[Samba] Having problems with Samba and openLDAP Groups
Matt Burkhardt
can log onto a Samba share, can read and write to my home directory, but
I'm concerned about trying to get the file share Staff to work - want it
to be read and write to the Group named Staff. I have set up the group
and added myself to the group
If I do a smbldap-groupshow Staff - I get
sudo smbldap-groupshow Staff
dn: cn=Staff,ou=Groups,dc=imparisystems,dc=local
objectClass: top,posixGroup
cn: Staff
gidNumber: 1012
memberUid: mlb
I'm mlb - but it doesn't have any Samba information and I added the
group by typing
sudo smbldap-groupadd -a Staff
If I try
smbclient //Ubuntu/Staff
Password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]
tree connect failed: NT_STATUS_ACCESS_DENIED
Here's my smb.conf file - just the globals and the share I want to fix
[global]
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://localhost/
pam password change = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*
\spassword$
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
log level = 3
server signing = auto
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%
g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%
u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = logon.bat
logon path = \\%N\profiles\%U
logon drive = H:
domain logons = Yes
os level = 34
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=imparisystems,dc=local
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=imparisystems,dc=local
ldap ssl = no
ldap user suffix = ou=Users
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
path = /samba
invalid users = root
[Staff]
writeable = yes
msdfs root = yes
valid users = @Staff
path = /samba/smalldrive/doc/Staff
only user = yes
Here's my log for the server at /var/log/samba/log.ubuntu
---snip---
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: sam authentication for user [mlb] succeeded
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [mlb] -> [mlb] -> [mlb]
succeeded
[2009/05/27 13:34:52, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1107)
fetch gid from cache 544 -> S-1-5-32-544
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-3529111891-2609867799-3129462049-3018]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1000]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-4]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-20]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-24]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-25]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-29]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-30]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-33]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-44]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-46]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-107]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-113]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-115]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-116]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1001]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1002]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1008]
[2009/05/27 13:34:52, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1012]
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2009/05/27 13:34:52, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60088215
[2009/05/27 13:34:52, 3] smbd/password.c:register_vuid(304)
User name: mlb Real name: mlb
[2009/05/27 13:34:52, 3] smbd/password.c:register_vuid(325)
UNIX uid 1000 is UNIX user mlb, and will be vuid 101
[2009/05/27 13:34:52, 3] smbd/password.c:register_vuid(356)
Adding homes service for user 'mlb' using home directory: '/home/mlb'
[2009/05/27 13:34:52, 3] param/loadparm.c:lp_add_home(2691)
adding home's share [mlb] for user 'mlb' at '/home/mlb'
[2009/05/27 13:34:52, 3] libsmb/smb_signing.c:srv_set_signing(975)
srv_set_signing: turning on SMB signing: signing negotiated = Yes,
mandatory_signing = No.
[2009/05/27 13:34:52, 3] smbd/process.c:process_smb(1069)
Transaction 3 of length 80
[2009/05/27 13:34:52, 3] smbd/process.c:switch_message(927)
switch message SMBtconX (pid 21207) conn 0x0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid root does not start with 'S-'.
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: root
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/service.c:make_connection_snum(806)
Connect path is '/tmp' for service [IPC$]
[2009/05/27 13:34:52, 3] lib/util_seaccess.c:se_access_check(250)
[2009/05/27 13:34:52, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is
S-1-5-21-3529111891-2609867799-3129462049-3018
se_access_check: also S-1-22-2-1000
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-4
se_access_check: also S-1-22-2-20
se_access_check: also S-1-22-2-24
se_access_check: also S-1-22-2-25
se_access_check: also S-1-22-2-29
se_access_check: also S-1-22-2-30
se_access_check: also S-1-22-2-33
se_access_check: also S-1-22-2-44
se_access_check: also S-1-22-2-46
se_access_check: also S-1-22-2-107
se_access_check: also S-1-22-2-113
se_access_check: also S-1-22-2-115
se_access_check: also S-1-22-2-116
se_access_check: also S-1-22-2-1001
se_access_check: also S-1-22-2-1002
se_access_check: also S-1-22-2-1008
se_access_check: also S-1-22-2-1012
[2009/05/27 13:34:52, 3] smbd/vfs.c:vfs_init_default(95)
Initialising default vfs hooks
[2009/05/27 13:34:52, 3] smbd/vfs.c:vfs_init_custom(128)
Initialising custom vfs hooks from [/[Default VFS]/]
[2009/05/27 13:34:52, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid root does not start with 'S-'.
