I am trying to connect a FreeBSD server running 7.0 Release and Samba 3.0.28a to a
Windows 2003 AD Domain Controller. Has anyone had success with this combo? I have joined
the domain and I can enumerate users, groups, etc..

humpty# getent passwd|wc -l
humpty# wbinfo -u|wc -l
humpty# wbinfo -g|wc -l

humpty# wbinfo -t
checking the trust secret via RPC calls succeeded

humpty# getent group|wc -l

humpty# net ads info
LDAP server: 128.143.xx.xxx
LDAP server name: pdc.mydomain.virginia.edu
LDAP port: 389
Server time: Mon, 30 Jun 2008 11:29:56 EDT
KDC server: 128.143.xx.xxx
Server time offset: 1

When I try to access my home folder on the Samba server I'm prompted for a user
name and password. Even after credentials are supplied the login box reappears
and I get no further. The client log from the machine I'm connecting with has
the following error when I try to access my own home folder:

[2008/06/30 14:14:41, 2] smbd/service.c:make_connection_snum(616)
user 'MYDOMAIN\mrg8n' (from session setup) not permitted to access this share (mrg8n)
[2008/06/30 14:14:41, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED

I've read other posts asking similar questions, but no replies that solved the issue.

smbstatus shows my client machine connected:
Processing section "[homes]"
Processing section "[printers]"

Samba version 3.0.28a
PID Username Group Machine
78698 mrg8n mrg8n 137.54.xxx.xxx (137.54.xxx.xxx)

Service pid machine Connected at
IPC$ 78698 137.54.xxx.xxx Mon Jun 30 11:21:12 2008

No locked files


group: files ldap winbind
hosts: files dns wins
networks: files
passwd: files ldap winbind
shells: files
services: files
protocols: files
rpc: files

My smb.conf:

#======================= Global Settings =====================================

workgroup = MYDOMAIN
server string = HUMPTY
load printers = no
log file = /var/log/samba/log.%m
max log size = 50
log level = 3
syslog = 0

security = ADS
allow trusted domains = yes

idmap config MYDOMAIN:default = yes
idmap config MYDOMAIN:schema_mode = rfc2307
idmap uid = 10000-50000
idmap gid = 10000-50000

winbind use default domain = Yes
template homedir = /home/%D/%U
template shell = /bin/false
name resolve order = wins host bcast

password server = pdc.mydomain.virginia.edu
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
os level = 33
domain master = no
wins server =
dns proxy = no

#============================ Share Definitions ==============================
comment = Home Directory for %U
read only = no
browseable = no
writeable = yes
valid users = %S
create mode = 0664
directory mode = 0770

comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writeable = no
printable = yes

Mike Galvez

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba