the pdbedit command i've got the following lines:
Unix username:loic
NT username: loic
Account Flags:[UX ]
User SID: S-1-5-21-3280060803-927162377-3199414824-3006
Primary Group SID:S-1-5-21-3280060803-927162377-3199414824-513
Full Name:Compte de Loic
Home Directory: \\RHEA\loic
HomeDir Drive:U:
Logon Script: logon.cmd
Profile Painit_sam_from_ldap: Entry found for user: ludovic
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 513
init_sam_from_ldap: Entry found for user: pascal
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 513
init_sam_from_ldap: Entry found for user: francois
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 513
init_sam_from_ldap: Entry found for user: jerome
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 513
th: \\RHEA\loic\.winprofile
Domain: MYWORKGROUP
Account desc: Compte Utilisateur du domaine MYWORKGROUP
Workstations:
Munged dial:
Logon time: 0
Logoff