[Samba] NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
Rowland Penny
rpenny at samba.org
Mon Mar 12 11:28:49 UTC 2018
On Mon, 12 Mar 2018 11:11:44 +0000
Sebastian Arcus via samba <samba at lists.samba.org> wrote:
> I have a Samba AD running Samba 4.7.5. Everything was working fine,
> when, seemingly out of the blue, the users started to be denied
> access to all shares. If I try from a Windows 7 or Windows 10
> machine, logged in as a user in "Domain Uses", I get:
>
> "Windows cannot access \\server-name\share_name. You do not have
> permission to access \\server-name\share_name"
>
> If I use smbclient, it allows me to login on the share, but if I do
> 'ls', I get:
>
> smb: \> ls
> NT_STATUS_ACCESS_DENIED listing \*
>
> I have tried the following:
>
> 1. The Domain admin can still access the shares - both from smbclient
> and from Windows machines.
>
> 2. I have checked the acl's on the server, they look ok:
>
> # getfacl share_name/
> # file: clients/
> # owner: root
> # group: MYDOMAIN\134domain\040users
> user::rwx
> group::rwx
> group:MYDOMAIN\134domain\040users:rwx
> mask::rwx
> other::rwx
> default:user::rwx
> default:group::rwx
> default:group:MYDOMAIN\134domain\040users:rwx
> default:mask::rwx
> default:other::---
>
> 3. "wbinfo -g" and "wbinfo -u" work correctly
>
> 4. Kerberos tests work correctly
>
> 5. There are no errors in the Bind/dns configuration
>
> 6. I have logged in through Windows and reset the permissions there
> to allow "Domain Users" on the share
>
> 7. All my smb.conf shares look like this:
>
> [share_name]
> path = /srv/samba/share_name
> read only = No
> inherit acls = yes
>
>
> I am at a loss how "Domain Users" is denied access to the share, when
> everything appears to be fine. Any suggestions much appreciated!
>
Can you post your entire smb.conf (as on disk)
Rowland
More information about the samba
mailing list