[Samba] Access Denied, Roaming Profile -- no apparent reason...

Chris Hall chris.hall at halldom.com
Fri May 16 17:51:15 GMT 2008 

Samba 3.0.28a-0.fc8 & Windows XP.

When logging on to machine 'A' one of my users gets an "Access Denied"
message for a particular cookie file -- 'statse'.  When logging on to
another machine ('B'), there is no problem.

I have tried, when logged in as administrator (mapped to root on the
server), to read the cookie file on both machines.  Machine 'A' is OK.
Machine 'B' gives "Access Denied".

Other cookie files can be read on both machines with no difficulty.

I can see no difference in permissions between the 'statse' cookie and
all the others (they are all '-rw-------').

I have used Wireshark to see what machine 'A' does when it:

  a. successfully reads a cookie

  b. attempts and fails to read the 'statse' cookie

having restarted smbd and nmbd immediately before each of the above.

Apart from the names and sizes of the cookies, the process is identical
up to the point that the cookies are read:

  a. successful read:

     -> Read AndX Request, FID: 0x1402, 172 bytes at offset 0

     <- Read AndX Response, FID: 0x1402, 172 bytes

        The data is definitely there in this response packet.

     -> Trans2 Request, QUERY_FILE_INFO, FID: 0x1402, Query File Network
        Open Info

     <- Trans2 Response, FID: 0x1402, QUERY_FILE_INFO

     -> Read AndX Request, FID: 0x1402, 172 bytes at offset 0

     <- Read AndX Response, FID: 0x1402, 172 bytes

        The data is in this packet as well !!

     -> Close Request, FID: 0x1402

     <- Close Response, FID: 0x1402

  b. failed read:

     -> Read AndX Request, FID: 0x13a2, 227 bytes at offset 0

     <- Read AndX Response, FID: 0x13a2, 227 bytes

        This response is "NT Status: STATUS_SUCCESS" and the data is
        there in this response packet.

     -> Session Setup AndX Request, NTLMSSP_NEGOTIATE

     <- Session Setup AndX Response, NTLMSSP_CHALLENGE,
                              Error: STATUS_MORE_PROCESSING_REQUIRED

     -> Session Setup AndX Request, NTLMSSP_AUTH, User: \

     <- Session Setup AndX Response

     -> Tree Connect AndX Request, Path: \\HESTIA\HESTIAROOT

     <- Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED

     .... etc.

     It's true that User '\' has no access to \\HESTIA\HESTIAROOT.
     What is obscure is why '\' is involved !

There are a number of questions I have no answer for:

  1. the sequence up to and including the first 'Read AndX Response'
     is exactly the same in both cases -- I can see no difference in
     the access and other properties reported for the cookies.

     -- why, then, do the paths diverge ??

     -- is there some information that Wireshark is not showing me ?

  2. why XP is not satisfied with the first 'Read AndX Response' in
     any event ?

  3. is there some hidden access control information that I should
     look for ?  If so, how ?

Stumped :-(
-- 
Chris Hall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 470 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20080516/7b492329/signature.bin

More information about the samba mailing list