[Samba] NT_STATUS_ACCESS_DENIED
Joshua M. Miller
joshua at itsecureadmin.com
Fri Apr 6 13:50:33 GMT 2007
Hi Brandon,
I would encourage you to simplify things even more at this point until
you get the situation resolved. Remove or comment out anything that is
not critical for Samba to startup with a single share, an example
smb.conf would be:
[global]
workgroup = MORTSHIRE
security = share
netbios name = annw
restrict anonymous = 0
[media]
path = /var/media
writeable = yes
If that works, then add the rest of your stuff line by line until you
find something that doesn't work.
The only time that I have seen the access denied message you list was
when I had set 'restrict anonymous = 2'. This value defaults to 0 which
allows anonymous browsing of a Samba server's service definitions (in
any security mode). This value is documented in the man page for smb.conf.
HTH,
--
Joshua M. Miller - RHCE,VCP
Brandon Blackmoor wrote:
> I am new to Samba, but not to Linux. I hope someone here can point me in the
> right direction.
>
> I have installed Samba and it appears to be working, at least as far as I have
> tested it. However, I have hit a snag in my testing. I have searched Google for
> several hours but I have not found a solution.
>
> On a Linux machine (named "annwn") running Fedora Core 6, I have set up a share,
> using the least restrictive "share" type permissions (this is only for testing:
> once I get things working, I will lock things down more). The directory to be
> shared is /var/media:
>
> drwxrwxr-x 5 root media 4096 Apr 5 11:22 media
>
> I have created a user called "smbguest", and added this user to the "media"
> group. I have then set "smbguest" as the guest user, and created a "media"
> share for the /var/media directory:
>
>
> [global]
> workgroup = MORTSHIRE
> server string = Samba Server
> security = SHARE
> guest account = smbguest
> log file = /var/log/samba/%m.log
> max log size = 50
> dns proxy = No
> wins support = Yes
> guest ok = Yes
> hosts allow = 192.168.1., 127.0.0.1
> cups options = raw
>
> [media]
> comment = media on annwn.mortshire
> path = /var/media
> writeable = yes
> browseable = yes
> guest ok = yes
>
>
> testparm says that the smb.conf file is valid. Then I restarted samba. But when
> I test this share by running (on annwn, as root) smbclient, the share connects,
> but will not permit a "dir" command. It returns the error
> NT_STATUS_ACCESS_DENIED.
>
>
> [root at annwn samba]# smbclient //annwn/media
> Password:
> Domain=[MORTSHIRE] OS=[Unix] Server=[Samba 3.0.23c-2]
> Server not using user level security and no password supplied.
> smb: \> dir
> NT_STATUS_ACCESS_DENIED listing \*
>
> 57237 blocks of size 4194304. 4158 blocks available
>
>
> I have gone so far as to chmod both /var and /var/media to 777, and chown them
> both to smbguest:smbguest, to see if that would make a difference. It didn't. I
> still get NT_STATUS_ACCESS_DENIED.
>
> Here is the service definition output from testparm:
>
> [global]
> workgroup = MORTSHIRE
> server string = Samba Server
> security = SHARE
> guest account = smbguest
> log file = /var/log/samba/%m.log
> max log size = 50
> dns proxy = No
> wins support = Yes
> guest ok = Yes
> hosts allow = 192.168.1., 127.0.0.1
> cups options = raw
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [printers]
> comment = All Printers
> path = /usr/spool/samba
> printable = Yes
> browseable = No
>
> [media]
> comment = media on annwn.mortshire
> path = /var/media
> read only = No
>
>
> I have double and triple checked everything I can think of, and I am stumped.
> Does anyone have a clue they'd be willing to share?
>
> --
> bblackmoor at blackgate.net
> 2007-04-05
More information about the samba
mailing list