[Samba] Getting NT_STATUS_ACCESS_DENIED

Giedrius Tuminauskas giedrius.tuminauskas at alva-group.com
Tue Jul 22 09:13:12 MDT 2014 

Hello,

First of all, ports 137 & 138 are UDP, and NOT TCP

update your iptables with correct information:
-A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT

Regards
*
Giedrius Tuminauskas*


On 21/07/2014 20:48, Doll, Margaret Ann wrote:
> Red Hat Enterprise Linux Server release 6.5 (Santiago)
> selinux is disabled.
>
> The following commands were all run on the RedHat Server on which I am
> running samba.
>
> *The following ports are open*
> 5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:137
> 6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:138
> 7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:139
> 8    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:445
>
> *smbpasswd -r rask.geo.brown.edu <http://rask.geo.brown.edu> oldacct*
> Old SMB password:
> New SMB password:
> Retype new SMB password:
> Could not connect to machine rask.geo.brown.edu: NT_STATUS_LOGON_FAILURE
>
>   The home directory of *oldacct* is owned by *oldacct.*
>
> *smbclient -L rask -N*
> Anonymous login successful
> Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
>
>      Sharename       Type      Comment
>      ---------       ----      -------
> Error returning browse list: NT_STATUS_ACCESS_DENIED
> Anonymous login successful
> Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
>
>      Server               Comment
>      ---------            -------
>
>      Workgroup            Master
>      ---------            -------
>
> *If the above is run with a -d9, the output includes:*
> SPNEGO login failed: Logon failure
> Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
>   session setup ok
>   tconx ok
> NetShareEnum failed
>
> *Contents of simple smb.conf*
>
>      workgroup = Geology
>      server string = Samba Server Version %v
>
>      netbios name = RASK
>
>      interfaces = 10.2.34.10/24 127.0.0.1
>      hosts allow = 10.2.34. 10.2.85.79 127.
>      log file = /var/log/samba/log.%m
>      max log size = 50
>
>      security = user
>      smb passwd file = /etc/samba/smbpasswd
>      username map = /etc/samba/smbusers
>
> local master = yes
>
>
>      load printers = yes
>      cups options = raw
>
>
> #============================ Share Definitions
> ==============================
>
> [homes]
>      comment = Home Directories
>      browseable = no
>      writable = yes
> ;    valid users = %S
> ;    valid users = MYDOMAIN\%S
>
> *smbtree -d3*
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
> Processing section "[global]"
> interpret_interface: Adding interface 10.2.34.10/24
> added interface 10.2.34.10/24 ip=10.2.34.10 bcast=10.2.34.255
> netmask=255.255.255.0
> added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
> Enter root's password:
> resolve_lmhosts: Attempting lmhosts lookup for name GEOLOGY<0x1d>
> resolve_lmhosts: Attempting lmhosts lookup for name GEOLOGY<0x1d>
> name_resolve_bcast: Attempting broadcast lookup for name GEOLOGY<0x1d>
> Got a positive name query response from 127.0.0.1 ( 10.2.34.10 )
> Connecting to host=10.2.34.10
> Connecting to 10.2.34.10 at port 445
> Doing spnego session setup (blob length=58)
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=NONE
> Got challenge flags:
> Got NTLMSSP neg_flags=0x608a8215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> SPNEGO login failed: Logon failure
> name_resolve_bcast: Attempting broadcast lookup for name __MSBROWSE__<0x1>
> Got a positive name query response from 127.0.0.1 ( 10.2.34.10 )
> Connecting to host=10.2.34.10
> Connecting to 10.2.34.10 at port 445
> Doing spnego session setup (blob length=58)
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=NONE
> Got challenge flags:
> Got NTLMSSP neg_flags=0x608a8215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> SPNEGO login failed: Logon failure

More information about the samba mailing list