LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-23-2006, 06:44 AM   #1
hamhey
LQ Newbie
 
Registered: May 2006
Posts: 4

Rep: Reputation: 0
XP Access Denied - samba PDC


Dear supporter,
I have been configuring for a small network as PDC. Evering seems to just fine except joining the domain and get Access Denied from the client and the same in the error message in the logs. The clients are XP sp2.
Appretiate any kind of hep and comment.

Regards
Heydarzadeh

The smb.conf file sample is according to the following:
------------------------------------------------------
# /etc/samba/smb.conf

[global]
;basic server settings
workgroup = tehran-tvto.ir
;workgroup = tehran-tvto
netbios name = smbhome
server string = Tehran TVTO Samba PDC %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192

;PDC and master browser settings
os level = 65
preferred master = yes
local master = yes
domain master = yes
dns proxy = no
wins support = yes
domain logons = yes
domain admin group = @root
domain admin users = root
admin users = root
;add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
;add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false %m
; Added for access denied by ordinary user
;enable privileges = yes

;security and logging settings
security = user
valid users = %u
encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 3
max log size = 5000
hosts allow = 127.0.0.1 172.16.100.0/255.255.255.0

;user profiles and home directory
logon home = \\%L\%U\
logon drive = Z:
logon path = \\%L\profiles\%U

[homes]
comment = TVTO Home Directories
browseable = no
writeable = yes
;valid users = heydarzadeh, smbuser

[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700

[netlogon]
comment = TVTO Network Logon Service
path = /home/netlogon
valid users = root @netuser
read only = yes
browseable = yes


------------------------------------------------------

The error message of samba is the folowing:
------------------------------------------------------[2006/05/23 11:49:47, 3] smbd/sec_ctx.cush_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/05/23 11:49:47, 3] smbd/uid.cush_conn_ctx(287)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/05/23 11:49:47, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/05/23 11:49:47, 3] smbd/sec_ctx.cop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/05/23 11:49:47, 2] auth/auth.c:check_ntlm_password(302)
check_ntlm_password: authentication for user [smbuser] -> [smbuser] -> [smbuser] succeeded
[2006/05/23 11:49:47, 3] smbd/password.c:register_vuid(207)
User name: smbuser Real name:
[2006/05/23 11:49:47, 3] smbd/password.c:register_vuid(225)
UNIX uid 502 is UNIX user smbuser, and will be vuid 100
[2006/05/23 11:49:47, 3] smbd/password.c:register_vuid(241)
Adding/updating homes service for user 'smbuser' using home directory: '/home/smbuser'
[2006/05/23 11:49:47, 3] param/loadparm.c:lp_add_home(2321)
adding home's share [smbuser] for user 'smbuser' at '/home/smbuser'
[2006/05/23 11:49:47, 3] smbd/process.crocess_smb(890)
Transaction 3 of length 84
[2006/05/23 11:49:47, 3] smbd/process.c:switch_message(685)
switch message SMBtconX (pid 7624)
[2006/05/23 11:49:47, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/05/23 11:49:47, 3] lib/access.c:check_access(313)
check_access: no hostnames in host allow/deny list.
[2006/05/23 11:49:47, 2] lib/access.c:check_access(324)
Allowed connection from (172.16.100.141)
[2006/05/23 11:49:47, 2] smbd/service.c:make_connection_snum(384)
user 'smbuser' (from session setup) not permitted to access this share (IPC$)
[2006/05/23 11:49:47, 3] smbd/error.c:error_packet(113)
error packet at smbd/reply.c(274) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2006/05/23 11:49:47, 3] smbd/process.crocess_smb(890)
Transaction 4 of length 43
[2006/05/23 11:49:47, 3] smbd/process.c:switch_message(685)
switch message SMBulogoffX (pid 7624)
[2006/05/23 11:49:47, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/05/23 11:49:47, 3] smbd/reply.c:reply_ulogoffX(1055)
ulogoffX vuid=100
[2006/05/23 11:49:47, 3] smbd/server.c:exit_server(601)
Server exit (normal exit)
[2006/05/23 11:49:47, 3] smbd/process.c:timeout_processing(1099)
timeout_processing: End of file from client (client has disconnected).
[2006/05/23 11:49:47, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/05/23 11:49:47, 2] smbd/server.c:exit_server(558)
Closing connections
[2006/05/23 11:49:47, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2006/05/23 11:49:47, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does not exist.
[2006/05/23 11:49:47, 3] smbd/server.c:exit_server(601)


-------------------------------------------------
 
Old 05-23-2006, 06:57 AM   #2
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
what is this? OMG. i never seen things like this. see if your iptables is running and allows smb connections.

