Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: No permission to access Samba share from windows

  1. #1

    Default No permission to access Samba share from windows

    Hello,
    I've been trying to solve this issue with accessing a samba share from a windows 7 box.
    Samba is on a openSuse 13.1 computer and /mnt/media is shared.
    From windows 7 I enter the IP of the suse server and enter my samba user name and password. It then shows me the share media. But when I double click it it says I don't have permission to access \192.268.xxx.xxx\media.

    Here is my smb.conf file

    [global]

    passdb backend = tdbsam
    add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
    domain logons = No
    domain master = No
    security = user
    usershare allow guests =No
    map to guest = bad use


    [Media]
    comment = mnt media
    path = /mnt/media
    valid users = bstent
    force group = users
    writable = yes

    Here are the permissions on the /mnt/media

    drwxrwxrwx 13 bstent media 4096 Mar 9 16:49 .
    drwxr-xr-x 4 root root 4096 Mar 9 14:27 ..
    drwxrwxrwx 4 bstent media 4096 Feb 10 17:13 .Trash-1000
    drwxrwxrwx 6 bstent media 4096 Mar 9 19:50 Files and Software
    drwxrwxrwx 19 bstent media 4096 Mar 12 17:04 Movies
    drwxrwxrwx 297 bstent media 20480 Mar 3 08:29 Music
    drwxrwxrwx 67 bstent media 12288 Jan 23 14:35 Pictures

    I have no idea what I'm doing wrong but I'm sure it's a simple over sight or misunderstanding of permissions.
    Please help me if you can. it is much appreciated.

    Regards
    Brian

  2. #2
    Join Date
    Sep 2012
    Location
    Canada
    Posts
    112

    Default Re: No permission to access Samba share from windows

    Hi bstent and welcome to the openSUSE forums,

    I don't see any particular problem in your smb.conf file and in your share permissions. Did you add bstent to the Samba user database using smbpasswd as root?
    Kalten

  3. #3

    Default Re: No permission to access Samba share from windows

    Thanks for your reply.
    I have added bstent to the smbpasswd when I enter \\192.168.0.2 in windows explorer it asks for a username /password. I enter the one I used for bstent and then it presents me with the media share. When I go to click on that it says I don't have permission to access the folder.

    I'm not sure how this can be so difficult. I'm sure I'm missing something simple..

    Thanks for your help.
    Brian

  4. #4
    Join Date
    Sep 2012
    Location
    Canada
    Posts
    112

    Default Re: No permission to access Samba share from windows

    You are welcome,

    As you added bstent to the Samba user database, I read the contents of your smb.conf again, and I found two possible issues:

    Code:
    [global]
    
            passdb backend = tdbsam
            add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
            domain logons = No
            domain master = No
            security = user
            usershare allow guests =No
            map to guest = bad use
    
    
    [Media]
            comment = mnt media
            path = /mnt/media
            valid users = bstent
            force group = users
            writable = yes
    The first issue is a typo I think, the correct value for map to guest is bad user. The second isn't really an issue, but the permissions on /mnt/media show the group media as its group class. Maybe you should force group to media in the share definition?

    If you still can't access to the Media share from your Windows 7 computer, you should increase Samba verbosity by setting the parameter log level to 2 in the global section of your smb.conf file. Then:
    1. check your smb.conf file with testparm (just in case)
    2. restart smbd deamon
    3. wait for a minute
    4. attempt a connection to the Media share with you Windows 7 computer
    5. check Samba smbd deamon log in /var/log/samba (if I remember well, otherwise check log files' location with smbd -b | grep LOGFILEBASE)

    Of course, we will be happy to help you if you share with us the content of the log file. In that case, please copy its content between CODE tags (tag usage: [TAG]text[/TAG]).
    Kalten

  5. #5

    Default Re: No permission to access Samba share from windows

    Hi thanks again for your time!

