Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

new user cannot access UNIX share

17 views
Skip to first unread message

David Wurdeman

unread,
Jun 7, 2007, 4:45:30 PM6/7/07
to
First just let me say that I have been mostly Microsoft the past 10 years,
but have now inherited a UNIX server at my new job. I have had some basic
UNIX experience, but not enough to fix the following problem:

*newly created user cannot access a share on the UNIX server*

Background:

We have a shared directory on our UNIX server that holds the databases for
an in-house application. Recently we had a new user enter the company. I
got onto the UNIX server (the graphical based screen--of course!) I found
the utility to create a new user.

THEN--I went to utility installed on my pc called Vision FS Profile Edit. I
was told by the UNIX guy who was adminstrating the server that "you need to
use this to give access to the shared folder". I got into the utility,
found the shared folder, went to the properties and found the new user I
created, and gave him rights to the share.

However, when I login to the new user's pc, go to network neighborhood--I
can see the Unix share but when I try to connect using the created Unix
username and password I get an "access denied".

I have tried logging-in on the UNIX console using the new user's name and
password, and it lets me in. So UNIX recognizes the account.

Can someone tell me what I might be doing wrong? Is there an additional step
in the "Vision FS Profile Editor" that I need to do? Is there something I
need to to from the console?

The system we are running is SCO UNIX (hope I got that right).

I very truly appreciate any help/advice. Feel free to ask more questions if
I am not clear on what I need to do.


Dave Hinz

unread,
Jun 7, 2007, 8:25:28 PM6/7/07
to
On Thu, 7 Jun 2007 15:45:30 -0500, David Wurdeman <david.w...@neiservices.net> wrote:
> First just let me say that I have been mostly Microsoft the past 10 years,
> but have now inherited a UNIX server at my new job. I have had some basic
> UNIX experience, but not enough to fix the following problem:
> *newly created user cannot access a share on the UNIX server*

Hi David, welcome to the group. You're off to a great start. Let's dig
into this & see what we've got.


>
> Background:
> We have a shared directory on our UNIX server that holds the databases for
> an in-house application. Recently we had a new user enter the company. I
> got onto the UNIX server (the graphical based screen--of course!) I found
> the utility to create a new user.

OK, it'd maybe help to know the flavor of Unix, sometimes not but
usually it does.

> THEN--I went to utility installed on my pc called Vision FS Profile Edit. I
> was told by the UNIX guy who was adminstrating the server that "you need to
> use this to give access to the shared folder". I got into the utility,
> found the shared folder, went to the properties and found the new user I
> created, and gave him rights to the share.

Sounds good so far...

> However, when I login to the new user's pc, go to network neighborhood--I
> can see the Unix share but when I try to connect using the created Unix
> username and password I get an "access denied".

OK so it sounds like you have a Samba server running on the Unix box.
And for some reason this user can see it but not authenticate. Are they
using their Unix password or their Windows password? What are his
coworkers using to authenticate there? It's highly configurable if
you're running Samba so the best bet will involve finding out whose
setup works, and observing how they do it.

> I have tried logging-in on the UNIX console using the new user's name and
> password, and it lets me in. So UNIX recognizes the account.

OK, it's quite possible that there is a username mapping that needs to
be done to tie his Windows login to his Unix login, so Samba knows that
"jblow123" in the Windows domain is equivalent to "joeblow" in the Unix
world.

> Can someone tell me what I might be doing wrong? Is there an additional step
> in the "Vision FS Profile Editor" that I need to do? Is there something I
> need to to from the console?

Look for something like "account name mapping". I've never seen Vision
FS Profile Editor, details on OS would be helpful if what I've said
doesn't help.

> The system we are running is SCO UNIX (hope I got that right).

Lucky you ;)

> I very truly appreciate any help/advice. Feel free to ask more questions if
> I am not clear on what I need to do.

You're off to a good start, let us know what you find based on the
above.

Dave Hinz

David Wurdeman

unread,
Jun 8, 2007, 2:41:33 PM6/8/07
to

"Dave Hinz" <Dave...@gmail.com> wrote in message
news:5crlvoF...@mid.individual.net...

Thanks so much for the reply--it is a real relief to have someone help me on
this problem 'cause it has me stumped!