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: root
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/util_seaccess.c:se_access_check(250)
[2009/05/27 13:34:52, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is
S-1-5-21-3529111891-2609867799-3129462049-3018
se_access_check: also S-1-22-2-1000
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-4
se_access_check: also S-1-22-2-20
se_access_check: also S-1-22-2-24
se_access_check: also S-1-22-2-25
se_access_check: also S-1-22-2-29
se_access_check: also S-1-22-2-30
se_access_check: also S-1-22-2-33
se_access_check: also S-1-22-2-44
se_access_check: also S-1-22-2-46
se_access_check: also S-1-22-2-107
se_access_check: also S-1-22-2-113
se_access_check: also S-1-22-2-115
se_access_check: also S-1-22-2-116
se_access_check: also S-1-22-2-1001
se_access_check: also S-1-22-2-1002
se_access_check: also S-1-22-2-1008
se_access_check: also S-1-22-2-1012
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/service.c:make_connection_snum(1033)
ubuntu (192.168.1.100) signed connect to service IPC$ initially as
user mlb (uid=1000, gid=1000) (pid 21207)
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/reply.c:reply_tcon_and_X(574)
tconX service=IPC$
[2009/05/27 13:34:52, 3] smbd/process.c:process_smb(1069)
Transaction 4 of length 102
[2009/05/27 13:34:52, 3] smbd/process.c:switch_message(927)
switch message SMBtrans2 (pid 21207) conn 0x84f0010
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/process.c:process_smb(1069)
Transaction 5 of length 39
[2009/05/27 13:34:52, 3] smbd/process.c:switch_message(927)
switch message SMBtdis (pid 21207) conn 0x84f0010
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/service.c:close_cnum(1230)
ubuntu (192.168.1.100) closed connection to service IPC$
[2009/05/27 13:34:52, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/process.c:process_smb(1069)
Transaction 6 of length 84
[2009/05/27 13:34:52, 3] smbd/process.c:switch_message(927)
switch message SMBtconX (pid 21207) conn 0x0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid root does not start with 'S-'.
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: root
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid @Staff does not start with 'S-'.
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 0] smbd/share_access.c:user_ok_token(221)
'only user = yes' and no 'username ='
[2009/05/27 13:34:52, 2] smbd/service.c:make_connection_snum(616)
user 'mlb' (from session setup) not permitted to access this share
(Staff)
[2009/05/27 13:34:52, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/reply.c(514) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
[2009/05/27 13:34:52, 3] smbd/process.c:timeout_processing(1329)
timeout_processing: End of file from client (client has disconnected).
[2009/05/27 13:34:52, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/27 13:34:52, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2009/05/27 13:34:52, 3] smbd/server.c:exit_server_common(768)
Server exit (normal exit)
So I figure something must be wrong with my group definition, but I
haven't found anything. How am I supposed to create groups to use with
Samba? Does there need to be an entry in for Unix? Any help
appreciated
Thanks
--
Matt Burkhardt, M.Sci. Technology Management
m...@imparisystems.com
(301) 682-7901
502 Fairview Avenue
Frederick, MD 21701
http://www.imparisystems.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Liutauras Adomaitis
> user 'mlb' (from session setup) not permitted to access this share
> (Staff)
> [2009/05/27 13:34:52, 3] smbd/error.c:error_packet_set(106)
> error packet at smbd/reply.c(514) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
i guess your user mib is not in group @Staff. What do you get with
commands: smbldap-tools works only with ldap, it doesn't mean system
sees those users.
id mib
getent passwd | grep mib
getent group | grep -i staff
Run "testparm" - it will show some errors you have in your smb.conf file.
