[Samba] smbclient suddenly getting access denied

Rob Marshall rob.marshall17 at gmail.com
Mon Jun 25 14:28:49 UTC 2018


Hi,

On Saturday I was able to run smbclient to connect to my Samba share
just fine. Nothing was rebooted and nothing was installed/updated
except for adding Python and Putty on the Windows server. The Windows
server is running Windows Server 2016 and my Samba client is running
3.6.3 (it's the latest from SLES 11 but ported to SLES 10 - long
story...).

But today when I try to connect I get:

client3:/mnt/cifs_share01 # smbclient //client3.dom1.com/cifs_share01
-U cdom\rjmuser01
Enter cdom\rjmuser01's password:
Domain=[CDOM] OS=[Unix] Server=[Samba 3.6.3-9.1-3798-SUSE-CODE10-i386]
tree connect failed: NT_STATUS_ACCESS_DENIED

When I check the log I see:

[2018/06/25 10:10:05.905044,  4] smbd/reply.c:794(reply_tcon_and_X)
  Client requested device type [?????] for share [CIFS_SHARE01]
[2018/06/25 10:10:05.905134,  5] smbd/service.c:1354(make_connection)
  making a connection to 'normal' service cifs_share01
[2018/06/25 10:10:05.905215,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.10.0.34 (10.10.0.34)
[2018/06/25 10:10:05.905294,  2]
smbd/service.c:616(create_connection_session_info)
  guest user (from session setup) not permitted to access this share
(cifs_share01)
[2018/06/25 10:10:05.905369,  1] smbd/service.c:805(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2018/06/25 10:10:05.905450,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED

Why is it trying to connect with a guest user when I'm supplying a
valid Windows user and password? I seem to be able to still access the
share just fine from Windows.

My smb.conf is below.

Thanks,

Rob

====== smb.conf
[global]
log level = 10
os level = 1
security = ADS
server string = CIFS Server
workgroup = CDOM
    log file = /var/log/samba/%m.log
encrypt passwords = yes
syslog = 1
# #winbind gid = 1000-20000
# #winbind uid = 1000-20000
password server = WIN2016-PW-SERV
idmap uid = 10000-20000
idmap gid = 10000-20000
realm = CDOM.DOM1.COM
# max protocol = SMB2
# min protocol = SMB2
server signing = mandatory
# # Disable cups
store dos attributes = yes
#       vfs objects = acl_xattr
       map acl inherit = yes
# Performance Enhancements
        socket options = SO_RCVBUF=65536 SO_SNDBUF=65536
strict sync = yes
        oplocks = yes
kernel oplocks = no
        deadtime = 1
case sensitive = no
map to guest = bad user
[cifs_share01]
   path           = /mnt/cifs_share01/
   browseable     = no
   read only  = yes
   writeable       = no
store dos attributes = yes
        map archive = yes
        map system = yes
        map hidden = yes
   write list     = cdom\administrator,cdom\rjmuser01



More information about the samba mailing list