[Samba] Issue with access to Samba shares on remote server

samba.x.eliezer613 at spamgourmet.com samba.x.eliezer613 at spamgourmet.com
Thu Dec 7 17:57:29 UTC 2017


Hi, setup a CentOS 7.4 samba server running samba 4.6.2

The samba server has the following content in smb.conf

[global]
        workgroup = REDACTED
        server string = Samba server for REDACTED %v
        netbios name = SERVER_NAME (redacted)
        security = user
        passdb backend = tdbsam
        interfaces = ens3 lo0
        hosts allow = xxx.193.49.0/24 127.0.0.1
        name resolve order = wins host bcast
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
        log level = 8
        log file = /var/log/samba/%m.log
        max log size = 200
        local master = no
        os level = 33
        preferred master = yes
        wins support = yes
        dns proxy = no
        map to guest = Bad User

Watching the log live when trying to connect the following is shown.

[2017/12/07 12:23:35.641296,  3] ../lib/util/access.c:361(allow_access)
  Allowed connection from xxx.193.49.193 (xxx.193.49.193)
[2017/12/07 12:23:35.641323,  2]
../source3/smbd/service.c:319(create_connection_session_info)
  guest user (from session setup) not permitted to access this share
(software)
[2017/12/07 12:23:35.641342,  1]
../source3/smbd/service.c:502(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2017/12/07 12:23:35.641360,  5]
../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
  check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/12/07 12:23:35.641385,  5]
../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
  release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/12/07 12:23:35.641408,  3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:135

[homes] exists but the Samba server does not accept my credentials
(domain\username) when connected to the Samba server with L2tp/ipsec
connection. It does let me connect when ssh'd to the Samba server with
smbclient \\servername\sharename -Uuser-name  followed by the correct
password for the user.

When finally connected to the Samba server through the VPN, Network
window shows only the one share. It doesn't show the username directory
(folder) as it should.

The windows 7 VPN connection has the WINS address pointing to the Samba
server and dns pointing to the Samba server (running unbound on the
samba server with a 'local.conf' which contains server_name A
xxx.193.49.82)

Thanks for any help!



More information about the samba mailing list