Samba configuration, status[NT_STATUS_ACCESS_DENIED],
Solution 1
I FINALLY managed to solve this problem.
first of all i removed the existing connections from windows 10 using net use * /delete
from the command line since the credentials where saved and i changed them on the server
also for some reason i had to specify smbpasswd
in /etc/samba/smb.conf: passdb backend = smbpasswd
in the [global]
section
also the /home permission where wrong and all my shares are in /home so i reset the permission to 755: chmod -R 755 /home
then i reset all the shares permission and group access based on my needs.
Solution 2
We had the [NT_STATUS_ACCESS_DENIED] error where users could access their HOME shares but not any other shares.
/var/log/samba/__ffff_172.16.0.35.log:
[2019/03/05 11:26:53.914706, 1] smbd/service.c:678(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
This was caused by Domain Controllers being restarted whilst SAMBA and WINBIND servers were running. Simply restarting services winbind & smb resolved the issue.
A light fix; but worth a mention
Solution 3
This just happened to me as well, with the latest Samba on Fedora. I was mysteriously getting 'access denied' responses when trying to create/write/delete files and folders in sub-directories of my Samba share from Windows. Weirdly, changing files in the root folder worked fine.
I changed the setting from passdb backend = tdbsam
to passdb backend = smbpasswd
, ran smbpasswd -a myuser
to re-add my user and password, and restarted the smb service. This fixed the problem for me.
Related videos on Youtube
George
Updated on September 18, 2022Comments
-
George almost 2 years
I am trying to configure samba with centos7 to be accessed from windows 10 clients.
log level = 1 i used a previously working smb.conf from the same server after reinstalling centos.
log level = 10 you can actually skip reading this, its level 10 details.
start
i am very new to configuring a linux server, i am familiar with basic linux command
ls
chmod
chown
...
,i followed this article to configure a secure share on wlan network and then tested it with a colleague, everything was working ok except that he did not have execution permission on the share, the path is
/home/CompanyFiles/All
so i executed
cd /home/
then
chmod -R 777 /
then i successfully changed the permissions of the entire centos files and broke the centos installation.
after some googling i decided that reinstalling centos is better than trying to recover from the chmod command and it was feasible since i only installed samba on it, so i copied smb.conf to another machine, reinstalled centos and reinstalled samba, and then i used the old smb.conf.
end
smb.conf:
[global] workgroup = WORKGROUP security = user map to guest = Bad User printing = cups printcap name = cups load printers = yes cups options = raw log level = 4 #ntlm auth = yes passdb backend = tdbsam netbios name = adServer [homes] comment = Home Directories valid users = %S, %D%w%S browsable = No read only = No inherit acls = Yes [CompanyFiles] path = /home/CompanyFiles guest ok = yes browsable = no writable = yes [All] comment = Company Access path = /home/CompanyFiles/All guest ok = no browsable = yes writable = yes #access based share enum = yes
the permission of the folders are:
drwxrwx--x. 3 everyad adusers 17 Feb 26 09:32 CompanyFiles
drwxrwx--x. 2 everyad adusers 42 Feb 26 11:43 All
where all users are members of the group adusers.
also the users trying to access are created on smb using
smbpasswd -a username
BUT i get the following error when trying to access the server from windows 10
you do not have permission to access server ...
please not that i removed samba and reinstalled it with no success.
when making the log level 4 i receive
status[NT_STATUS_ACCESS_DENIED]
, but with lower level i don't get an error.[2018/03/07 12:16:46.480678, 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2018/03/07 12:16:46.480788, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.480835, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.480864, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:46.480913, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449 [2018/03/07 12:16:46.481098, 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2018/03/07 12:16:46.481145, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.481172, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.481202, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:46.481244, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449 [2018/03/07 12:16:46.481407, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.481671, 4] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair) Create of internal pipe srvsvc requested [2018/03/07 12:16:46.485044, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.485191, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.485232, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.485286, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:46.485387, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449 [2018/03/07 12:16:46.485519, 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2018/03/07 12:16:46.485564, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.485593, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.485617, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:46.485662, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449 [2018/03/07 12:16:46.486887, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.647037, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.647199, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.647244, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.647280, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:46.647399, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449 [2018/03/07 12:16:46.647849, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.648141, 3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req) api_pipe_bind_req: srvsvc -> srvsvc rpc service [2018/03/07 12:16:46.648192, 3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req) check_bind_req for srvsvc context_id=0 [2018/03/07 12:16:46.648242, 3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req) check_bind_req: srvsvc -> srvsvc rpc service [2018/03/07 12:16:46.762983, 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2018/03/07 12:16:46.807647, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.807736, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.807758, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.807777, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:46.807808, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449 [2018/03/07 12:16:46.816357, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.816537, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(1006, 1014) : sec_ctx_stack_ndx = 1 [2018/03/07 12:16:46.816566, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 1 [2018/03/07 12:16:46.816606, 4] ../source3/rpc_server/srv_pipe.c:1434(api_rpcTNP) api_rpcTNP: srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO [2018/03/07 12:16:46.816664, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.845244, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.845361, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.845381, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.845393, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:46.845409, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449 [2018/03/07 12:16:46.845461, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.859382, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.859442, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.859458, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:46.859467, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:46.859482, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449 [2018/03/07 12:16:46.859547, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:46.859580, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_FS_DRIVER_REQUIRED] || at ../source3/smbd/smb2_ioctl.c:309 [2018/03/07 12:16:48.603901, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0 [2018/03/07 12:16:48.604057, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:48.604105, 4] ../source3/smbd/vfs.c:874(vfs_ChDir) vfs_ChDir to /home/CompanyFiles/All [2018/03/07 12:16:48.604171, 3] ../source3/smbd/service.c:102(set_current_service) chdir (/home/CompanyFiles/All) failed, reason: Permission denied [2018/03/07 12:16:48.604228, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c
searching online always led to selinux stuff, firewall or permissions:
selinux is permissive
firewalld is disabled
and still getting the same issue