Access denied to Samba share from Windows 10

Question

Samba version: Version 4.1.17-Ubuntu

Ubuntu 15.10

When accessing a Samba share in windows, I can see the share but whenever I try and access it - entering the same username and password as the Samba user created with sudo smbpasswd -a benjamin (same as system user), I only get "Access is Denied". Here are my smb settings

[global]
server string = %h server (Samba, Ubuntu)
#encrypt passwords = No
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d

wins support = yes

name resolve order = wins lmhosts host bcast


[TVShare]
path = /media/MEDIA2/TV
available = yes
valid users = benjamin
read only = no
browsable = yes
public = yes
writable = no

Where ls -dl /media/MEDIA2/TV/ reads

drwxrwxr-x 40 benjamin benjamin 4096 Sep  5 16:18 /media/MEDIA2/TV/

Sample log:

[2015/12/20 12:52:02,  2] ../source3/lib/tallocmsg.c:124(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2015/12/20 12:52:02,  2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2015/12/20 12:52:02.517860,  2] ../source3/param/loadparm.c:543(max_open_files)
  rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2015/12/20 12:52:02.517954,  2] ../source3/param/loadparm.c:3582(do_section)
  Processing section "[TVShare]"
[2015/12/20 12:52:02.518169,  2] ../source3/lib/interface.c:341(add_interface)
  added interface eth0 ip=192.168.0.5 bcast=192.168.0.255 netmask=255.255.255.0
[2015/12/20 12:52:02.522658,  0] ../lib/util/become_daemon.c:136(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to fetch record!

No Samba version, no logs, nothing about other versions of Windows... And have you tried to mount the share from the server machine itself? — sam_pan_mariusz, Dec 20 '15 at 14:33
Added. Unable to try on other versions of windows - but thought the version may be of help — bak202, Dec 20 '15 at 15:09

score 11 · Answer 1 · edited Jan 07 '22 at 17:30

11

To access the samba share, please pay attention to:

You had to create a system user with the same username. In this case, please issue the following command: useradd -s /sbin/nologin benjamin
If you are using a SELINUX-enabled system (eg: CentOS), try to temporarily disable it issuing setenforce 0

EDIT: as the problem persists, try the following:

maybe your Windows host is prepending your username with the wrong domain name. From the Windows machine, try to login using localhost\benjamin as the username
issue pdbedit -L and check if user benjamin is listed. If so, set a trivial password (you can change it later) using smbpasswd benjamin
if user benjamin is not listed, try to recreate it issuing smbpasswd -a benjamin
if it does not work, delete the passwd file (it is named passwd.tdb; for reference, in a CentOS 6.x system it is found under /var/lib/samba/private/). Then, recreate your user issuing smbpasswd -a benjamin
if it still not working, try to use the root account issuing smbpasswd -a root and check if you can login using the root user. Note: this is only a try. After having done with it, you must delete root's entry issuing smbpasswd -x root
Your last resort is to increase the verbosity of logging and see if you can find clues there. For authentication attempts, edit or add the following line on your smb.conf log level = 2 winbind:5, check the logs with something like tail -f /var/log/samba/log* and try to login.

edited Jan 07 '22 at 17:30

ndemou

1,315
3
17
28

answered Dec 20 '15 at 13:03

shodanshok

47,711
7
111
180

Thank you, the user I created is the same name/pass as an existing system user. I'll edit the question with more information – bak202 Dec 20 '15 at 15:04
I've edited my answer. Give it a try. – shodanshok Dec 20 '15 at 17:20
Tried 2-5 (it did exist in pdbedit) but had the same issue. After trying one, I get a new error in Windows: "...\TVShows is not accessible. You might not have permission to use this network resource..." – bak202 Dec 20 '15 at 18:10
Have you disabled SELINUX? – shodanshok Dec 20 '15 at 19:11
Thank you :) creating new user with password solved my problem :) – Soren Mar 16 '19 at 20:03
@shodanshok do you mind if I add to your answer, one last step regarding enabling verbose logging from https://serverfault.com/a/1070611/67528 ? – ndemou Jan 06 '22 at 13:18
@ndemou sure, feel free to propose an edit to my answer. – shodanshok Jan 06 '22 at 16:42

