samba - Aug 2004 - access denied with samba share

Hello Samba group,

Problem:

I cannot get samba share to grant access to my /shared
share.  I created it, gave the linux user permissions
and tested them, my Windows XP Pro sees the share, I
can map a drive to it, but I cannot change to it:
Access denied is the error I get.  I'm logged into
Windows XP as the same user ID and password as on the
Linux system.

I had a problem when accessing the share at first with
Windows prompting me for a userID and password, but I
did the smbpasswd command, and got that working.  Then
I could see the shares.
  
I can see the shares, I can map, for example, the J:
drive to "shared", but cannot switch to it by typing:
"J: enter".

Testparm has no errors.  Here are the results:

[root@brain /]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[shared]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
  
# Global parameters
[global]
        workgroup = Testgroup
        server string = Samba Server
        log file = /var/log/samba/%m.log
        max log size = 500
        socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
        dns proxy = No
        ldap ssl = no
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        hosts allow = 10.200.1.
 
[homes]
        comment = Home Directories
        read only = No
        browseable = No
 
[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
 
[shared]
        path = /shared
        read only = No
        guest ok = Yes
[root@brain /]#

I'm using samba 3.0.5-2 on Fedora Core 2, and Windows
XP Pro sp1, all tcp/ip.  

Thanks for any assistance.  I cannot understand what I
am doing wrong.  It is not obvious, this time, or the
last time- 1.5 years ago - when I ran into the same
problem: I cannot even create a simple share.  I have
9000 samba books, read everything I can think of, and
it is just not obvious to me, what I am doing wrong. 
I always get 90% of the way to a simple share.

If you need more info to help me, just ask.
Thanks for your time.
-Chad
 


		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail

On Sunday, 2004-08-01 at 10:26:49 -0700, chad work wrote:
> I can see the shares, I can map, for example, the J:
> drive to "shared", but cannot switch to it by typing:
> "J: enter".
I'm having the same problem. Let me add what I found out:

1) I can access the share with smbclient from Linux. In fact, the
   machine that is also the server.
2) When I share the C drive from a Win98SE machine read-only, I can
   access it from the WinXP Pro machine.
3) When I share that drive read-write with an empty password, WinXP can
   also use.
4) As soon as I set a password for that share, I have the same problem
   I have with the Samba shares.
5) Deinstalling the most recent patches from Win XP did not give me that
   access back.
6) When I tcpdump the Samba connection, I see just one request and one
   reply, With an error STATUS_ACCESS_DENIED. I'm attaching the request
   and the response, as decoded by Ethereal.
7) I see nothing in the Samba traces the hints to the cause of the
   problem. But I'm no Samba Guru.

I conclude that this is *not* a Samba problem. It must be caused by
something on the Win XP side. That something causes it to fail to
authenticate.

Of course, any help with this is appreciated. I found nothing in the
Mickysoft Knowledge Base, but I'm no MSCE nor would I want to be one.

Actually, I subscribed to this mailing list in the hope a solution
would come up.

Lupe Christoph
-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |
-------------- next part --------------
No.     Time        Source                Destination           Protocol Info
     24 0.016738    172.17.0.3            172.17.0.9            SMB      NT
Create AndX Request, Path: \

