Package: samba Version: 3.0.24-6etch4 Followup-For: Bug #427986 Hello,
I've think I have also been bitten by this bug. Trying to authenticate from a Windows 2000 client to a share protected by "valid users" fails. The following error is generated in the log: --- [2007/06/23 00:18:26, 0] smbd/service.c:make_connection_snum(782) make_connection: connection to IPC$ denied due to security descriptor. --- I think I used to get these messages before (there are lots of them in the logs dating back weeks) but after security upgrading the samba package a few days ago authentication fails (it worked last week). Using smbclient from the samba server works fine, but not from the Windows box. Needless to say, not being able to use "valid users" is rather sucky. :-( Any ideas on a fix? Thanks, George. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (600, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages samba depends on: ii debconf 1.5.11 Debian configuration management sy ii libacl1 2.2.41-1 Access control list shared library ii libattr1 2.4.32-1 Extended attribute shared library ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library ii libcupsy 1.2.7-4 Common UNIX Printing System(tm) - ii libgnutl 1.4.4-3 the GNU TLS library - runtime libr ii libkrb53 1.4.4-7etch1 MIT Kerberos runtime libraries ii libldap2 2.1.30-13.3 OpenLDAP libraries ii libpam-m 0.79-4 Pluggable Authentication Modules f ii libpam-r 0.79-4 Runtime support for the PAM librar ii libpam0g 0.79-4 Pluggable Authentication Modules l ii libpopt0 1.10-3 lib for parsing cmdline parameters ii logrotat 3.7.1-3 Log rotation utility ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii netbase 4.29 Basic TCP/IP networking system ii procps 1:3.2.7-3 /proc file system utilities ii samba-co 3.0.24-6etch4 Samba common files used by both th ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages samba recommends: pn smbldap-tools <none> (no description available) -- debconf information: samba/nmbd_from_inetd: * samba/run_mode: daemons samba/log_files_moved: samba/tdbsam: false * samba/generate_smbpasswd: true
#======================= Global Settings ======================= [global] workgroup = SDC server string = %h server (Samba %v) dns proxy = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 display charset = UTF-8 unix charset = UTF-8 #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ####### Authentication ####### security = user # security = share force group = +smbusers encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes guest account = smbguest map to guest = Bad Password invalid users = root null passwords = true ; unix password sync = no ; passwd program = /usr/bin/passwd %u ; passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ########## Printing ########## # If you want to automatically load your printer list rather # than setting them up individually then you'll need this ; load printers = yes # lpr(ng) printing. You may wish to override the location of the # printcap file ; printing = bsd ; printcap name = /etc/printcap # CUPS printing. See also the cupsaddsmb(8) manpage in the # cupsys-client package. ; printing = cups ; printcap name = cups # When using [print$], root is implicitly a 'printer admin', but you can # also give this right to other users to add drivers and set printer # properties ; printer admin = @ntadmin ######## File sharing ######## # Name mangling options ; preserve case = yes ; short preserve case = yes #======================= Share Definitions ======================= [home] path = /home/boris/stuff read only = no guest ok = no valid users = boris follow symlinks = yes [alex] path = /home/alex read only = no guest ok = no valid users = alex [write] comment = Folder with R/W access path = /home/boris/samba/write read only = no guest ok = yes create mask = 0666 force create mode = 0666 directory mask = 0777 force directory mode = 0777 [www] comment = Web Root R/W path = /var/www read only = no create mask = 0666 force create mode = 0666 directory mask = 0777 force directory mode = 0777 [anime] comment = Anime Store (RO access) path = /home/boris/samba/anime_store read only = yes guest ok = yes # Un-comment the following and create the netlogon directory for Domain Logons # (you need to configure Samba to act as a domain controller too.) ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 # Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no # Uncomment to allow remote administration of Windows print drivers. # Replace 'ntadmin' with the name of the group your admin users are # members of. ; write list = root, @ntadmin write list = root # A sample share for sharing your CD-ROM with others. ;[cdrom] ; comment = Samba server's CD-ROM ; writable = no ; locking = no ; path = /cdrom ; public = yes # The next two parameters show how to auto-mount a CD-ROM when the # cdrom share is accesed. For this to work /etc/fstab must contain # an entry like this: # # /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0 # # The CD-ROM gets unmounted automatically after the connection to the # # If you don't want to use auto-mounting/unmounting make sure the CD # is mounted on /cdrom # ; preexec = /bin/mount /cdrom ; postexec = /bin/umount /cdrom