score 9 · Answer 2 · edited Jul 26 '21 at 10:24

9

It is possible you need to add the user in question to your smb service in linux

sudo smbpasswd -a myuser

edited Jul 26 '21 at 10:24

ndemou

1,315
3
17
28

answered Jul 13 '20 at 00:35

CesareoAguirre

191
1
3

3

tried all kinds of configurations, but this was the answer I needed :) – FrankyHollywood Sep 06 '20 at 20:50
I would give this a bounty if I had any to give – endolith Mar 18 '21 at 03:41

score 6 · Answer 3 · edited Mar 16 '18 at 12:13

6

On the Windows PC, Change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel to 4

Network security: LAN Manager authentication level is usually set to Send LM & NTLM - use NTLMv2 session security if negotiated by Group policies for backup compatability with older clients.

Changing LmCompatibilityLevel to 4 sets it to Send NTLMv2 response only

edited Mar 16 '18 at 12:13

Colt

2,029
6
21
27

answered Mar 16 '18 at 00:57

Zeek

69
1
1

2

Does this require a reboot on the client? – user643011 Jul 31 '18 at 17:08
1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel does not exist on my Windows 10 Home machine. What type should it be? – Dave Burton May 04 '20 at 12:56
@DaveBurton: `REG_DWORD` – jftuga Jun 02 '20 at 18:25
thank you Dave, this worked for me – Oliver Gaida Jun 17 '20 at 14:35
1

This doesn't do anything for me. Just says "access denied" even after a reboot – endolith Mar 18 '21 at 03:38

score 1 · Answer 4 · answered Mar 06 '22 at 21:48

I was having the same problem. Eventually solved it by erasing the partition on my external HDD and remaking the filesystem. With this config I can copy&paste onto the drive without logging in from windows:

[global]
server string = Media Server
workgroup = HOME
security = user
map to guest = Bad User
name resolve order = bcast host

[Film]
path = /mnt/sda/sda1/Film
force user = smbuser
force group = smbgroup
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = yes
writable = yes
write list = smbuser

I set up the group and user with the following commands:

sudo groupadd --system smbgroup
sudo useradd --system --no-create-home --group smbgroup -s /bin/false smbuser

My drive had been used in a different system (I re-did the same server a couple of times) so I think there were still traces of ownership that was overriding my new persmissions so therefore, only after re-partition and re-making the filesystem the new permissions worked.

score 0 · Answer 5 · answered Oct 12 '22 at 12:51

I have just had this and been banging my head against a brick wall trying to work out what was happening.

I have set up lots of samba installs before and spent hours on this. As is the case it turned out to be something stupidly simple.

Symptom - Linux host shows in Windows network, but when I click on it and enter username/password I get 'Access Denied. Linux user, Samba user and all permissions set correctly

Problem - I had uncommented the 'homes' config items but not the '[homes]' share label.

As soon as I spotted this and uncommented [homes] in smb.conf it all worked properly!

Interestingly enough nothing showed this up. You can run testparm and it says everything is fine with smb.conf

I compared my set up to other running computers and everything looked fine, I simply kept missing that commented ';[homes]' entry

score 0 · Answer 6 · answered Jan 25 '23 at 10:08

0

Adding 'ntlm auth = yes' to global section of smb.conf on samba server worked for me.

Source: https://bgstack15.wordpress.com/2017/10/01/samba-and-ntlm-for-windows-clients/

answered Jan 25 '23 at 10:08

Robo Janal

1

score 0 · Answer 7 · edited Jul 18 '23 at 12:03

0

SOLUTION IS: Adding ntlm auth = yes to global section of smb.conf on samba server worked for metoo THANKS ROBO JANAL

login@fucker:~$ sudo curl --upload-file ***********

curl: (67) Login denied

edited Jul 18 '23 at 12:03

lzap

2,882
2
23
23

answered Jul 13 '23 at 01:01

Walter Ramirez

1

Access denied to Samba share from Windows 10

7 Answers7