[Samba] Getting NT_STATUS_ACCESS_DENIED
Giedrius Tuminauskas
giedrius.tuminauskas at alva-group.com
Tue Jul 22 09:13:12 MDT 2014
Hello,
First of all, ports 137 & 138 are UDP, and NOT TCP
update your iptables with correct information:
-A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
Regards
*
Giedrius Tuminauskas*
On 21/07/2014 20:48, Doll, Margaret Ann wrote:
> Red Hat Enterprise Linux Server release 6.5 (Santiago)
> selinux is disabled.
>
> The following commands were all run on the RedHat Server on which I am
> running samba.
>
> *The following ports are open*
> 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp dpt:137
> 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp dpt:138
> 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp dpt:139
> 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp dpt:445
>
> *smbpasswd -r rask.geo.brown.edu <http://rask.geo.brown.edu> oldacct*
> Old SMB password:
> New SMB password:
> Retype new SMB password:
> Could not connect to machine rask.geo.brown.edu: NT_STATUS_LOGON_FAILURE
>
> The home directory of *oldacct* is owned by *oldacct.*
>
> *smbclient -L rask -N*
> Anonymous login successful
> Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
>
> Sharename Type Comment
> --------- ---- -------
> Error returning browse list: NT_STATUS_ACCESS_DENIED
> Anonymous login successful
> Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
>
> Server Comment
> --------- -------
>
> Workgroup Master
> --------- -------
>
> *If the above is run with a -d9, the output includes:*
> SPNEGO login failed: Logon failure
> Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
> session setup ok
> tconx ok
> NetShareEnum failed
>
> *Contents of simple smb.conf*
>
> workgroup = Geology
> server string = Samba Server Version %v
>
> netbios name = RASK
>
> interfaces = 10.2.34.10/24 127.0.0.1
> hosts allow = 10.2.34. 10.2.85.79 127.
> log file = /var/log/samba/log.%m
> max log size = 50
>
> security = user
> smb passwd file = /etc/samba/smbpasswd
> username map = /etc/samba/smbusers
>
> local master = yes
>
>
> load printers = yes
> cups options = raw
>
>
> #============================ Share Definitions
> ==============================
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> ; valid users = %S
> ; valid users = MYDOMAIN\%S
>
> *smbtree -d3*
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
> Processing section "[global]"
> interpret_interface: Adding interface 10.2.34.10/24
> added interface 10.2.34.10/24 ip=10.2.34.10 bcast=10.2.34.255
> netmask=255.255.255.0
> added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
> Enter root's password:
> resolve_lmhosts: Attempting lmhosts lookup for name GEOLOGY<0x1d>
> resolve_lmhosts: Attempting lmhosts lookup for name GEOLOGY<0x1d>
> name_resolve_bcast: Attempting broadcast lookup for name GEOLOGY<0x1d>
> Got a positive name query response from 127.0.0.1 ( 10.2.34.10 )
> Connecting to host=10.2.34.10
> Connecting to 10.2.34.10 at port 445
> Doing spnego session setup (blob length=58)
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=NONE
> Got challenge flags:
> Got NTLMSSP neg_flags=0x608a8215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> SPNEGO login failed: Logon failure
> name_resolve_bcast: Attempting broadcast lookup for name __MSBROWSE__<0x1>
> Got a positive name query response from 127.0.0.1 ( 10.2.34.10 )
> Connecting to host=10.2.34.10
> Connecting to 10.2.34.10 at port 445
> Doing spnego session setup (blob length=58)
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=NONE
> Got challenge flags:
> Got NTLMSSP neg_flags=0x608a8215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> SPNEGO login failed: Logon failure
More information about the samba
mailing list