Prev: [Samba] Updrading samba
Next: [Samba] Forests, Domain Trusts, idmap (an idea for S4)
From: Mike Leone on 1 May 2010 19:30
I have an Active Directory 2003 domain, named DACRIB. This domain has
Windows members, and 2 Samba servers as members.

From one Samba server (DUAL-BOOTER), I can mount shares from the Windows
clients on the domain. But I can not mount shares from the other Samba
server; I always get "Permission denied".

$ sudo mount -t cifs //workhorse/OldHome /mnt/OldHome -o
username=DACRIB+turgon --verbose
Password:

mount.cifs kernel mount options:
unc=//workhorse\OldHome,ver=1,rw,username=DACRIB+turgon,ip=10.0.0.20,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

The user DACRIB+turgon is a Domain Admin, and is the account set as the
owner of the share on the Samba server "workhorse". Using the same
command and DACRIB+turgon account, I can mount shares from a WinXP machine.

I'm not sure where to go here. I can't seem to figure out why I can't
mount shares from workhorse. Windows clients *can* access the shares
from workhorse; I just can't access them the other . The smb.conf for
the 2 Samba servers are (virtually) identical.

workhorse:

[global]
workgroup = DACRIB
realm = DACRIB.LOCAL
server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
security = ADS
auth methods = winbind
map to guest = Bad User
password server = dim-win2300.DaCrib.local
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
client NTLMv2 auth = Yes
log level = 2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
server signing = auto
os level = 2
local master = No
domain master = No
dns proxy = No
eventlog list = Application, System, Security, SyslogLinux
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
idmap config DACRIB:schema_mode = rfc2307
idmap config DACRIB: default = true
invalid users = root
read only = No
create mask = 0700
directory mask = 0775
hide dot files = No
wide links = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
browsable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers

[OldHome]
comment = The Old Home Folder
path = /OldHome


Dual-Booter:
[global]
workgroup = DACRIB
realm = DACRIB.LOCAL
server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
security = ADS
auth methods = winbind
map to guest = Bad User
obey pam restrictions = Yes
password server = dim-win2300.DaCrib.local
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
client NTLMv2 auth = Yes
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 2
local master = No
domain master = No
dns proxy = No
eventlog list = Application, System, Security, SyslogLinux
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
idmap config DACRIB:schema_mode = rfc2307
idmap config DACRIB: default = true
hide dot files = No


Any clues?

Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: [Samba] Updrading samba
Next: [Samba] Forests, Domain Trusts, idmap (an idea for S4)