[Samba] access denied with samba share
Lupe Christoph
lupe at lupe-christoph.de
Sun Aug 1 17:42:38 GMT 2004
On Sunday, 2004-08-01 at 10:26:49 -0700, chad work wrote:
> I can see the shares, I can map, for example, the J:
> drive to "shared", but cannot switch to it by typing:
> "J: enter".
I'm having the same problem. Let me add what I found out:
1) I can access the share with smbclient from Linux. In fact, the
machine that is also the server.
2) When I share the C drive from a Win98SE machine read-only, I can
access it from the WinXP Pro machine.
3) When I share that drive read-write with an empty password, WinXP can
also use.
4) As soon as I set a password for that share, I have the same problem
I have with the Samba shares.
5) Deinstalling the most recent patches from Win XP did not give me that
access back.
6) When I tcpdump the Samba connection, I see just one request and one
reply, With an error STATUS_ACCESS_DENIED. I'm attaching the request
and the response, as decoded by Ethereal.
7) I see nothing in the Samba traces the hints to the cause of the
problem. But I'm no Samba Guru.
I conclude that this is *not* a Samba problem. It must be caused by
something on the Win XP side. That something causes it to fail to
authenticate.
Of course, any help with this is appreciated. I found nothing in the
Mickysoft Knowledge Base, but I'm no MSCE nor would I want to be one.
Actually, I subscribed to this mailing list in the hope a solution
would come up.
Lupe Christoph
--
| lupe at lupe-christoph.de | http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity |
| Home for Badgers with Rabies. Michael Lucas |
-------------- next part --------------
No. Time Source Destination Protocol Info
24 0.016738 172.17.0.3 172.17.0.9 SMB NT Create AndX Request, Path: \
Frame 24 (146 bytes on wire, 146 bytes captured)
Arrival Time: Jul 20, 2004 10:02:33.536537000
Time delta from previous packet: 0.001933000 seconds
Time since reference or first frame: 0.016738000 seconds
Frame Number: 24
Packet Length: 146 bytes
Capture Length: 146 bytes
Ethernet II, Src: 00:a0:c9:78:08:06, Dst: 00:02:b3:88:f3:b6
Destination: 00:02:b3:88:f3:b6 (Intel_88:f3:b6)
Source: 00:a0:c9:78:08:06 (Intel-Hf_78:08:06)
Type: IP (0x0800)
Internet Protocol, Src Addr: 172.17.0.3 (172.17.0.3), Dst Addr: 172.17.0.9 (172.17.0.9)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 132
Identification: 0x0a6e (2670)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x97d7 (correct)
Source: 172.17.0.3 (172.17.0.3)
Destination: 172.17.0.9 (172.17.0.9)
Transmission Control Protocol, Src Port: 1311 (1311), Dst Port: netbios-ssn (139), Seq: 1570, Ack: 1213, Len: 92
Source port: 1311 (1311)
Destination port: netbios-ssn (139)
Sequence number: 1570 (relative sequence number)
Next sequence number: 1662 (relative sequence number)
Acknowledgement number: 1213 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 63028
Checksum: 0x0cac (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 23
The RTT to ACK the segment was: 0.001933000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 88
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 25
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .1.. = Security Signatures: Security signatures are supported
.... .... .... ..1. = Extended Attributes: Extended attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 1
Process ID: 1460
User ID: 100
Multiplex ID: 36352
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 2
Create Flags: 0x00000010
.... .... .... .... .... .... ...1 .... = Extended Response: Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory: Target of open can be a file
.... .... .... .... .... .... .... .0.. = Batch Oplock: Does NOT request batch oplock
.... .... .... .... .... .... .... ..0. = Exclusive Oplock: Does NOT request oplock
Root FID: 0x00000000
Access Mask: 0x00100001
0... .... .... .... .... .... .... .... = Generic Read: Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write: Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute: Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All: Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed: Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security: System security is NOT set
.... .... ...1 .... .... .... .... .... = Synchronize: Can wait on handle to SYNCHRONIZE on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner may NOT write to the DAC
.... .... .... ..0. .... .... .... .... = Read Control: Read access is NOT granted to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete access
.... .... .... .... .... ...0 .... .... = Write Attributes: NO write attributes access
.... .... .... .... .... .... 0... .... = Read Attributes: NO read attributes access
.... .... .... .... .... .... .0.. .... = Delete Child: NO delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO execute access
.... .... .... .... .... .... ...0 .... = Write EA: NO write extended attributes access
.... .... .... .... .... .... .... 0... = Read EA: NO read extended attributes access
.... .... .... .... .... .... .... .0.. = Append: NO append access
.... .... .... .... .... .... .... ..0. = Write: NO write access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00004001
.... .... .... .... .... .... .... ...1 = Directory: File being created/opened must be a directory
.... .... .... .... .... .... .... ..0. = Write Through: Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only: The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert: Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert: Operations NOT necessarily synchronous
.... .... .... .... .... .... .0.. .... = Non-Directory: File being created/opened must be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge: The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close: The file should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x00
.... ...0 = Context Tracking: Security tracking mode is STATIC
.... ..0. = Effective Only: ALL aspects of the client's security context are available
Byte Count (BCC): 5
File Name: \
0000 00 02 b3 88 f3 b6 00 a0 c9 78 08 06 08 00 45 00 .........x....E.
