[Freeipa-users] (no subject)
William Muriithi
william.muriithi at gmail.com
Tue Jan 17 16:04:31 UTC 2017
Hello,
I have been attempting to setup samba server on RHEL 7 and I haven't
had luck so far. I am hoping to get some guidance on what I could be
missing. I am using the link below as a guide.
http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
My setup is made up of two IPA version 4.4 (Master master) with a
trust relationship to Windows AD. Samba is running on a separate
system (RHEL7.3) and fully to date. Windows domain would be
ad.example.com and ipa domain is eng.example.com
Below is my samba config at present. There is an ad group called eng
that is mapped to an external group called eng_external on ipa.
eng_external is a member of ipausers group
[global]
workgroup = ENG
realm = ENG.EXAMPLE.COM
dedicated keytab file = FILE:/etc/samba/samba.keytab
kerberos method = dedicated keytab
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
log level = 5
max log size = 50
security = ads
passdb backend = tdbsam
strict locking = no
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[homes]
comment = Home Directories
path = /home
browseable = yes
writable = yes
valid users = @ipausers
[projects]
comment = Projects
path = /projects
browseable = yes
writable = yes
valid users = @ipausers
After restarting samba, an attempt to connect to samba from Windows
result in the following samba logs? Do you notice any problem from the
information that I have shared please?
Would appreciate any pointer at this point
[2017/01/17 10:17:55.905941, 5]
../source3/auth/token_util.c:639(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2017/01/17 10:17:55.905980, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/01/17 10:17:55.906751, 5]
../source3/smbd/share_access.c:120(token_contains_name)
lookup_name ipausers failed
[2017/01/17 10:17:55.906789, 2]
../source3/smbd/service.c:427(create_connection_session_info)
user 'william at ad.example.com' (from session setup) not permitted to
access this share (william at ad.example.com)
[2017/01/17 10:17:55.906818, 1]
../source3/smbd/service.c:560(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2017/01/17 10:17:55.906838, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:17:55.906871, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:17:55.906895, 3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:135
[2017/01/17 10:18:02.815184, 4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/01/17 10:18:02.815224, 5]
../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2017/01/17 10:18:02.815242, 5]
../source3/auth/token_util.c:639(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2017/01/17 10:18:02.815270, 5]
../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2017/01/17 10:18:02.815304, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:18:02.815347, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:18:02.815375, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from 192.168.15.41 (192.168.15.41)
[2017/01/17 10:18:02.815402, 3]
../libcli/security/dom_sid.c:209(dom_sid_parse_endp)
string_to_sid: SID @ipausers is not in a valid format
[2017/01/17 10:18:02.815421, 5]
../source3/auth/user_util.c:151(user_in_netgroup)
looking for user william at ad.example.com of domain eng.example.com in
netgroup ipausers
[2017/01/17 10:18:02.815774, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/01/17 10:18:02.815814, 4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/01/17 10:18:02.815835, 4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/01/17 10:18:02.815852, 5]
../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2017/01/17 10:18:02.815868, 5]
../source3/auth/token_util.c:639(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2017/01/17 10:18:02.815910, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/01/17 10:18:02.823518, 5]
../source3/smbd/share_access.c:120(token_contains_name)
lookup_name ipausers failed
[2017/01/17 10:18:02.823553, 2]
../source3/smbd/service.c:427(create_connection_session_info)
user 'william at ad.example.com' (from session setup) not permitted to
access this share (william at ad.example.com)
[2017/01/17 10:18:02.823577, 1]
../source3/smbd/service.c:560(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2017/01/17 10:18:02.823597, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:18:02.823629, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:18:02.823654, 3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:135
Regards,
William
More information about the Freeipa-users
mailing list