Samba/winbind access through UNC share from windows machine: Getting "access denied"

Posted on 2009-12-18
Last Modified: 2013-12-02
I'm running windows 7 and it must be that because a windows XP machine next to me is working just fine... keep that in mind when reading below.

I had this server working for months now but suddenly it's not working. The only thing I can think of is the machine was placed in the DMZ. However, I seem to remember this happening earlier. We also changed our IP schema a while ago so the two computers are on separate subnets now. I don't know if that has anything to do with it.

I tried opening up the DMZ temporarily to allow everything humanly possible between the two networks and it still doesn't work.

I'm simply trying to get to the server using the unc: \\servername\websites

if I purposefully give a bad user/password I get the proper "username/password doesn't match." or whatever.  but if I use the correct one, I get "access denied" so I know authentication is working fine. I also have double-checked all the permissions and the user should have permissions. Here's the relevant sections:

Here is my smb.conf, et all.
SMB.CONF file:


   workgroup = MYDOMAIN

   server string = linux box

   security = ads

   load printers = no

   log file = /var/log/samba/%m.log

   max log size = 50

   password server = *

   realm = MYDOMAIN.COM

   passdb backend = tdbsam

   interfaces =

   local master = no

   preferred master = no

   wins server =

   dns proxy = no

   idmap uid = 600-20000

   idmap gid = 600-20000

   inherit acls = yes

   encrypt passwords = yes

   winbind use default domain = Yes

   winbind enum users = Yes

   winbind enum groups = Yes

   winbind nss info = rfc2307

   winbind nested groups = Yes

   template shell = /bin/bash

   winbind separator = +

#============================ Share Definitions ==============================


comment = Websites

path = /var/www

valid users = @"MYDOMAIN+Information Technology Department"

writable = yes

browsable = yes

Permissions on directories:


drwxr-xr-x  26 hostmaster root  4096 Aug  5  2008 var


drwxrwxr-x 15 hostmaster information technology department 4096 Aug 31 14:50 www

Open in new window

Question by:cmaohio
    LVL 52

    Expert Comment

    Try two things: First, use the ip instead of the name. There are incompatibilites between vista/W7 and samba shares when using the name.
    If that does not work out, set the following local group policy for a test: open secpol.msc and go to loc. pol. - security options - netw. security - Lan manager authentication level and set it to the value that xp is using.
    LVL 5

    Accepted Solution

    Well, it turns out I was running version 3.0.24 of Samba and I needed to be running 3.4 or higher. I compiled Samba to 3.4.3 and it appears to be working. My only beef is previously, on the server itself, it recognized the users without needing to add the domain+user but now I need the domain+user to login on the server itself. Oh well.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
    Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
    In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now