[Samba] share not working

jillelaine jillelaine01 at gmail.com
Wed Nov 27 16:12:20 UTC 2019 


On 11/27/19 12:44 AM, Rowland penny via samba wrote:
> On 26/11/2019 22:54, jillelaine via samba wrote:
>> I have a small home network with server and 5 clients all on an 
>> internal LAN with private IPs.
>>
>> Samba, Version 4.7.6-Ubuntu, file sharing is not working on the server 
>> for any of the 5 clients. I have tried both mount.cifs and smbclient. 
>> The same errors are thrown in the server's samba logs for all 
>> connection attempts, regardless of how the client tries to connect: 
>> getpwuid(1000) failed, Failed to finalize nt token & 
>> NT_STATUS_UNSUCCESSFUL
>>
>> Below is some data. Please tell me what else is needed to help 
>> diagnose this problem. Thank you for your help.
>> ---------------------------
>> SERVER - jazz
>> Kubuntu VERSION="18.04.3 LTS (Bionic Beaver)"
>> Samba, Version 4.7.6-Ubuntu
>>
>> Shared directory 'samba' and permissions
>> drwxr-xr-x   4 root sambashare       4096 Nov 25 16:04 samba
>> --------------------------
>> Contents of 'samba' directory
>> drwxr-xr-x  4 root  sambashare 4096 Nov 25 16:04 .
>> drwxr-xr-x 25 root  root       4096 Nov 25 15:57 ..
>> drwxrws---  2 root  sambashare 4096 Nov 25 16:04 users
>> ---------------------------
>> smb.conf
>> [global]
>>     workgroup = WORKGROUP
>>     server string = %h server (Samba, Ubuntu)
>>     dns proxy = no
>>     root directory = /samba
>>     log file = /var/log/samba/log.%m
>>     max log size = 1000
>>     log level = 3
>>     panic action = /usr/share/samba/panic-action %d
>>     server role = standalone server
>>     passdb backend = tdbsam
>>     obey pam restrictions = yes
>>     unix password sync = yes
>>     passwd program = /usr/bin/passwd %u
>>     passwd chat = *Enter\snew\s*\spassword:* %n\n 
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>     pam password change = yes
>>     map to guest = bad user
>>     usershare allow guests = yes
>>     guest account = jj
>>
>> [users]
>>     comment = Our Jazz Files
>>     path = /samba/users
>>     browseable = yes
>>     read only = no
>>     create mask = 0775
>>     directory mask = 0775
>>     guest ok = yes
> 
> I take it that you have created 'jj' on your standalone server and then 
> made it a Samba user with 'smbpasswd -a jj'
> 
> If so, why have made the guest user 'jj' as well ?
> 
> If you want/need guest access, remove 'guest account = jj'
> 
> If you do not want/need guest access and only want/need authenticated 
> access, remove 'map to guest = bad user', 'guest account = jj' and 
> 'guest ok = yes'
> 
> Rowland

Thank you for your help.

jj has an acct on the server, is enabled, and is in the sambashare group.
----------------
jj at jazz:/var/log/samba$ sudo pdbedit -L
...
jj:1000:jj
----------------
jj at jazz:/var/log/samba$ getent group sambashare
sambashare:x:126:jj,frazz
-----------------

I do want guest access. I have modified the smb.conf as you suggest.
-----------------
Error from mount cifs attempt
sudo mount -t cifs //jazz/users /mnt/jazz --verbose -o user=jj,pass=****
mount.cifs kernel mount options: 
ip=192.168.1.30,unc=\\jazz\users,user=jj,pass=********
mount error(13): Permission denied
-----------------
Error from smbclient attempt
smbclient //jazz/users -U jj
WARNING: The "syslog" option is deprecated
Enter WORKGROUP\jj's password:
session setup failed: NT_STATUS_LOGON_FAILURE
-----------------
And I get different errors in the samba log without the global "guest 
account = jj": NT_STATUS_NO_SUCH_USER and NT_STATUS_LOGON_FAILURE. See 
below.

----new smb.conf-----
[global]
   workgroup = WORKGROUP
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   root directory = /samba
   log file = /var/log/samba/log.%m
   max log size = 1000
   log level = 3
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes

[users]
     comment = Our Jazz Files
     path = /samba/users
     browseable = yes
     read only = no
     create mask = 0775
     directory mask = 0775
     guest ok = yes
-----------------------------
samba log for the connecting computer for mount cifs attempt (log a bit 
different for smbclient attempt, but ending errors are the same)WARNING: 
The "syslog" option is deprecated
...
[2019/11/27 15:20:05.562800,  3] 
../source3/auth/auth.c:189(auth_check_ntlm_password)
   check_ntlm_password:  Checking password for unmapped user []\[jj]@[] 
with the new password interface
[2019/11/27 15:20:05.562843,  3] 
../source3/auth/auth.c:192(auth_check_ntlm_password)
   check_ntlm_password:  mapped user is: []\[jj]@[]
[2019/11/27 15:20:05.563261,  0] 
../source3/passdb/lookup_sid.c:1605(get_primary_group_sid)
   Failed to find a Unix account for jj
[2019/11/27 15:20:05.563663,  1] 
../source3/auth/server_info_sam.c:85(make_server_info_sam)
   User jj in passdb, but getpwnam() fails!
[2019/11/27 15:20:05.563720,  0] 
../source3/auth/check_samsec.c:493(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_NO_SUCH_USER'
[2019/11/27 15:20:05.563818,  2] 
../source3/auth/auth.c:332(auth_check_ntlm_password)
   check_ntlm_password:  Authentication for user [jj] -> [jj] FAILED 
with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2019/11/27 15:20:05.563900,  2] 
../auth/auth_log.c:760(log_authentication_event_human_readable)
   Auth: [SMB2,(null)] user []\[jj] at [Wed, 27 Nov 2019 15:20:05.563863 
UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote 
host [ipv4:192.168.1.127:34504] mapped to []\[jj]. local host 
[ipv4:192.168.1.30:445]
[2019/11/27 15:20:05.564189,  2] ../auth/auth_log.c:220(log_json)
   JSON Authentication: {"timestamp": "2019-11-27T15:20:05.564011+0000", 
"type": "Authentication", "Authentication": {"version": {"major": 1, 
"minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": 
"ipv4:192.168.1.30:445", "remoteAddress": "ipv4:192.168.1.127:34504", 
"serviceDescription": "SMB2", "authDescription": null, "clientDomain": 
"", "clientAccount": "jj", "workstation": "", "becameAccount": null, 
"becameDomain": null, "becameSid": "(NULL SID)", "mappedAccount": "jj", 
"mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": 
null, "netlogonNegotiateFlags": "0x00000000", 
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": "(NULL SID)", 
"passwordType": "NTLMv2"}}
[2019/11/27 15:20:05.564328,  3] 
../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2019/11/27 15:20:05.699183,  3] 
../source3/smbd/server_exit.c:244(exit_server_common)
   Server exit (NT_STATUS_END_OF_FILE)

More information about the samba mailing list