Access denied to Samba share from Windows 10

Samba version: Version 4.1.17-Ubuntu

Ubuntu 15.10

When accessing a Samba share in windows, I can see the share but whenever I try and access it - entering the same username and password as the Samba user created with sudo smbpasswd -a benjamin (same as system user), I only get "Access is Denied". Here are my smb settings

[global]
server string = %h server (Samba, Ubuntu)
#encrypt passwords = No
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d

wins support = yes

name resolve order = wins lmhosts host bcast


[TVShare]
path = /media/MEDIA2/TV
available = yes
valid users = benjamin
read only = no
browsable = yes
public = yes
writable = no

Where ls -dl /media/MEDIA2/TV/ reads

drwxrwxr-x 40 benjamin benjamin 4096 Sep  5 16:18 /media/MEDIA2/TV/

Sample log:

[2015/12/20 12:52:02,  2] ../source3/lib/tallocmsg.c:124(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2015/12/20 12:52:02,  2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2015/12/20 12:52:02.517860,  2] ../source3/param/loadparm.c:543(max_open_files)
  rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2015/12/20 12:52:02.517954,  2] ../source3/param/loadparm.c:3582(do_section)
  Processing section "[TVShare]"
[2015/12/20 12:52:02.518169,  2] ../source3/lib/interface.c:341(add_interface)
  added interface eth0 ip=192.168.0.5 bcast=192.168.0.255 netmask=255.255.255.0
[2015/12/20 12:52:02.522658,  0] ../lib/util/become_daemon.c:136(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to fetch record!

To access the samba share, please pay attention to:

  1. You had to create a system user with the same username. In this case, please issue the following command: useradd -s /sbin/nologin benjamin
  2. If you are using a SELINUX-enabled system (eg: CentOS), try to temporarily disable it issuing setenforce 0

EDIT: as the problem persists, try the following:

  1. maybe your Windows host is prepending your username with the wrong domain name. From the Windows machine, try to login using localhost\benjamin as the username
  2. issue pdbedit -L and check if user benjamin is listed. If so, set a trivial password (you can change it later) using smbpasswd benjamin
  3. if user benjamin is not listed, try to recreate it issuing smbpasswd -a benjamin
  4. if it does not work, delete the passwd file (it is named passwd.tdb; for reference, in a CentOS 6.x system it is found under /var/lib/samba/private/). Then, recreate your user issuing smbpasswd -a benjamin
  5. if it still not working, try to use the root account issuing smbpasswd -a root and check if you can login using the root user. Note: this is only a try. After having done with it, you must delete root's entry issuing smbpasswd -x root
  6. Your last resort is to increase the verbosity of logging and see if you can find clues there. For authentication attempts, edit or add the following line on your smb.conf log level = 2 winbind:5, check the logs with something like tail -f /var/log/samba/log* and try to login.

It is possible you need to add the user in question to your smb service in linux

sudo smbpasswd -a myuser

On the Windows PC, Change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel to 4

Network security: LAN Manager authentication level is usually set to Send LM & NTLM - use NTLMv2 session security if negotiated by Group policies for backup compatability with older clients.

Changing LmCompatibilityLevel to 4 sets it to Send NTLMv2 response only