Hello all,
Since a few days now, it's very difficult to access my flexshares from Windows computers.
I can connect to my server and it displays my flexshares but as sonn as I'd like to connect to a flexshare that is restricted to a group, I receive the information 'Connection refused'. for the flexshares which are open to 'allusers', no problems.
I had a look to the files directly and the owner of the folderas are 'flexshare'.
I tried restaring my samba, winbind services but still the same error. finally I tried to access my folders using different accounts and different groups but nothing succeed ..
Any idea on what I could try ?
Thanks to all for your help
PS : The only changed I saw is the Let's Encrypt certificate which has been renewed 2 weeks ago .. could it be the reason ?
Arnaud
Since a few days now, it's very difficult to access my flexshares from Windows computers.
I can connect to my server and it displays my flexshares but as sonn as I'd like to connect to a flexshare that is restricted to a group, I receive the information 'Connection refused'. for the flexshares which are open to 'allusers', no problems.
I had a look to the files directly and the owner of the folderas are 'flexshare'.
I tried restaring my samba, winbind services but still the same error. finally I tried to access my folders using different accounts and different groups but nothing succeed ..
Any idea on what I could try ?
Thanks to all for your help
PS : The only changed I saw is the Let's Encrypt certificate which has been renewed 2 weeks ago .. could it be the reason ?
Arnaud
Share this post:
Responses (16)
-
Accepted Answer
I made a new test by adding the user into the flexshare.conf file :
My user 'haueterm' belongs to the group 'administration' but had no access to my flexshare :
[2020/11/02 11:22:05.578694, 1] ../../source3/smbd/service.c:359(create_connection_session_info)
create_connection_session_info: user 'haueterm' (from session setup) not permitted to access this share (admin)
So I modified my flexshare.conf file and added directly the username in the following line :
valid users = @"%D\administration", @"administration", "haueterm"
Now it works. It seems that I can't give access to the group anymore but can to spectific user.... so maybe there's a problem linking the group members and the flexshare ?
any idea is welcomed.... -
Accepted Answer
This one puzzles me and I may have seen it before but not on my system. The suspicion was a clash between users added by a third party package colliding with machine RIDs and is not something I understand.
Do you have anyone in /etc/passwd or /etc/group >= 1000
Are you using a domain on that server?
Rather than adding to the string, can you try simplifying it. Quotes should only be needed if there is a space in the group name, so you can remove them. Can you try %D\administration and administration on their own? -
Accepted Answer
Hello Nick and thanks for your message.
the higher h've in etc/passwd is 999 : clearsync:x:999:998:ClearSync:/usr/sbin/clearsyncd:/bin/false
and in etc/group is 998 :clearsync:x:998:
Interseting is that both files have been modified on october 21 ...
I'm going to make a try with %D\administration and administration on their own
thanks Nick -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
This is sounding more and more like the other system I've seen.
At a guess, you get, when using group permissions:
And:[root@server ~]# smbclient //localhost/your_flexshare -c 'ls' -U your_domain/haueterm
Enter your_domain\haueterm's password:
tree connect failed: NT_STATUS_ACCESS_DENIED
fails but:wbinfo --group-info='administration'
works.wbinfo --group-info='allusers' -
Accepted Answer
Hello Nick,
Thanks for your help. Yes, this exactly the same behaviour you wrote :
[root@srv-cos ~]# smbclient //localhost/admin -c 'ls' -U emsp/haueterm
Enter EMSP\haueterm's password:
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@srv-cos ~]# wbinfo --group-info='administration'
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group administration
[root@srv-cos ~]# wbinfo --group-info='allusers'
allusers:x:63000:email-archive,varrind,forstera,flexshare,testuser,ecole,jeannerett,anoukg,guest,morettis,varrinp,gossing,cornuf,niam,haueterm
Did an update create this problem ? -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Hello Nick,
I've now another system with that problem ...
I made some tests and it seems that this happens on computers connected to the NT4 domain. I tried to connect to a flexshare with my personnal computer : a username / password has been requested and I could open my flexshare. With a computer connected to the domain and the same account ; I coudln't open my flexshare ...
Still making some tests ...
Thanks for your help -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »