[Samba] Permission denied but ok?...other interesting things found -- hack? or lame browse?

Linda W samba at tlinx.org
Fri Oct 10 07:31:33 MDT 2014 

Meike Stone wrote:
>> Maybe I should try the reset on zerovc=1 to see if helps or hurts.
>>     
> No, the hint was to look that "reset on zero vc = 0" or NOT declared
> in the config,
> so that means NO reset of the connection.
> Reset on zero vc occurs only, if a smb connection exist from a Client
> to the server and the same client establishes a new connection with
> VC=0. Normaly, that happens, if you are behind a NAT gateway ... Thats
> that case, where the Server MUST disconnect all  sessions from this
> client.
> By default, samba does NOT reset in case of VC=0.. Only if the
> parameter "reset on zero vc=1" is set in the config ...
>   
----

But my symptoms are similar to someone behind a NAT...and don't know why
at this point.   They are not around often, but I've seen this before.  
Get strange
access denied messages to things I am working on but can't save ... but 
later can.

Since the log indicated that it 'thought about resetting', if it was 
working under
the the older rules, and the older rules seemed to work with fewer 
problems,
it might help?  I can always change it back! ;-)

I did notice some other oddities to check out...

I tried to give the the vfs_crossrename module a try -- it slowed
my reads by about 30%.  Made me wonder how the other vfs
modules might be affecting my speed.

Also noticed a bunch of messages from my relatively new
Onkyo Home theater (my old one died, so got a similar model but
up a notch)...
Have some full logs from this machine with this in it:
[2014/10/04 15:59:47,  2] auth/auth.c:319(check_ntlm_password)
  check_ntlm_password:  Authentication for user [root] -> [root] FAILED 
with error NT_STATUS_WRONG_PASSWORD
[2014/10/04 15:59:47,  2] auth/auth.c:319(check_ntlm_password)
  check_ntlm_password:  Authentication for user [root] -> [root] FAILED 
with error NT_STATUS_WRONG_PASSWORD


When I tried to browse my media on my home server, it asked me for
my login and password...but they didn't work and
wonder if it is because it isn't in the Domain.

Tried a remote add, but no go... Very odd...If I was overly
paranoid,  I might be concerned, but the stupidity in it trying
to use 'root' to log into the linux server..... well.. the frequency?
just seems odd.

Hmmm...Maybe someone is trying to leverage my home appliances
into hacking my server from the inside...

What a hoot!

(I know it is from that device, as my logs are named by host and user,
so for this thing I see logs like:

log-.tx-nr838
log-BLISS.tx-nr838
log-.192.168.3.19  (it's IP)...

More information about the samba mailing list