Can not connect to share for a particular user.

Hello

I currently run a few samba servers one being used as a PDC.

Today I added a user to the domain and for some reason I can not get
it to connect to any of the shares but "home" on the file server.

% smbclient -U gregi //server3/public
Password:
Domain=[HYDRIX-MALVERN] OS=[Unix] Server=[Samba 3.0.28]
tree connect failed: NT_STATUS_ACCESS_DENIED

However I can connect with :
$ smbclient -U gregi //server3/gregi
Password:
Domain=[HYDRIX-MALVERN] OS=[Unix] Server=[Samba 3.0.28]
smb: \>

In the smb log file, I would see
  make_connection: connection to public denied due to security descriptor.

when it successfully connects I see:
  aragorn (192.168.0.94) connect to service gregi initially as user
gregi (uid=1084, gid=1084) (pid 88931)

The share entry in smb.conf is:
[public]
        comment = "Public folder"
        path = /data/home/public
        browseable = Yes
        writable = Yes
        force create mode = 0777
        force directory mode = 0777
        force group = public

I'm at loss... Why would it connect for one share but not the other.

A quick google for "connection to public denied due to security descriptor."
mentioned some people deleting the .tdb file and restarting samba
which I did, to no available.

This user has been created the same way as all the other users on the PDC:
smbpasswd -a gregi
and then I enter the password

Any help would be greatly appreciated. it's driving me nuts !

Thanks in advance
Jean-Yves
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Hi again

2008/6/5 Jean-Yves Avenard <jyavenard@...>:
> In the smb log file, I would see
>  make_connection: connection to public denied due to security descriptor.

A thread bump...

No one has ever faced this issue? any solutions by any chance?

Thanks
JY
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Sat, Jun 07, 2008 at 12:48:44AM +1000, Jean-Yves Avenard wrote:
> 2008/6/5 Jean-Yves Avenard <jyavenard@...>:
> > In the smb log file, I would see
> >  make_connection: connection to public denied due to security descriptor.
>
> A thread bump...
>
> No one has ever faced this issue? any solutions by any chance?

Did you set access controls with the Windows server manager?
If not, and the settings in your smb.conf are everything you
need to control access to your shares, then you might want
to delete share_info.tdb.

Volker


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Hi

Thanks for your help

2008/6/7 Volker Lendecke <Volker.Lendecke@...>:
> Did you set access controls with the Windows server manager?
no, I don't even know what that is

> If not, and the settings in your smb.conf are everything you
> need to control access to your shares, then you might want
> to delete share_info.tdb.
I already did ...
didn't help :(

Jean-Yves
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Sat, Jun 07, 2008 at 06:42:12AM +1000, Jean-Yves Avenard wrote:
> 2008/6/7 Volker Lendecke <Volker.Lendecke@...>:
> > Did you set access controls with the Windows server manager?
> no, I don't even know what that is
>
> > If not, and the settings in your smb.conf are everything you
> > need to control access to your shares, then you might want
> > to delete share_info.tdb.
> I already did ...
> didn't help :(

This message "denied by security descriptor" is 100% that
something is in your share_info.tdb. If deleting that did
not help, I'm lost.

Sorry,

Volker


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Hi

2008/6/7 Volker Lendecke <Volker.Lendecke@...>:
> This message "denied by security descriptor" is 100% that
> something is in your share_info.tdb. If deleting that did
> not help, I'm lost.

Would that be the share_info.tdb on the PDC or on the machine sharing
that drive?

Jean-Yves
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Sat, Jun 07, 2008 at 04:19:08PM +1000, Jean-Yves Avenard wrote:
> 2008/6/7 Volker Lendecke <Volker.Lendecke@...>:
> > This message "denied by security descriptor" is 100% that
> > something is in your share_info.tdb. If deleting that did
> > not help, I'm lost.
>
> Would that be the share_info.tdb on the PDC or on the machine sharing
> that drive?

It is the share_info.tdb on the file server that denies
access.

Volker


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Mon, Jul 21, 2008 at 12:27:42PM +1000, Jean-Yves Avenard wrote: Can you send the share_info.tdb?

Volker


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Thu, Jun 5, 2008 at 11:46 AM, Jean-Yves Avenard <jyavenard@...> wrote:
Try to remove:

        force group = public

in smb.conf and then restart samba (/etc/init.d/samba restart). After
that try to access again using gregi username, see wehter or not this
help.

DK
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Hi

2008/7/21 David Kuntadi <d.kuntadi@...>:
>>  make_connection: connection to public denied due to security descriptor.
>>
>> when it successfully connects I see:
>>  aragorn (192.168.0.94) connect to service gregi initially as user
>> gregi (uid=1084, gid=1084) (pid 88931)

Well, I solved this problem in the most peculiar manner...

I created a user on the samba server sharing the drive (not the PDC),
tried to connect: it gave me an error and I had to re-join the domain.

Since everything works well...

No idea what happened
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba