[Samba] Samba PDC: "not permitted to access this share"

Wed, 10 Feb 2010 00:13:36 -0800 

Hello,
I run Samba 3.0.23d on a Host with SuSE 10.2, configured as PDC with LDAP-Backend. 
This is working so far since some month.
But one USer can't log in. Ith seems that samba does not have the permission to acces the netlogon-share, whre the profile from "Default User" is located. The folder is readable for everyone, so, I think that this is not the Problem. 

Here is the smb.conf:

---------------------------------
[global]
        workgroup = MARCO
        netbios aliases = homedirs
        server string = b-fs
        passdb backend = ldapsam:"ldap://10.3.1.3";
        username map = /etc/samba/smb-user-map
        log level = 3
        debug uid = Yes
        smb ports = 139
        name resolve order = wins host bcast
        deadtime = 300
        printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ 
        logon script = logon.bat
        logon path = \\%L\%U\.ntprofile
        logon drive = H:
        logon home = \\%L\%U
        domain logons = Yes
        preferred master = Yes
        local master = No
        domain master = Yes
        wins server = gate
        kernel oplocks = No
        ldap admin dn = cn=Administrator,dc=marco,dc=de
        ldap group suffix = ou=group
        ldap machine suffix = ou=Computers
        ldap suffix = dc=marco,dc=de
        ldap ssl = no
        ldap user suffix = ou=people
        create mask = 0775
        directory mask = 0775
hide files = /Desktop.ini/desktop.ini/ntuser.ini/NTUSER.*/tmp/RECYCLER/ 
        map archive = No
        share modes = No
        delete readonly = Yes

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root, ds
        csc policy = disable

-------------------------------------------------------------------


Here is a snipplet from the3 messages with loglevel 3:

--------------------------------------------------------------------
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(241) 
  setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/service.c:make_connection_snum(950) b-xp (10.3.1.6) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 28180) [2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/sec_ctx.c:set_sec_ctx(241) 
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 2, effective(0, 0), real(0, 0)] smbd/reply.c:reply_tcon_and_X(711) 
  Serving IPC$ as a Dfs root
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/reply.c:reply_tcon_and_X(716) 
  tconX service=IPC$
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/process.c:process_smb(1110) 
  Transaction 105 of length 92
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/process.c:switch_message(914) 
  switch message SMBtrans2 (pid 28180) conn 0x8049b160
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(241) 
  setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/process.c:process_smb(1110) 
  Transaction 106 of length 74
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/process.c:switch_message(914) 
  switch message SMBtconX (pid 28180) conn 0x0
[2010/02/10 08:53:39, 3, effective(65534, 65534), real(65534, 0)] smbd/sec_ctx.c:set_sec_ctx(241) 
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:39, 2, effective(0, 0), real(0, 0)] smbd/service.c:make_connection_snum(569) 
  guest user (from session setup) not permitted to access this share (ds)
[2010/02/10 08:53:39, 3, effective(0, 0), real(0, 0)] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/process.c:process_smb(1110) 
  Transaction 107 of length 43
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/process.c:switch_message(914) 
  switch message SMBulogoffX (pid 28180) conn 0x0
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(241) 
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/reply.c:reply_ulogoffX(1618) 
  ulogoffX vuid=105
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/process.c:process_smb(1110) 
  Transaction 108 of length 39
[2010/02/10 08:53:43, 3, effective(0, 0), real(0, 0)] smbd/process.c:switch_message(914) 
  switch message SMBtdis (pid 28180) conn 0x804998f8
---------------------------------------------------------------------------


Here is a ll on /var/lib/samba:

------------------------------------------------------------------

-rw------- 1 root root     8192 Aug 10  2007 account_policy.tdb
-rw-r--r-- 1 root root    40200 Feb 10 08:53 brlock.tdb
-rw-r--r-- 1 root root      523 Feb 10 08:59 browse.dat
-rw-r--r-- 1 root root     8192 Feb 10 08:53 connections.tdb
drwxrwxr-x 9 root ntadmin  4096 Nov 17  2008 drivers
-rw-r--r-- 1 root root     8192 Aug  6  2007 gencache.tdb
-rw------- 1 root root     8192 Aug 10  2007 group_mapping.tdb
-rw-r--r-- 1 root root    49152 Feb 10 09:03 locking.tdb
-rw-r--r-- 1 root root      696 Jul 31  2009 login_cache.tdb
-rw------- 1 root root     8192 Jan 27 15:21 messages.tdb
drwxr-xr-x 3 root root     4096 Feb  5 13:55 netlogon
-rw------- 1 root root     8192 Aug 10  2007 ntdrivers.tdb
-rw------- 1 root root      696 Aug 10  2007 ntforms.tdb
-rw------- 1 root root    16384 Feb  8  2008 ntprinters.tdb
drwxr-xr-x 2 root root     4096 Aug 10  2007 perfmon
drwxr-xr-x 2 root root     4096 Oct 30 12:15 printing
drwxrwx--- 2 root users    4096 Nov 27  2006 profiles
-rw------- 1 root root    16384 Aug 10  2007 registry.tdb
-rw-r--r-- 1 root root    24576 Feb 10 08:53 sessionid.tdb
-rw------- 1 root root     8192 Aug 10  2007 share_info.tdb
-rw-r--r-- 1 root root    16384 Jan 28 03:02 unexpected.tdb
drwxrwx--T 2 root users    4096 Jul 31  2009 usershares
----------------------------------------------------------------------

ll on /var/lib/samba/netlogon:

---------------------------------------------------------------------
drwxrwxrwx+ 14 root root 4096 Nov  3 16:05 Default User
-rw-r--r--   1 root root  515 Dec  6 17:57 logon.bat

--------------------------------------------------------------------


Can anybody help me to figure out why there is a "permission denied"?
If you need more information, please let me know.


Regards

Daniel




--
Daniel Spannbauer                         Software Entwicklung
marco Systemanalyse und Entwicklung GmbH  Tel   +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen   Mobil +49 171 4033220
http://www.marco.de/                      Email d...@marco.de
Geschäftsführer Martin Reuter             HRB 171775 Amtsgericht München
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to