SOLVED: Samba 3.0.0 Access Blues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 23, 2003 at 11:35:53AM -0700, Charles Curley wrote:
> I am taking a Samba setup essentialy unchanged from Samba on Red Hat 8
> (samba-2.2.7-5.8.0) to Fedora Core 1 (samba-3.0.0-15). I can use
> smbclient to access anonymous shares (i.e. those not requiring a
> password). I cannot use smbclient to access my home
> directory. Security is the default, user, and passwords are to be
> encrypted.
> 
> If I give the correct password, I see:
> 
> [ccurley@charlesc chamber]$ smbclient \\\\charlesc\\ccurley
> Password:
> tree connect failed: NT_STATUS_ACCESS_DENIED
> 
> If I give a known bogus password, I see:
> 
> [ccurley@charlesc chamber]$ smbclient \\\\charlesc\\ccurley
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> So I believe my passwords are being correctly encrypted, etc. and that
> something after password authentication is failing. Permissions on
> /home/ccurley allow others to read and search /home/ccurley.
> 
> None the less, I can't log on. Why am I seeing
> "NT_STATUS_ACCESS_DENIED"?

I finally found the problem. I had "valid users = %S" in the
configuration file, apparently figuring that Samba would expand the
%S. It does not. I changed it to "valid users = ccurley" and it
worked.

You normally do not need "valid users" if your permissions are st up
to disallow user X from reading user Y's home directory, but I decided
to use this to prevent logging in on some pseudo users that reside
below /home.

So let this be a warning: not all % string variables are expanded!
While "server string = %h's Samba server" will expand the %h to the
host name, %S is a genric string substitution where you are the
preprocessor.



> 
> 
> -- 
> 
> Charles Curley                  /"\    ASCII Ribbon Campaign
> Looking for fine software       \ /    Respect for open standards
> and/or writing?                  X     No HTML/RTF in email
> http://www.charlescurley.com    / \    No M$ Word docs in email
> 
> Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB



-- 

Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email
http://www.charlescurley.com    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB

Attachment: pgpWe5Okp0rYm.pgp
Description: PGP signature

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux