Access denied to Samba share from Windows 10

linux windows samba

76,019

Solution 1

To access the samba share, please pay attention to:

You had to create a system user with the same username. In this case, please issue the following command: useradd -s /sbin/nologin benjamin
If you are using a SELINUX-enabled system (eg: CentOS), try to temporarily disable it issuing setenforce 0

EDIT: as the problem persists, try the following:

maybe your Windows host is prepending your username with the wrong domain name. From the Windows machine, try to login using localhost\benjamin as the username
issue pdbedit -L and check if user benjamin is listed. If so, set a trivial password (you can change it later) using smbpasswd benjamin
if user benjamin is not listed, try to recreate it issuing smbpasswd -a benjamin
if it does not work, delete the passwd file (it is named passwd.tdb; for reference, in a CentOS 6.x system it is found under /var/lib/samba/private/). Then, recreate your user issuing smbpasswd -a benjamin
if it still not working, try to use the root account issuing smbpasswd -a root and check if you can login using the root user. Note: this is only a try. After having done with it, you must delete root's entry issuing smbpasswd -x root
Your last resort is to increase the verbosity of logging and see if you can find clues there. For authentication attempts, edit or add the following line on your smb.conf log level = 2 winbind:5, check the logs with something like tail -f /var/log/samba/log* and try to login.

Solution 2

It is possible you need to add the user in question to your smb service in linux

sudo smbpasswd -a myuser

Solution 3

On the Windows PC, Change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel to 4

Network security: LAN Manager authentication level is usually set to Send LM & NTLM - use NTLMv2 session security if negotiated by Group policies for backup compatability with older clients.

Changing LmCompatibilityLevel to 4 sets it to Send NTLMv2 response only

Solution 4

I was having the same problem. Eventually solved it by erasing the partition on my external HDD and remaking the filesystem. With this config I can copy&paste onto the drive without logging in from windows:

[global]
server string = Media Server
workgroup = HOME
security = user
map to guest = Bad User
name resolve order = bcast host

[Film]
path = /mnt/sda/sda1/Film
force user = smbuser
force group = smbgroup
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = yes
writable = yes
write list = smbuser

I set up the group and user with the following commands:

sudo groupadd --system smbgroup
sudo useradd --system --no-create-home --group smbgroup -s /bin/false smbuser

My drive had been used in a different system (I re-did the same server a couple of times) so I think there were still traces of ownership that was overriding my new persmissions so therefore, only after re-partition and re-making the filesystem the new permissions worked.

View more solutions

76,019

bak202

Updated on September 18, 2022

Comments

bak202 over 1 year

Samba version: Version 4.1.17-Ubuntu

Ubuntu 15.10

When accessing a Samba share in windows, I can see the share but whenever I try and access it - entering the same username and password as the Samba user created with sudo smbpasswd -a benjamin (same as system user), I only get "Access is Denied". Here are my smb settings

[global]
server string = %h server (Samba, Ubuntu)
#encrypt passwords = No
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d

wins support = yes

name resolve order = wins lmhosts host bcast


[TVShare]
path = /media/MEDIA2/TV
available = yes
valid users = benjamin
read only = no
browsable = yes
public = yes
writable = no

Where ls -dl /media/MEDIA2/TV/ reads

drwxrwxr-x 40 benjamin benjamin 4096 Sep  5 16:18 /media/MEDIA2/TV/

Sample log:

[2015/12/20 12:52:02,  2] ../source3/lib/tallocmsg.c:124(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2015/12/20 12:52:02,  2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2015/12/20 12:52:02.517860,  2] ../source3/param/loadparm.c:543(max_open_files)
  rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2015/12/20 12:52:02.517954,  2] ../source3/param/loadparm.c:3582(do_section)
  Processing section "[TVShare]"
[2015/12/20 12:52:02.518169,  2] ../source3/lib/interface.c:341(add_interface)
  added interface eth0 ip=192.168.0.5 bcast=192.168.0.255 netmask=255.255.255.0
[2015/12/20 12:52:02.522658,  0] ../lib/util/become_daemon.c:136(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to fetch record!

sam_pan_mariusz over 8 years

No Samba version, no logs, nothing about other versions of Windows... And have you tried to mount the share from the server machine itself?
bak202 over 8 years

Added. Unable to try on other versions of windows - but thought the version may be of help

bak202 over 8 years

Thank you, the user I created is the same name/pass as an existing system user. I'll edit the question with more information
shodanshok over 8 years

I've edited my answer. Give it a try.
bak202 over 8 years

Tried 2-5 (it did exist in pdbedit) but had the same issue. After trying one, I get a new error in Windows: "...\TVShows is not accessible. You might not have permission to use this network resource..."
shodanshok over 8 years

Have you disabled SELINUX?
user643011 almost 6 years

Does this require a reboot on the client?
Soren about 5 years

Thank you :) creating new user with password solved my problem :)
Dave Burton about 4 years

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCo‌mpatibilityLevel does not exist on my Windows 10 Home machine. What type should it be?
jftuga almost 4 years

@DaveBurton: REG_DWORD
Oliver Gaida almost 4 years

thank you Dave, this worked for me
FrankyHollywood over 3 years

tried all kinds of configurations, but this was the answer I needed :)
endolith about 3 years

This doesn't do anything for me. Just says "access denied" even after a reboot
endolith about 3 years

I would give this a bounty if I had any to give
ndemou over 2 years

@shodanshok do you mind if I add to your answer, one last step regarding enabling verbose logging from serverfault.com/a/1070611/67528 ?
shodanshok over 2 years

@ndemou sure, feel free to propose an edit to my answer.