Access denied to Samba share from Windows 10
Samba version: Version 4.1.17-Ubuntu
Ubuntu 15.10
When accessing a Samba share in windows, I can see the share but whenever I try and access it - entering the same username and password as the Samba user created with sudo smbpasswd -a benjamin
(same as system user), I only get "Access is Denied". Here are my smb settings
[global]
server string = %h server (Samba, Ubuntu)
#encrypt passwords = No
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
wins support = yes
name resolve order = wins lmhosts host bcast
[TVShare]
path = /media/MEDIA2/TV
available = yes
valid users = benjamin
read only = no
browsable = yes
public = yes
writable = no
Where ls -dl /media/MEDIA2/TV/
reads
drwxrwxr-x 40 benjamin benjamin 4096 Sep 5 16:18 /media/MEDIA2/TV/
Sample log:
[2015/12/20 12:52:02, 2] ../source3/lib/tallocmsg.c:124(register_msg_pool_usage)
Registered MSG_REQ_POOL_USAGE
[2015/12/20 12:52:02, 2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2015/12/20 12:52:02.517860, 2] ../source3/param/loadparm.c:543(max_open_files)
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2015/12/20 12:52:02.517954, 2] ../source3/param/loadparm.c:3582(do_section)
Processing section "[TVShare]"
[2015/12/20 12:52:02.518169, 2] ../source3/lib/interface.c:341(add_interface)
added interface eth0 ip=192.168.0.5 bcast=192.168.0.255 netmask=255.255.255.0
[2015/12/20 12:52:02.522658, 0] ../lib/util/become_daemon.c:136(daemon_ready)
STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to fetch record!
To access the samba share, please pay attention to:
- You had to create a system user with the same username. In this case, please issue the following command:
useradd -s /sbin/nologin benjamin
- If you are using a SELINUX-enabled system (eg: CentOS), try to temporarily disable it issuing
setenforce 0
EDIT: as the problem persists, try the following:
- maybe your Windows host is prepending your username with the wrong domain name. From the Windows machine, try to login using
localhost\benjamin
as the username - issue
pdbedit -L
and check if userbenjamin
is listed. If so, set a trivial password (you can change it later) usingsmbpasswd benjamin
- if user
benjamin
is not listed, try to recreate it issuingsmbpasswd -a benjamin
- if it does not work, delete the passwd file (it is named
passwd.tdb
; for reference, in a CentOS 6.x system it is found under/var/lib/samba/private/
). Then, recreate your user issuingsmbpasswd -a benjamin
- if it still not working, try to use the root account issuing
smbpasswd -a root
and check if you can login using the root user. Note: this is only a try. After having done with it, you must delete root's entry issuingsmbpasswd -x root
- Your last resort is to increase the verbosity of logging and see if you can find clues there. For authentication attempts, edit or add the following line on your smb.conf
log level = 2 winbind:5
, check the logs with something liketail -f /var/log/samba/log*
and try to login.
It is possible you need to add the user in question to your smb service in linux
sudo smbpasswd -a myuser
On the Windows PC, Change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
to 4
Network security: LAN Manager authentication level is usually set to Send LM & NTLM - use NTLMv2 session security if negotiated
by Group policies for backup compatability with older clients.
Changing LmCompatibilityLevel
to 4 sets it to Send NTLMv2 response only