    I tired your edits thanks, but still am getting blocked. I did create the logs and here is what they look like after I attempt to connect to the media share.
    before you view the logs I thought I'd should post my mount settings from /etc/fstab just to be sure there isn't an option there that is causing the problem. I am a newb after all

    suseserv:/home/bstent/log # cat /etc/fstab
    /dev/disk/by-id/ata-WDC_WD1600AAJS-60B4A0_WD-WMAT20700566-part1 swap swap defaults 0 0
    /dev/disk/by-id/ata-WDC_WD1600AAJS-60B4A0_WD-WMAT20700566-part2 / ext4 acl,user_xattr 1 1
    /dev/disk/by-id/ata-WDC_WD1600AAJS-60B4A0_WD-WMAT20700566-part3 /home ext4 acl,user_xattr 1 2
    /dev/sdb1 /mnt/media ext4 auto,rw,users,exec 0 1
    /dev/sdc1 /mnt/backup ext4 auto,users,exec 0 1


    ---------------------------------------------------------------------------------
    suseserv:/home/bstent/log # cat samba.log.smbd
    [2014/03/14 15:33:57.183297, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5842 -- ignoring
    [2014/03/14 15:34:57.244352, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5870 -- ignoring
    [2014/03/14 15:35:57.296604, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5901 -- ignoring
    [2014/03/14 15:36:57.348729, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5925 -- ignoring
    [2014/03/14 15:37:57.410528, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5941 -- ignoring
    [2014/03/14 15:38:57.444208, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5957 -- ignoring
    [2014/03/14 15:39:57.505701, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5973 -- ignoring
    [2014/03/14 15:40:57.557906, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5991 -- ignoring

    ----------------------------------------------------------------------------------------------
    This looks like the log from my window client pc

    suseserv:/home/bstent/log # cat samba.log.192.168.222.55
    [2014/03/14 15:33:37.394149, 2] ../source3/param/loadparm.c:3581(do_section)
    Processing section "[Media]"
    [2014/03/14 15:33:37.395098, 2] ../source3/auth/auth.c:278(auth_check_ntlm_password)
    check_ntlm_password: authentication for user [bstent] -> [bstent] -> [bstent] succeeded

    --------------------------------------------------------------------------------------------------------

    This looks like the user log.

    suseserv:/home/bstent/log # cat samba.log.bstent
    [2014/03/14 15:33:37.726651, 2] ../source3/smbd/service.c:848(make_connection_snum)
    bstent (ipv4:192.168.222.55:27926) connect to service Media initially as user bstent (uid=1000, gid=1000) (pid 5827)

    -------------------------------------------------------------------------------------------------------------------------


    Thanks
    Brian

  6. #6
    Join Date
    Sep 2012
    Location
    Canada
    Posts
    112

    Default Re: No permission to access Samba share from windows

    Quote Originally Posted by bstent
    [...]

    I tired your edits thanks, but still am getting blocked. I did create the logs and here is what they look like after I attempt to connect to the media share.
    before you view the logs I thought I'd should post my mount settings from /etc/fstab just to be sure there isn't an option there that is causing the problem. I am a newb after all

    Code:
    suseserv:/home/bstent/log # cat /etc/fstab
    /dev/disk/by-id/ata-WDC_WD1600AAJS-60B4A0_WD-WMAT20700566-part1 swap                 swap       defaults              0 0
    /dev/disk/by-id/ata-WDC_WD1600AAJS-60B4A0_WD-WMAT20700566-part2 /                    ext4       acl,user_xattr        1 1
    /dev/disk/by-id/ata-WDC_WD1600AAJS-60B4A0_WD-WMAT20700566-part3 /home                ext4       acl,user_xattr        1 2
    /dev/sdb1       /mnt/media                                                           ext4       auto,rw,users,exec      0 1
    /dev/sdc1       /mnt/backup                                                          ext4       auto,users,exec         0 1
    Good idea! That could explain a lot. Samba Wiki recommends to mount ext4 filesystems with acl an user_xattr options [1]. Futhermore, as users option automaticaly disables some features, my recommendation is to change /dev/sdb1 line in /etc/fstab to:

    Code:
    /dev/sdb1 /mnt/media ext4 acl,user_xattr 0 2
    Note that the sixth field should have a value of 2 for filesystems other than the root filesystem (such as /dev/sdb1 and /dev/sdc1). See man fstab for details.