When I get to the console login screen it says :"SCO Openserver Release 5"

The in-house program we are running on the users Windows workstations
requires a Windows drive letter mapped to the directory on the UNIX server.
As far as setting-up previous users, I have gone into Network
Neighborhood-->Tools-->map network drive. I then choose the drive letter I
need. However, since our users have different accounts for the UNIX server,
I choose the option to "connect using a different user name". I then enter
their UNIX username and password.

This has worked fine for the existing UNIX user accounts. However when I
follow this procedure for the new user, it comes back with the "access
denied" error.

I am thinking I need to ask the question as to how UNIX controls access to
folders on a server when accessed from across a network.

Michael Heiming

unread,
Jun 8, 2007, 3:15:04 PM6/8/07
to
In comp.unix.admin David Wurdeman <david.w...@neiservices.net>:

>> Sounds good so far...

>> Lucky you ;)

>> Dave Hinz

It seems it isn't unix but a samba server running on the SCO box
controlling access. You almost certainly just need to add the
user to the smb.conf or how it is called on SCO, exactly where
you find the other users who have access or perhaps just add the
user to a group allowing access with standard unix tools, such as
'usermod'. Get a shell on the unix box and enter:

'id <username_that_can_access_share>'

Without ' and replacing <username_that_can_access_share> with a
working user name.

You should get something like:

$ id root
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

Now do the same for the new user and check for differences after
"groups="

Either one might be the solution. I am sorry I do not know any of
the tools you mention, dislike thing not really portable.

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvp...@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 268: Neutrino overload on the nameserver

Dave Hinz

unread,
Jun 8, 2007, 7:56:47 PM6/8/07
to
On Fri, 8 Jun 2007 13:41:33 -0500, David Wurdeman <david.w...@neiservices.net> wrote:
>
> When I get to the console login screen it says :"SCO Openserver Release 5"

I don't "do" SCO but, Unix is Unix for the most part.

> The in-house program we are running on the users Windows workstations
> requires a Windows drive letter mapped to the directory on the UNIX server.
> As far as setting-up previous users, I have gone into Network
> Neighborhood-->Tools-->map network drive. I then choose the drive letter I
> need. However, since our users have different accounts for the UNIX server,
> I choose the option to "connect using a different user name". I then enter
> their UNIX username and password.

Yes, sounds very much like you're using Samba. That behaves very much
the same regardless of the flavor of *nix it's running on.

> This has worked fine for the existing UNIX user accounts. However when I
> follow this procedure for the new user, it comes back with the "access
> denied" error.

Depending on how it's configured, it could be one of several things.

> I am thinking I need to ask the question as to how UNIX controls access to
> folders on a server when accessed from across a network.

try this...point your webserver to:
http://servername:901/
where "servername" is the hostname of the SCO box in question. You
might have SWAT installed there - if you do, log in as your root or
Samba user and see what you can see for existing access controls. Path
forward will depend on what you find. If you don't have SWAT at port
901 on that box, it's probably not there; then look for a file called
smb.conf - I have no idea where that typically goes in SCO systems. the
smb.conf file will talk about how the users are authenticated.

Dave

Angel

unread,
Jun 9, 2007, 6:18:41 AM6/9/07
to
David Wurdeman <david.w...@neiservices.net> wrote:

> *newly created user cannot access a share on the UNIX server*

Samba is a real pita. AFAIR after user account creation, you need to
set up a Samba password for the user to be able to access the server
resources through Samba. IIRC you do it with the 'smbpasswd' (it could
be 'smbpwd' or something similar) command. Have you done that already?

--
Saludos,
Angel

Dave Hinz

unread,
Jun 9, 2007, 8:35:54 AM6/9/07
to

This depends on many configuration options, and may not apply.

David Wurdeman

unread,
Jun 11, 2007, 11:00:32 AM6/11/07
to
Actually, I finally got the problem solved.

The server is running Vision FS, and this is what is controlling access to
network shares.

Allthough in the Vision FS administrator program I could see the share and
give access to the UNIX user, I discovered that I needed to go to the
Properties of the Vision FS server itself--create the user--and then give
him access to the share.

Once I did this everything worked fine!

Thanks to everyone for their help.

I posted in a previous message some screen shots I took of the VisonFS admin
utility.

"David Wurdeman" <david.w...@neiservices.net> wrote in message
news:46686e65$0$500$815e...@news.qwest.net...

0 new messages