• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 867
  • Last Modified:

Samba/winbind access through UNC share from windows machine: Getting "access denied"

I'm running windows 7 and it must be that because a windows XP machine next to me is working just fine... keep that in mind when reading below.

I had this server working for months now but suddenly it's not working. The only thing I can think of is the machine was placed in the DMZ. However, I seem to remember this happening earlier. We also changed our IP schema a while ago so the two computers are on separate subnets now. I don't know if that has anything to do with it.

I tried opening up the DMZ temporarily to allow everything humanly possible between the two networks and it still doesn't work.

I'm simply trying to get to the server using the unc: \\servername\websites

if I purposefully give a bad user/password I get the proper "username/password doesn't match." or whatever.  but if I use the correct one, I get "access denied" so I know authentication is working fine. I also have double-checked all the permissions and the user should have permissions. Here's the relevant sections:

Here is my smb.conf, et all.
SMB.CONF file:

   workgroup = MYDOMAIN
   server string = linux box
   security = ads
   load printers = no
   log file = /var/log/samba/%m.log
   max log size = 50
   password server = *
   realm = MYDOMAIN.COM
   passdb backend = tdbsam
   interfaces =
   local master = no
   preferred master = no
   wins server =
   dns proxy = no

   idmap uid = 600-20000
   idmap gid = 600-20000
   inherit acls = yes
   encrypt passwords = yes
   winbind use default domain = Yes
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind nss info = rfc2307
   winbind nested groups = Yes
   template shell = /bin/bash
   winbind separator = +

#============================ Share Definitions ==============================

comment = Websites
path = /var/www
valid users = @"MYDOMAIN+Information Technology Department"
writable = yes
browsable = yes

Permissions on directories:
drwxr-xr-x  26 hostmaster root  4096 Aug  5  2008 var
drwxrwxr-x 15 hostmaster information technology department 4096 Aug 31 14:50 www

Open in new window

1 Solution
Try two things: First, use the ip instead of the name. There are incompatibilites between vista/W7 and samba shares when using the name.
If that does not work out, set the following local group policy for a test: open secpol.msc and go to loc. pol. - security options - netw. security - Lan manager authentication level and set it to the value that xp is using.
cmaohioSenior Systems ManagerAuthor Commented:
Well, it turns out I was running version 3.0.24 of Samba and I needed to be running 3.4 or higher. I compiled Samba to 3.4.3 and it appears to be working. My only beef is previously, on the server itself, it recognized the users without needing to add the domain+user but now I need the domain+user to login on the server itself. Oh well.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now