Frame 24 (146 bytes on wire, 146 bytes captured)
    Arrival Time: Jul 20, 2004 10:02:33.536537000
    Time delta from previous packet: 0.001933000 seconds
    Time since reference or first frame: 0.016738000 seconds
    Frame Number: 24
    Packet Length: 146 bytes
    Capture Length: 146 bytes
Ethernet II, Src: 00:a0:c9:78:08:06, Dst: 00:02:b3:88:f3:b6
    Destination: 00:02:b3:88:f3:b6 (Intel_88:f3:b6)
    Source: 00:a0:c9:78:08:06 (Intel-Hf_78:08:06)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 172.17.0.3 (172.17.0.3), Dst Addr: 172.17.0.9
(172.17.0.9)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 132
    Identification: 0x0a6e (2670)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x97d7 (correct)
    Source: 172.17.0.3 (172.17.0.3)
    Destination: 172.17.0.9 (172.17.0.9)
Transmission Control Protocol, Src Port: 1311 (1311), Dst Port: netbios-ssn
(139), Seq: 1570, Ack: 1213, Len: 92
    Source port: 1311 (1311)
    Destination port: netbios-ssn (139)
    Sequence number: 1570    (relative sequence number)
    Next sequence number: 1662    (relative sequence number)
    Acknowledgement number: 1213    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 63028
    Checksum: 0x0cac (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 23
        The RTT to ACK the segment was: 0.001933000 seconds
NetBIOS Session Service
    Message Type: Session message
    Flags: 0x00
        .... ...0 = Add 0 to length
    Length: 88
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        Response in: 25
        SMB Command: NT Create AndX (0xa2)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x18
            0... .... = Request/Response: Message is a request to the server
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
        Flags2: 0xc807
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .1.. .... .... .... = Error Code Type: Error codes are NT error
codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended
security negotiation is supported
            .... .... .0.. .... = Long Names Used: Path names in request are not
long file names
            .... .... .... .1.. = Security Signatures: Security signatures are
supported
            .... .... .... ..1. = Extended Attributes: Extended attributes are
supported
            .... .... .... ...1 = Long Names Allowed: Long file names are
allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 1
        Process ID: 1460
        User ID: 100
        Multiplex ID: 36352
    NT Create AndX Request (0xa2)
        Word Count (WCT): 24
        AndXCommand: No further commands (0xff)
        Reserved: 00
        AndXOffset: 57054
        Reserved: 00
        File Name Len: 2
        Create Flags: 0x00000010
            .... .... .... .... .... .... ...1 .... = Extended Response:
Extended responses required
            .... .... .... .... .... .... .... 0... = Create Directory: Target
of open can be a file
            .... .... .... .... .... .... .... .0.. = Batch Oplock: Does NOT
request batch oplock
            .... .... .... .... .... .... .... ..0. = Exclusive Oplock: Does NOT
request oplock
        Root FID: 0x00000000
        Access Mask: 0x00100001
            0... .... .... .... .... .... .... .... = Generic Read: Generic read
is NOT set
            .0.. .... .... .... .... .... .... .... = Generic Write: Generic
write is NOT set
            ..0. .... .... .... .... .... .... .... = Generic Execute: Generic
execute is NOT set
            ...0 .... .... .... .... .... .... .... = Generic All: Generic all
is NOT set
            .... ..0. .... .... .... .... .... .... = Maximum Allowed: Maximum
allowed is NOT set
            .... ...0 .... .... .... .... .... .... = System Security: System
security is NOT set
            .... .... ...1 .... .... .... .... .... = Synchronize: Can wait on
handle to SYNCHRONIZE on completion of I/O
            .... .... .... 0... .... .... .... .... = Write Owner: Can NOT write
owner (take ownership)
            .... .... .... .0.. .... .... .... .... = Write DAC: Owner may NOT
write to the DAC
            .... .... .... ..0. .... .... .... .... = Read Control: Read access
is NOT granted to owner, group and ACL of the SID
            .... .... .... ...0 .... .... .... .... = Delete: NO delete access
            .... .... .... .... .... ...0 .... .... = Write Attributes: NO write
attributes access
            .... .... .... .... .... .... 0... .... = Read Attributes: NO read
attributes access
            .... .... .... .... .... .... .0.. .... = Delete Child: NO delete
child access
            .... .... .... .... .... .... ..0. .... = Execute: NO execute access
            .... .... .... .... .... .... ...0 .... = Write EA: NO write
extended attributes access
            .... .... .... .... .... .... .... 0... = Read EA: NO read extended
attributes access
            .... .... .... .... .... .... .... .0.. = Append: NO append access
            .... .... .... .... .... .... .... ..0. = Write: NO write access
            .... .... .... .... .... .... .... ...1 = Read: READ access
        Allocation Size: 0
        File Attributes: 0x00000000
            .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an
encrypted file
            .... .... .... .... ..0. .... .... .... = Content Indexed: This file
MAY be indexed by the content indexing service
            .... .... .... .... ...0 .... .... .... = Offline: This file is NOT
offline
            .... .... .... .... .... 0... .... .... = Compressed: This is NOT a
compressed file
            .... .... .... .... .... .0.. .... .... = Reparse Point: This file
does NOT have an associated reparse point
            .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a
sparse file
            .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a
temporary file
            .... .... .... .... .... .... 0... .... = Normal: This file has some
attribute set
            .... .... .... .... .... .... .0.. .... = Device: This is NOT a
device
            .... .... .... .... .... .... ..0. .... = Archive: This file has NOT
been modified since last archive
            .... .... .... .... .... .... ...0 .... = Directory: This is NOT a
directory
            .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a
volume ID
            .... .... .... .... .... .... .... .0.. = System: This is NOT a
system file
            .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a
hidden file
            .... .... .... .... .... .... .... ...0 = Read Only: This file is
NOT read only
        Share Access: 0x00000003
            .... .... .... .... .... .... .... .0.. = Delete: Object can NOT be
shared for delete
            .... .... .... .... .... .... .... ..1. = Write: Object can be
shared for WRITE
            .... .... .... .... .... .... .... ...1 = Read: Object can be shared
for READ
        Disposition: Open (if file exists open it, else fail) (1)
        Create Options: 0x00004001
            .... .... .... .... .... .... .... ...1 = Directory: File being
created/opened must be a directory
            .... .... .... .... .... .... .... ..0. = Write Through: Writes need
not flush buffered data before completing
            .... .... .... .... .... .... .... .0.. = Sequential Only: The file
might not only be accessed sequentially
            .... .... .... .... .... .... ...0 .... = Sync I/O Alert: Operations
NOT necessarily synchronous
            .... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
            .... .... .... .... .... .... .0.. .... = Non-Directory: File being
created/opened must be a directory
            .... .... .... .... .... ..0. .... .... = No EA Knowledge: The
client understands extended attributes
            .... .... .... .... .... .0.. .... .... = 8.3 Only: The client
understands long file names
            .... .... .... .... .... 0... .... .... = Random Access: The file
will not be accessed randomly
            .... .... .... .... ...0 .... .... .... = Delete On Close: The file
should not be deleted when it is closed
        Impersonation: Impersonation (2)
        Security Flags: 0x00
            .... ...0 = Context Tracking: Security tracking mode is STATIC
            .... ..0. = Effective Only: ALL aspects of the client's security
context are available
        Byte Count (BCC): 5
        File Name: \

