Discussion:
NT_STATUS_ACCESS_DENIED with samba-3.6.9-168.el6_5.x86_64
Doll, Margaret Ann
2014-07-21 16:01:41 UTC
Permalink
Red Hat Enterprise Linux Server release 6.5 (Santiago)
selinux is disabled.

The following commands were all run on the RedHat Server on which I am
running samba.

*The following ports are open*
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:137
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:138
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:139
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:445

*smbpasswd -r rask.geo.brown.edu <http://rask.geo.brown.edu> oldacct*
Old SMB password:
New SMB password:
Retype new SMB password:
Could not connect to machine rask.geo.brown.edu: NT_STATUS_LOGON_FAILURE

The home directory of *oldacct* is owned by *oldacct.*

*smbclient -L rask -N*
Anonymous login successful
Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]

Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Anonymous login successful
Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]

Server Comment
--------- -------

Workgroup Master
--------- -------

*If the above is run with a -d9, the output includes:*
SPNEGO login failed: Logon failure
Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
session setup ok
tconx ok
NetShareEnum failed

*Contents of simple smb.conf*

workgroup = Geology
server string = Samba Server Version %v

netbios name = RASK

interfaces = 10.2.34.10/24 127.0.0.1
hosts allow = 10.2.34. 10.2.85.79 127.
log file = /var/log/samba/log.%m
max log size = 50

security = user
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers

local master = yes


load printers = yes
cups options = raw


#============================ Share Definitions
==============================

[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

*smbtree -d3*
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
interpret_interface: Adding interface 10.2.34.10/24
added interface 10.2.34.10/24 ip=10.2.34.10 bcast=10.2.34.255
netmask=255.255.255.0
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Enter root's password:
resolve_lmhosts: Attempting lmhosts lookup for name GEOLOGY<0x1d>
resolve_lmhosts: Attempting lmhosts lookup for name GEOLOGY<0x1d>
name_resolve_bcast: Attempting broadcast lookup for name GEOLOGY<0x1d>
Got a positive name query response from 127.0.0.1 ( 10.2.34.10 )
Connecting to host=10.2.34.10
Connecting to 10.2.34.10 at port 445
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x608a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Logon failure
name_resolve_bcast: Attempting broadcast lookup for name __MSBROWSE__<0x1>
Got a positive name query response from 127.0.0.1 ( 10.2.34.10 )
Connecting to host=10.2.34.10
Connecting to 10.2.34.10 at port 445
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x608a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Logon failure
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Doll, Margaret Ann
2014-07-21 18:05:40 UTC
Permalink
On Mon, Jul 21, 2014 at 12:01 PM, Doll, Margaret Ann <
Post by Doll, Margaret Ann
Red Hat Enterprise Linux Server release 6.5 (Santiago)
selinux is disabled.
The following commands were all run on the RedHat Server on which I am
running samba.
*The following ports are open*
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:137
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:138
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:139
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:445
*smbpasswd -r rask.geo.brown.edu <http://rask.geo.brown.edu> oldacct*
Could not connect to machine rask.geo.brown.edu: NT_STATUS_LOGON_FAILURE
The home directory of *oldacct* is owned by *oldacct.*
*smbclient -L rask -N*
Anonymous login successful
Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Anonymous login successful
Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
Server Comment
--------- -------
Workgroup Master
--------- -------
*If the above is run with a -d9, the output includes:*
SPNEGO login failed: Logon failure
Domain=[GEOLOGY] OS=[Unix] Server=[Samba 3.6.9-168.el6_5]
session setup ok
tconx ok
NetShareEnum failed
*Contents of simple smb.conf*
workgroup = Geology
server string = Samba Server Version %v
netbios name = RASK
interfaces = 10.2.34.10/24 127.0.0.1
hosts allow = 10.2.34. 10.2.85.79 127.
log file = /var/log/samba/log.%m
max log size = 50
security = user
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
local master = yes
load printers = yes
cups options = raw
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
*smbtree -d3*
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
interpret_interface: Adding interface 10.2.34.10/24
added interface 10.2.34.10/24 ip=10.2.34.10 bcast=10.2.34.255
netmask=255.255.255.0
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
resolve_lmhosts: Attempting lmhosts lookup for name GEOLOGY<0x1d>
resolve_lmhosts: Attempting lmhosts lookup for name GEOLOGY<0x1d>
name_resolve_bcast: Attempting broadcast lookup for name GEOLOGY<0x1d>
Got a positive name query response from 127.0.0.1 ( 10.2.34.10 )
Connecting to host=10.2.34.10
Connecting to 10.2.34.10 at port 445
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
Got NTLMSSP neg_flags=0x608a8215
Got NTLMSSP neg_flags=0x60088215
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Logon failure
name_resolve_bcast: Attempting broadcast lookup for name __MSBROWSE__<0x1>
Got a positive name query response from 127.0.0.1 ( 10.2.34.10 )
Connecting to host=10.2.34.10
Connecting to 10.2.34.10 at port 445
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
Got NTLMSSP neg_flags=0x608a8215
Got NTLMSSP neg_flags=0x60088215
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Logon failure
I found that if I added root as a samba account,
smbclient -L rask

worked fine using root's samba password.

/etc/samba/smbpasswd remains empty.

smbclient -L rask -u oldacct

still gives NT_STATUS_ACCESS_DENIED
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Loading...