    Don't forget to make a copy of your /etc/fstab before any modification. I won't like to be responsible of an unbootable system!

    Quote Originally Posted by bstent

    Code:
    suseserv:/home/bstent/log # cat samba.log.smbd
    [2014/03/14 15:33:57.183297, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5842 -- ignoring
    [2014/03/14 15:34:57.244352, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5870 -- ignoring
    [2014/03/14 15:35:57.296604, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5901 -- ignoring
    [2014/03/14 15:36:57.348729, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5925 -- ignoring
    [2014/03/14 15:37:57.410528, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5941 -- ignoring
    [2014/03/14 15:38:57.444208, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5957 -- ignoring
    [2014/03/14 15:39:57.505701, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5973 -- ignoring
    [2014/03/14 15:40:57.557906, 2] ../source3/smbd/server.c:437(remove_child_pid)
    Could not find child 5991 -- ignoring
    This looks like the log from my window client pc

    Code:
    suseserv:/home/bstent/log # cat samba.log.192.168.222.55
    [2014/03/14 15:33:37.394149, 2] ../source3/param/loadparm.c:3581(do_section)
    Processing section "[Media]"
    [2014/03/14 15:33:37.395098, 2] ../source3/auth/auth.c:278(auth_check_ntlm_password)
    check_ntlm_password: authentication for user [bstent] -> [bstent] -> [bstent] succeeded
    This looks like the user log.

    Code:
    suseserv:/home/bstent/log # cat samba.log.bstent
    [2014/03/14 15:33:37.726651, 2] ../source3/smbd/service.c:848(make_connection_snum)
    bstent (ipv4:192.168.222.55:27926) connect to service Media initially as user bstent (uid=1000, gid=1000) (pid 5827)
    So authentification works. From your previous post we know that permissions on the share are OK. I hope changing the mount options will fix the problem, otherwise we will start to run in circles!

    References
    [1] “Setup and configure file shares - SambaWiki.” [Online]. Available: https://wiki.samba.org/index.php/Set...re_file_shares. [Accessed: 16-Mar-2014].
    Kalten

  7. #7

    Default Re: No permission to access Samba share from windows

    Hi!

    I think I'm having a similar issue, and no solutions as of yet as well:
    My goal is sharing a r/w directory of my htpc for everyone

    my smb.conf:
    Code:
    [global]
    workgroup = WORKGROUP
    netbios name = HTPC
    passdb backend = tdbsam
    map to guest = Bad User
    log file = /var/log/samba/log.%m
    
    
    [shared1]
    path = /srv/samba/
    read only = No
    guest ok = Yes
    guest only = Yes
    
    
    [shared2]
    path = /home/balint
    read only = No
    guest ok = Yes
    guest only = Yes
    This allows me to see the 2 shares, but I'm only able to enter 1 of them, the one in my home directory:






    The permissions are:
    Code:
    htpc:/srv # ls -la
    total 32
    drwxr-xr-x  8 root root 4096 Mar 17 12:27 .
    drwxr-xr-x 23 root root 4096 Mar 17 14:20 ..
    drwxr-xr-x  3 root ftp  4096 Mar 15 12:06 ftp
    drwxr-xr-x  3 root root 4096 Jan 21 10:59 git
    drwxr-xr-x  2 root root 4096 Mar 17 14:32 samba
    drwxr-xr-x  3 svn  svn  4096 Feb 22 09:26 svn
    drwxr-x---  2 tftp tftp 4096 Sep 28 05:13 tftpboot
    drwxr-xr-x  5 root root 4096 Dec 15 19:47 www
    htpc:/srv #

    What could be the problem???

