SMBmount conspiracy
Kozakoff,Stephen J
kozaksj at ufl.edu
Wed Jul 25 13:20:41 UTC 2007
I have the same setup - win2k3/RHEL ES4
My local security policy settings are like this:
In Local Security Settings navigate to:
Local Policies >> Local Policies >> Security Options
Microsoft network client - digitally sign communications (always) -
DISABLED
Microsoft network client - digitally sign communications (if server
agrees) - ENABLED
Microsoft network server - digitally sign communications (always) -
DISABLED
Microsoft network server - digitally sign communications (if server
agrees) - DISABLED
Also, check the permissions for the user you are using to logon. Make
sure the user is not directly or indirectly (through group membership)
being "denied" read access to the files. Deny permissions take precedent
over all other permissions in Windows.
Turn on Auditing:
In Local Security Settings navigate to:
Local Policies >> Audit Policy
Set Audit Object Access == Failure
Next turn on auditing of Read events on the folder you are accessing.
Now you can check the Security event log to see if you can gleen why
access is being denied.
HTH.
-Steve
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Darrel Barton
Sent: Wednesday, July 25, 2007 12:11 AM
To: redhat-list at redhat.com
Subject: SMBmount conspiracy
I have aquariums, both freshwater and marine, so I do a lot of water
tests. These are the tests where you fill a vial of the water, put in
some
drops and wait for the solution to turn a certain color ... then you
match
the color against a chart. Part of our hobby is the running complaint
that we get these BEAUTIFUL colors in the vial .... perfect in EVERY way
..... except they bear no relation or resemblance to the colors on the
chart. I personally know 15 people that have ALL noticed the same
thing,
with the same kit ... yet somehow the manufacturer claims that they've
never, ever, EVER heard of this before.
So it' not just computers.
I have Red Hat Enterprise Linux ES release 4 (Nahant) Kernel
2.6.9-5.ELsmp
on an i686 And I'm trying to connect to a Windows 2003 Server (not
domain controller) as a shared file using EITHER ONE of the following
command lines:
#smbmount //img1/docs /home/documents -o
dmask=777,fmask=0444,gid=100,uid=501,username=documents,password=passd
-or-
#mount -t cifs //img1/docs /home/documents -o
dir_mode=0777,file_mode=0444,gid=100,uid=501,username=documents,password
=passd
In EITHER case the mount succeeds and I can CD to the directory and all
the
subdirectories underneath and LS each and every file with no
problem. Until I try to read, copy or move the file itself ... in which
case I get
cp: 10000099.TIF: read error: Permission denied
But I can actually log into the Win2003 system as that user and all my
permissions on the directories are fine.
So I hit the net and the docs and the forums and everyone says that
Windows
2003 has a problem with digital signing. Even Red Hat has an errata on
it,
saying
Local Policies - Security Options - Microsoft network client - digitally
sign communications (always) - DISABLED
Local Policies - Security Options - Microsoft network client - digitally
sign communications (if server agrees) - DISABLED
Local Policies - Security Options - Microsoft network server - digitally
sign communications (always) - DISABLED
Local Policies - Security Options - Microsoft network server - digitally
sign communications (if server agrees) - DISABLED
Well ... two problems
1) That Eratta talks about CONNECTION failing ... not read errors.
-and-
2) There AIN'T NO SUCH entry on my Windows 2003!!
Under administrative tools -> local security policy --> Security
settings
->local policies -> security
I have "digitally sign client communications (always)" and the same with
(when possible) and then two more for "server" communications.
Close enough, right?
So I change those & reboot
No difference
So I run regedit & search & change EVERY similar setting & reboot
No difference.
Since the mount works (either one) and all the directory traversals work
just fine ... it will probably comes as no surprise to you that (A) no
log
file anywhere contains any relevant messages and (B) the DEBUG functions
don't work because they MOUNT worked just fine.
Oh yeah ... and smbclient works JUST FINE until I find a file and
attempt
to GET that file ... then I get NT_STATUS_ACCESS_DENIED
I'm sure it's a Windows problem (it usually is) ... but I'm wondering if
anyone has seen THIS PARTICULAR color (error) before?
More information about the redhat-list
mailing list