[Samba] NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue

Sebastian Arcus s.arcus at open-t.co.uk
Mon Mar 12 16:10:59 UTC 2018

On 12/03/18 14:28, Rowland Penny via samba wrote:
> On Mon, 12 Mar 2018 13:17:19 +0000
> Sebastian Arcus via samba <samba at lists.samba.org> wrote:
>> On 12/03/18 12:56, Rowland Penny via samba wrote:
>>> I don't think this is your main problem though, did the problem
>>> start after a windows update ?
>>> I think your clients are possibly trying to connect with NTLMv2
>> If that was the case, shouldn't smbclient continue to work? I can't
>> list the contents of the shares even using smbclient.
> OK, I ran some tests on one of my DCs:

I feel like a complete idiot. My Samba shares are under /srv/samba, and 
after 8 hours of troubleshooting, I discovered that /srv was missing the 
execute bit for 'other' - so regular users didn't have the permission to 
traverse the tree any more. Friday towards the end of the day I must 
have copied something under /srv, which unbeknownst to me, reset the 
permissions on /srv. From that moment on all regular users lost access 
to their shares. I can't believe I have pretty much taken this server 
apart, upgraded and downgraded kernels, upgraded and downgraded Samba 
packages and did all sorts of troubleshooting - yet I never spotted the 
missing permissions! It is true the the /srv/samba path was never 
explicitly mentioned in the logs, but still - I am sorry for the noise.

Thank for all the suggestions in the message above.

More information about the samba mailing list