    Thanks:
    Balint

  8. #8
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,188

    Default Re: No permission to access Samba share from windows

    To the poster above me, set the shares to public = yes.

    And for the security conscious, it's not a good idea.
    .: miuku @ #opensuse @ irc.libera.chat

  9. #9

    Default Re: No permission to access Samba share from windows

    Quote Originally Posted by Miuku View Post
    To the poster above me, set the shares to public = yes.

    And for the security conscious, it's not a good idea.
    Did that, no change, and FYI:
    http://www.samba.org/samba/docs/man/...l#GUESTACCOUNT

    Code:
    public
    This parameter is a synonym for guest ok.
    
    In the end, I changed the permission of /srv/samba to 777, changed user to balint, group to users, added log level = 100 to smb.conf, and I'm seeing:

    Code:
    [2014/03/17 14:57:26.856598, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid)
      LEGACY: gid 100 -> sid S-1-22-2-100
    [2014/03/17 14:57:26.856636, 10, pid=3516, effective(65534, 65533), real(65534, 0), class=acls] ../source3/smbd/posix_acls.c:2732(canonicalise_acl)
      canonicalise_acl: Access ace entries before arrange :
    [2014/03/17 14:57:26.856670, 10, pid=3516, effective(65534, 65533), real(65534, 0), class=acls] ../source3/smbd/posix_acls.c:2745(canonicalise_acl)
      canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx
    [2014/03/17 14:57:26.856709, 10, pid=3516, effective(65534, 65533), real(65534, 0), class=acls] ../source3/smbd/posix_acls.c:2745(canonicalise_acl)
      canon_ace index 1. Type = allow SID = S-1-22-2-100 gid 100 (users) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx
    [2014/03/17 14:57:26.856749, 10, pid=3516, effective(65534, 65533), real(65534, 0), class=acls] ../source3/smbd/posix_acls.c:2745(canonicalise_acl)
      canon_ace index 2. Type = allow SID = S-1-22-1-1000 uid 1000 (balint) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
    [2014/03/17 14:57:26.856792, 10, pid=3516, effective(65534, 65533), real(65534, 0), class=acls] ../source3/smbd/posix_acls.c:848(print_canon_ace_list)
      print_canon_ace_list: canonicalise_acl: ace entries after arrange
      canon_ace index 0. Type = allow SID = S-1-22-1-1000 uid 1000 (balint) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
      canon_ace index 1. Type = allow SID = S-1-22-2-100 gid 100 (users) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx
      canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx
    [2014/03/17 14:57:26.856879, 10, pid=3516, effective(65534, 65533), real(65534, 0), class=acls] ../source3/smbd/posix_acls.c:1110(map_canon_ace_perms)
      map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff
    [2014/03/17 14:57:26.856913, 10, pid=3516, effective(65534, 65533), real(65534, 0), class=acls] ../source3/smbd/posix_acls.c:1110(map_canon_ace_perms)
      map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff
    [2014/03/17 14:57:26.856955, 10, pid=3516, effective(65534, 65533), real(65534, 0), class=acls] ../source3/smbd/posix_acls.c:1110(map_canon_ace_perms)
      map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff
    [2014/03/17 14:57:26.856996, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/open.c:172(smbd_check_access_rights)
      smbd_check_access_rights: file . requesting 0x80 returning 0x0 (NT_STATUS_OK)
    
    ...
    