Also run testparm command, it will show you some errors in your
smb.conf file you have.
Matt Burkhardt
On Thu, 2009-05-28 at 00:02 +0300, Liutauras Adomaitis wrote:
> > [2009/05/27 13:34:52, 2] smbd/service.c:make_connection_snum(616)
> > user 'mlb' (from session setup) not permitted to access this share
> > (Staff)
> > [2009/05/27 13:34:52, 3] smbd/error.c:error_packet_set(106)
> > error packet at smbd/reply.c(514) cmd=117 (SMBtconX)
> > NT_STATUS_ACCESS_DENIED
>
> i guess your user mib is not in group @Staff. What do you get with
> commands: smbldap-tools works only with ldap, it doesn't mean system
> sees those users.
> id mib
> getent passwd | grep mib
> getent group | grep -i staff
id mlb
uid=1000(mlb) gid=1000(mlb)
groups=1000(mlb),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),33(www-data),44(video),46(plugdev),107(fuse),113(lpadmin),115(admin),116(sambashare),1001(musicshare),1002(printer-admin),1008(subversion),1012(Staff),513(Domain Users),1014(Staff)
getent passwd | grep mlb
mlb:x:1000:1000:Matt Burkhardt,,,:/home/mlb:/bin/bash
mlb:x:1009:544:mlb:/home/mlb:/bin/bash
mlb-laptop$:*:1014:515:Computer:/dev/null:/bin/false
getent group | grep -i Staff
staff:x:50:
Staff:x:1012:alex,mlb
Staff:*:1014:mlb,alex
>
> Run "testparm" - it will show some errors you have in your smb.conf file.
>
>
> Also run testparm command, it will show you some errors in your
> smb.conf file you have.
>
testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[bigdrive]"
Processing section "[Business]"
Processing section "[Editors]"
Processing section "[Members]"
Processing section "[Staff]"
WARNING: The "only user" option is deprecated
Processing section "[tmp]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
--
Matt Burkhardt, M.Sci. Technology Management
m...@imparisystems.com
(301) 682-7901
502 Fairview Avenue
Frederick, MD 21701
http://www.imparisystems.com
--
Liutauras Adomaitis
> On Thu, 2009-05-28 at 23:29 +0300, Liutauras Adomaitis wrote:
> may be your problem. I think you should have only one user mib.
> You should also make sure you have 1 group Staff. Check your "net
> groupmap list" to see how does Staff group maps to windows group.
>
> Liutauras
>
> Those are deleted entries - they don't show up in either the webmin module
> or phpldapadmin. Here's the results from the net groupmap list
>
> Domain Admins (S-1-5-21-3529111891-2609867799-3129462049-512) -> Domain
> Admins
> Domain Users (S-1-5-21-3529111891-2609867799-3129462049-513) -> Domain Users
> Domain Guests (S-1-5-21-3529111891-2609867799-3129462049-514) -> Domain
> Guests
> Domain Computers (S-1-5-21-3529111891-2609867799-3129462049-515) -> Domain
> Computers
> Administrators (S-1-5-32-544) -> Administrators
> Account Operators (S-1-5-32-548) -> Account Operators
> Print Operators (S-1-5-32-550) -> Print Operators
> Backup Operators (S-1-5-32-551) -> Backup Operators
> Replicators (S-1-5-32-552) -> Replicators
> Staff (S-1-5-21-3529111891-2609867799-3129462049-3029) -> Staff
>
Hi,
have you solved your problem? I've been busy a bit.
You groupmap list looks nice, but I still think there is something to
dig arround group membership.
Some more things to check, if you didn't do that already:
- smbldap-groupshow Staff - this should give an idea of gidNumber and
SID of Staff group in ldap
- do you run nscd? I had a lot of problems with it and ldap
authentication. Samba Docs even say, that this is not supported if I
remmeber correctly. nscd could be responsible of showing groups that
are already deleted.
- have tried using other group, like "Domain Users". If it works with
other group then it is problem with your group Staff.
Liutauras
Liutauras Adomaitis
PS
one more thing to do
nss_updatedb ldap group staff - this should refresh group memberships.