3

I am trying to access an NTFS (ntfs-3g) share from a Windows machine through the Samba 3 on Debian.

I am getting this error on Windows when I try net use command:

System error 5 has occurred.

Access is denied.

, which I am sure is not due to a bad password because that would be

System error 86 has occurred.

The specified network password is not correct.

I have my /etc/samba/smb.conf setup like this under global:

   security = user

and for the share:

  valid users = @users
  force group = users
  create mask = 0777
  directory mask = 0777
  writeable = Yes
  browseable = yes
  guest ok = no

Output of "$ sudo testparm -s" command includes under the specific share:

valid users = %S
force group = users
create mask = 0700
directory mask = 0700

Any clues/hints for what could be going wrong? Please let me know if more information is needed to solve the problem. Thanks.

arslanb
  • 31
  • 1
  • 1
  • 2

1 Answers1

8

The error seems to suggest that no user account exists on the Samba server.

A common oversight is to forget that you need to add a Samba user in addition to a unix user account. So after you've created the unix user account, you need to add the Samba account by issuing the following command:

sudo smbpasswd -a <username>

You can list your existing Samba accounts with:

sudo pdbedit -L

With security = user and Windows clients, if the Windows user account and password is not the same as the Samba user account and password, I find it a bit tricky to predict what credentials Windows will send to the server. To minimise confusion, I tend to set up accounts so that those credentials match.

Also, to minimise variables, you might want to start your troubleshooting on the Debian machine and run smbclient there:

smbclient \\\\<server>\\share --user <username>

You'll be prompted for a password for the user. If that's successful, you'll get the smb client prompt. Issue an "ls" command to get a listing of the share contents. If you can see that, then I'd say Samba is fine, and it's Windows sending unexpected credentials, in which case you can try specifying the credentials to use explicitly in the net use command.

JKim
  • 562
  • 3
  • 10
  • I had added the samba user with the same name before. Note that when I specify a wrong password from Windows 'net use' it does tell me that the password id incorrect. So the authentication should be working. I tried pdbedit and it did show the username I am using with 1000 as the ID. I tried smbclient it only seemed to work with -L option. I was getting NT_STATUS_ACCESS_DENIED error otherwise. I saw a post saying "client lanman auth = yes" would help solve that problem but according to the man page that shouldn't affect Windows login. Not sure about that. – arslanb Jan 17 '13 at 15:32
  • If smbclient -L works but you cant get a list of files in the share, then I wonder if the unix user account that the samba account is mapped to has permissions to that directory. If you log in to the Linux system as the unix user you've mapped the samba user to, are you able to cd into the directory you're sharing and get a list of files? Also, ensure that the unix user you've mapped to is in the "users" group. Use the command "groups " to see what groups that user account belongs to. – JKim Jan 18 '13 at 04:08
  • 1
    I was looking at **smbclient -L** wrong. It doesn't really show you anything inside of a share and according to the description of '-L' its not supposed to. I am still stuck with this **tree connect failed: NT_STATUS_ACCESS_DENIED** error when running smbclient on the localhost with the user that's logged in. Tried several other simple changes but nothing seems to be working :( – arslanb Jan 18 '13 at 04:37
  • Yes, that's right... -L just shows a list of shares but not their contents. It looks like a permissions issue to me. You didn't comment on the other suggestions I made though... either check that out, or remove the valid users = @users line in smb.conf, set the directory to perms 777, and then one step at a time tighten up the permissions to how you want it, troubleshooting as you go. – JKim Jan 18 '13 at 04:41
  • The shared folder is set at 777. It's a USB HDD with ntfs-3g share. So directory level permissions should not be a problem. I tried these changes with no luck :( `; users=@users guest ok=yes create mask=777` – arslanb Jan 18 '13 at 04:53
  • Quick update. *guest ok=yes* seemed to take effect when I created a second test share dir. Perhaps didn't get restarted properly the first time. Anyway, the second simple share with full access, no guest access didn't work either. – arslanb Jan 18 '13 at 05:11
  • You're losing me - I'm not understanding what you're saying. I asked earlier " If you log in to the Linux system as the unix user you've mapped the samba user to, are you able to cd into the directory you're sharing and get a list of files? Also, ensure that the unix user you've mapped to is in the "users" group." What was the outcome of that? – JKim Jan 18 '13 at 06:28
  • Sorry for the confusion. Yes, I am able to see the list of files as the user and ls is showing 777 permission flags on these files. The user is part of the users group. – arslanb Jan 18 '13 at 19:44