    [2014/03/17 14:57:26.857791,  5, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/files.c:125(file_new)
      allocated file structure fnum 835890537 (1 used)
    [2014/03/17 14:57:26.857811, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/files.c:713(file_name_hash)
      file_name_hash: /srv/samba/. hash 0xf8ee8ccc
    [2014/03/17 14:57:26.857840, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/open.c:406(fd_open)
      fd_open: name ., flags = 0200000 mode = 00, fd = -1. Permission denied
    [2014/03/17 14:57:26.857862,  5, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/open.c:3187(open_directory)
      open_directory: Could not open fd for . (NT_STATUS_ACCESS_DENIED)
    [2014/03/17 14:57:26.857880,  5, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
      check lock order 1 for /var/lib/samba/smbXsrv_open_global.tdb
    [2014/03/17 14:57:26.857897, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order)
      lock order:  1:/var/lib/samba/smbXsrv_open_global.tdb 2:<none> 3:<none>
    [2014/03/17 14:57:26.857915, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key)
      Locking key 31CA3802
    [2014/03/17 14:57:26.857935, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal)
      Allocated locked data 0x0x7f4d0bdfa720
    [2014/03/17 14:57:26.857958, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key)
      Unlocking key 31CA3802
    [2014/03/17 14:57:26.857976,  5, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
      release lock order 1 for /var/lib/samba/smbXsrv_open_global.tdb
    [2014/03/17 14:57:26.857997, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order)
      lock order:  1:<none> 2:<none> 3:<none>
    [2014/03/17 14:57:26.858017,  5, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/files.c:525(file_free)
      freed files structure 835890537 (0 used)
    [2014/03/17 14:57:26.858034, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/open.c:4063(create_file_unixpath)
      create_file_unixpath: NT_STATUS_ACCESS_DENIED
    [2014/03/17 14:57:26.858051, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/open.c:4336(create_file_default)
      create_file: NT_STATUS_ACCESS_DENIED
    [2014/03/17 14:57:26.858069, 50, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/util/tevent_debug.c:63(samba_tevent_debug)
      s3_tevent: Schedule immediate event "tevent_req_trigger": 0x7f4d0be021e0
    [2014/03/17 14:57:26.858098, 50, pid=3516, effective(65534, 65533), real(65534, 0)] ../lib/util/tevent_debug.c:63(samba_tevent_debug)
      s3_tevent: Run immediate event "tevent_req_trigger": 0x7f4d0be021e0
    [2014/03/17 14:57:26.858118, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/smb2_server.c:2643(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_create.c:302
    [2014/03/17 14:57:26.858136, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex)
      smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2682
    [2014/03/17 14:57:26.858197, 10, pid=3516, effective(65534, 65533), real(65534, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit)
      smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/10/31

  10. #10

    Default Re: No permission to access Samba share from windows

    Hello again,

    I tried your recommendations to no avail. Before I re-post my current configs. I do want to mention like the other poster. I can access shares that are within my home folder /home/bstent/ Its just anything outside of that I can't access.

    Here is the permission of the share.
    drwxrwxrwx 13 bstent users 4096 Mar 9 16:49 media

    Here is my Fstab of the drive I'm trying to access.
    /dev/sdb1 /mnt/media ext4 acl,user_xattr 0 2

    Here is my smb.conf (note I added the home share to test and it allows me access)
    [global]

    passdb backend = tdbsam
    add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
    domain logons = No
    domain master = No
    security = domain
    usershare allow guests = Yes
    map to guest = bad user

    # Debug logging information
    log level = 2
    log file = /home/bstent/log/samba.log.%m
    max log size = 50
    debug timestamp = yes
    usershare max shares = 100
    workgroup =

    [Media]
    comment = mnt media
    path = /mnt/media
    valid users = bstent
    force group = users
    writable = yes
    force group = users
    guest ok = Yes
    read only = No
    public = yes
    [bstent]
    comment = bstent
    inherit acls = Yes
    path = /home/bstent
    read only = No
    guest ok = Yes

    I'm not sure if OpenSuse 13.1 has some override that disables access to anything from outside the users /home folder? My firewall is also disabled if that helps.
    Thanks again for troubleshooting.
    It seems I'm not alone with this issue let me know if you find a solution Balint and I will do the same.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •