cmaohio
asked on
Samba/winbind access through UNC share from windows machine: Getting "access denied"
I'm running windows 7 and it must be that because a windows XP machine next to me is working just fine... keep that in mind when reading below.
I had this server working for months now but suddenly it's not working. The only thing I can think of is the machine was placed in the DMZ. However, I seem to remember this happening earlier. We also changed our IP schema a while ago so the two computers are on separate subnets now. I don't know if that has anything to do with it.
I tried opening up the DMZ temporarily to allow everything humanly possible between the two networks and it still doesn't work.
I'm simply trying to get to the server using the unc: \\servername\websites
if I purposefully give a bad user/password I get the proper "username/password doesn't match." or whatever. Â but if I use the correct one, I get "access denied" so I know authentication is working fine. I also have double-checked all the permissions and the user should have permissions. Here's the relevant sections:
Here is my smb.conf, et all.
I had this server working for months now but suddenly it's not working. The only thing I can think of is the machine was placed in the DMZ. However, I seem to remember this happening earlier. We also changed our IP schema a while ago so the two computers are on separate subnets now. I don't know if that has anything to do with it.
I tried opening up the DMZ temporarily to allow everything humanly possible between the two networks and it still doesn't work.
I'm simply trying to get to the server using the unc: \\servername\websites
if I purposefully give a bad user/password I get the proper "username/password doesn't match." or whatever. Â but if I use the correct one, I get "access denied" so I know authentication is working fine. I also have double-checked all the permissions and the user should have permissions. Here's the relevant sections:
Here is my smb.conf, et all.
SMB.CONF file:
[global]
workgroup = MYDOMAIN
server string = linux box
security = ads
load printers = no
log file = /var/log/samba/%m.log
max log size = 50
password server = *
realm = MYDOMAIN.COM
passdb backend = tdbsam
interfaces = 10.0.13.11
local master = no
preferred master = no
wins server = 10.0.0.10 10.0.0.11
dns proxy = no
idmap uid = 600-20000
idmap gid = 600-20000
inherit acls = yes
encrypt passwords = yes
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
winbind nested groups = Yes
template shell = /bin/bash
winbind separator = +
#============================ Share Definitions ==============================
[websites]
comment = Websites
path = /var/www
valid users = @"MYDOMAIN+Information Technology Department"
writable = yes
browsable = yes
Permissions on directories:
var:
drwxr-xr-x 26 hostmaster root 4096 Aug 5 2008 var
www:
drwxrwxr-x 15 hostmaster information technology department 4096 Aug 31 14:50 www
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try two things: First, use the ip instead of the name. There are incompatibilites between vista/W7 and samba shares when using the name.
If that does not work out, set the following local group policy for a test: open secpol.msc and go to loc. pol. - security options - netw. security - Lan manager authentication level and set it to the value that xp is using.