[Samba] Samba working (has been for years) but logs full of NT_STATUS_ACCESS_DENIED

Jobst Schmalenbach jobst at barrett.com.au
Mon Mar 16 23:18:29 MDT 2015 

Hi.

My samba server is working for everybody but the logs are full of "NT_STATUS_ACCESS_DENIED" messages
So I turned logging a little higher and found out what shares/files are accessed when this happens.
It, too, happens not to ALL users.

I see this:

  guest user (from session setup) not permitted to access this share (TestPrograms)
  [2015/03/17 16:00:58.165672,  1] smbd/service.c:805(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED

and this:

  [2015/03/17 16:01:08.967945,  2] smbd/close.c:696(close_normal_file)
  rebecca closed file samba-homeshare/Google/Chrome/Default/TransportSecurity~RF181a7c8.TMP (numopen=294) NT_STATUS_OK
  [2015/03/17 16:01:09.056686,  2] smbd/service.c:616(create_connection_session_info)
  guest user (from session setup) not permitted to access this share (rebecca)
  [2015/03/17 16:01:09.056773,  1] smbd/service.c:805(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED

Username exist in both /etc/password and /var/lib/samba/private/smbpasswd and matching lines are in /var/lib/samba/private/smbpasswd.

I have no idea why the guest user "needs" access because I (at least I thought) instructed not to, TestPrograms is an existing share and rebecca is one of our users.


Relevant information from smb.conf:
  ...
  ...
  security = user
  username map = /etc/samba/smbusers
  log level = 2
  logon path = \\DOMAINSERVER\profiles\%u
  logon drive = Z:
  logon home = \\DOMAINSERVER\%u\samba-homeshare
  domain logons = Yes
  guest account = nobody
  usershare allow guests = No
  ...
  ...
[homes]
  comment = Home Directories
  valid users = %u
  writable = yes
  browseable = no
  admin users = @domadmins
  guest ok = no
  ...
  ...
[TestPrograms]
  comment = "Shared Directory for Testing Programs"
  path = /samba/Shares/TestPrograms
  valid users = @domusers
  admin users = root
  read only = No
  create mask = 0660
  force create mode = 0770
  directory mask = 0770
  force directory mode = 06770
  guest ok = no
  ...
  ...


I have no clue why this is happening.
Help please.

thanks
Jobst


-- 
#include <signature.h>

  | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

More information about the samba mailing list