0010 00 84 0a 6e 40 00 80 06 97 d7 ac 11 00 03 ac 11 ...n at ...........
0020 00 09 05 1f 00 8b 79 c3 dc dd cc 08 9d 86 50 18 ......y.......P.
0030 f6 34 0c ac 00 00 00 00 00 58 ff 53 4d 42 a2 00 .4.......X.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 01 00 b4 05 64 00 00 8e 18 ff 00 de de 00 ......d.........
0060 02 00 10 00 00 00 00 00 00 00 01 00 10 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 ................
0080 00 00 01 40 00 00 02 00 00 00 00 05 00 00 5c 00 ... at ..........\.
0090 00 00 ..
No. Time Source Destination Protocol Info
25 0.016792 172.17.0.9 172.17.0.3 SMB NT Create AndX Response, Error: STATUS_ACCESS_DENIED
Frame 25 (93 bytes on wire, 93 bytes captured)
Arrival Time: Jul 20, 2004 10:02:33.536591000
Time delta from previous packet: 0.000054000 seconds
Time since reference or first frame: 0.016792000 seconds
Frame Number: 25
Packet Length: 93 bytes
Capture Length: 93 bytes
Ethernet II, Src: 00:02:b3:88:f3:b6, Dst: 00:a0:c9:78:08:06
Destination: 00:a0:c9:78:08:06 (Intel-Hf_78:08:06)
Source: 00:02:b3:88:f3:b6 (Intel_88:f3:b6)
Type: IP (0x0800)
Internet Protocol, Src Addr: 172.17.0.9 (172.17.0.9), Dst Addr: 172.17.0.3 (172.17.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x52fc (21244)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x8f7e (correct)
Source: 172.17.0.9 (172.17.0.9)
Destination: 172.17.0.3 (172.17.0.3)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1311 (1311), Seq: 1213, Ack: 1662, Len: 39
Source port: netbios-ssn (139)
Destination port: 1311 (1311)
Sequence number: 1213 (relative sequence number)
Next sequence number: 1252 (relative sequence number)
Acknowledgement number: 1662 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8576
Checksum: 0xa4ff (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 24
The RTT to ACK the segment was: 0.000054000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 24
Time from request: 0.000054000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_ACCESS_DENIED (0xc0000022)
Flags: 0x88
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 1
Process ID: 1460
User ID: 100
Multiplex ID: 36352
NT Create AndX Response (0xa2)
Word Count (WCT): 0
Byte Count (BCC): 0
0000 00 a0 c9 78 08 06 00 02 b3 88 f3 b6 08 00 45 00 ...x..........E.
0010 00 4f 52 fc 40 00 40 06 8f 7e ac 11 00 09 ac 11 .OR. at .@..~......
0020 00 03 00 8b 05 1f cc 08 9d 86 79 c3 dd 39 50 18 ..........y..9P.
0030 21 80 a4 ff 00 00 00 00 00 23 ff 53 4d 42 a2 22 !........#.SMB."
0040 00 00 c0 88 01 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 01 00 b4 05 64 00 00 8e 00 00 00 ......d......
More information about the samba
mailing list