0000  00 02 b3 88 f3 b6 00 a0 c9 78 08 06 08 00 45 00   .........x....E.
0010  00 84 0a 6e 40 00 80 06 97 d7 ac 11 00 03 ac 11   ...n@...........
0020  00 09 05 1f 00 8b 79 c3 dc dd cc 08 9d 86 50 18   ......y.......P.
0030  f6 34 0c ac 00 00 00 00 00 58 ff 53 4d 42 a2 00   .4.......X.SMB..
0040  00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 01 00 b4 05 64 00 00 8e 18 ff 00 de de 00   ......d.........
0060  02 00 10 00 00 00 00 00 00 00 01 00 10 00 00 00   ................
0070  00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00   ................
0080  00 00 01 40 00 00 02 00 00 00 00 05 00 00 5c 00   ...@..........\.
0090  00 00                                             ..

No.     Time        Source                Destination           Protocol Info
     25 0.016792    172.17.0.9            172.17.0.3            SMB      NT
Create AndX Response, Error: STATUS_ACCESS_DENIED

Frame 25 (93 bytes on wire, 93 bytes captured)
    Arrival Time: Jul 20, 2004 10:02:33.536591000
    Time delta from previous packet: 0.000054000 seconds
    Time since reference or first frame: 0.016792000 seconds
    Frame Number: 25
    Packet Length: 93 bytes
    Capture Length: 93 bytes
Ethernet II, Src: 00:02:b3:88:f3:b6, Dst: 00:a0:c9:78:08:06
    Destination: 00:a0:c9:78:08:06 (Intel-Hf_78:08:06)
    Source: 00:02:b3:88:f3:b6 (Intel_88:f3:b6)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 172.17.0.9 (172.17.0.9), Dst Addr: 172.17.0.3
(172.17.0.3)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 79
    Identification: 0x52fc (21244)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x8f7e (correct)
    Source: 172.17.0.9 (172.17.0.9)
    Destination: 172.17.0.3 (172.17.0.3)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1311
(1311), Seq: 1213, Ack: 1662, Len: 39
    Source port: netbios-ssn (139)
    Destination port: 1311 (1311)
    Sequence number: 1213    (relative sequence number)
    Next sequence number: 1252    (relative sequence number)
    Acknowledgement number: 1662    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 8576
    Checksum: 0xa4ff (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 24
        The RTT to ACK the segment was: 0.000054000 seconds
NetBIOS Session Service
    Message Type: Session message
    Flags: 0x00
        .... ...0 = Add 0 to length
    Length: 35
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        Response to: 24
        Time from request: 0.000054000 seconds
        SMB Command: NT Create AndX (0xa2)
        NT Status: STATUS_ACCESS_DENIED (0xc0000022)
        Flags: 0x88
            1... .... = Request/Response: Message is a response to the
client/redirector
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
        Flags2: 0xc801
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .1.. .... .... .... = Error Code Type: Error codes are NT error
codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended
security negotiation is supported
            .... .... .0.. .... = Long Names Used: Path names in request are not
long file names
            .... .... .... .0.. = Security Signatures: Security signatures are
not supported
            .... .... .... ..0. = Extended Attributes: Extended attributes are
not supported
            .... .... .... ...1 = Long Names Allowed: Long file names are
allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 1
        Process ID: 1460
        User ID: 100
        Multiplex ID: 36352
    NT Create AndX Response (0xa2)
        Word Count (WCT): 0
        Byte Count (BCC): 0

0000  00 a0 c9 78 08 06 00 02 b3 88 f3 b6 08 00 45 00   ...x..........E.
0010  00 4f 52 fc 40 00 40 06 8f 7e ac 11 00 09 ac 11   .OR.@.@..~......
0020  00 03 00 8b 05 1f cc 08 9d 86 79 c3 dd 39 50 18   ..........y..9P.
0030  21 80 a4 ff 00 00 00 00 00 23 ff 53 4d 42 a2 22   !........#.SMB."
0040  00 00 c0 88 01 c8 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 01 00 b4 05 64 00 00 8e 00 00 00            ......d......