Last edited by prozac; 05-23-2006 at 06:59 AM.
 
Old 05-23-2006, 07:36 AM   #3
hamhey
LQ Newbie
 
Registered: May 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by prozac
what is this? OMG. i never seen things like this. see if your iptables is running and allows smb connections.

-----------------------------------------
Here is the output of iptables. It seems to me be without any rule to prevent access to PDC.

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I just tried with
log level = 3
to see what was wrong and saw the ACCESS DENIED in the log.

Hamid
 
Old 05-23-2006, 07:49 AM   #4
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
stop iptables all together and try again. i don't know what else to say. if that doesn't works out try with a fresh smb.conf and and see if you can access your home directories with iptables off.
 
Old 05-23-2006, 07:59 AM   #5
hamhey
LQ Newbie
 
Registered: May 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by prozac
stop iptables all together and try again. i don't know what else to say. if that doesn't works out try with a fresh smb.conf and and see if you can access your home directories with iptables off.


As I mentioned there is nothing wrong with the iptables that prevents the PDC to responed to logon.
All the sharing is functiong well execpt the logon to the PDC is Access Denied.

Hamid
 
Old 05-23-2006, 08:11 AM   #6
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
maybe u forgot to add samba user. stay with the problem for a while and you will know whats causing it.
 
Old 05-23-2006, 08:38 AM   #7
hamhey
LQ Newbie
 
Registered: May 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by prozac
maybe u forgot to add samba user. stay with the problem for a while and you will know whats causing it.
I have added 2 users and 2 machine users to respectively groups. The machine nameds prefixed with $ and has been added to the smbpasswd file all the names.

Hamid
 
Old 05-24-2006, 12:35 AM   #8
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
its amazing how complicated it can get! samba has been the easiest thing i have ever done and the sambaHowto's are perfect for any thing more you may need. here's basically what i do.
upack and install samba-client, samba-common and samba.
edit smb.conf file for workgroup, server string, hosts allow and configure share
Quote:
[myShare@home]
comment = myShare@home
path = /home/john
valid users = john
public = yes
writable = no
printable = no
create mask = 0765

:wq
add samba user
Quote:
smbpasswd -a john
passwd:
then add some entries in my firewall to allow smb connections
Quote:
iptables -A INPUT -p tcp -s $LAN -d $JOHN --dport 137:139 -j ACCEPT
iptables -A INPUT -p tcp -s $LAN -d $JOHN --dport 445 -j ACCEPT
iptables -A INPUT -p udp -s $LAN -d $JOHN --dport 137:139 -j ACCEPT
iptables -A INPUT -p udp -s $LAN -d $JOHN --dport 445 -j ACCEPT
and thats it. it never ever gave me any problems. I can only suggest you start from the scratch and do the whole thing again. I honestly don't know the problem. For some minor problems i do netstat -n on the windows machine and watch for syn_sent, syn_ack etc to see what side the problem really is. if you get only syn_sent your win machine is making request but the linux machine is denying it and sending nothing back to the win machine. that way you can diagnose problems and do things to correct them.

my advice is don't get irritated, stay cool and do it again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba PDC - XP client, Access is denied tstephens Linux - Networking 6 10-04-2007 01:59 AM
Problems with Samba as a PDC; non-root logins denied Mr.47 Linux - Networking 0 07-11-2004 02:18 PM
Win98 to Samba PDC write-access issue NetAX Linux - Networking 3 05-08-2004 11:42 PM
access is denied : samba PDC, win2k client dkodegwc Linux - Networking 6 12-14-2002 12:02 PM
samba PDC - user level access ilumin8d Linux - Networking 0 08-19-2001 04:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration