Hi,
On Saturday I was able to run smbclient to connect to my Samba share
just fine. Nothing was rebooted and nothing was installed/updated
except for adding Python and Putty on the Windows server. The Windows
server is running Windows Server 2016 and my Samba client is running
3.6.3 (it's the latest from SLES 11 but ported to SLES 10 - long
story...).
But today when I try to connect I get:
client3:/mnt/cifs_share01 # smbclient //client3.dom1.com/cifs_share01
-U cdom\rjmuser01
Enter cdom\rjmuser01's password:
Domain=[CDOM] OS=[Unix] Server=[Samba 3.6.3-9.1-3798-SUSE-CODE10-i386]
tree connect failed: NT_STATUS_ACCESS_DENIED
When I check the log I see:
[2018/06/25 10:10:05.905044, 4] smbd/reply.c:794(reply_tcon_and_X)
Client requested device type [?????] for share [CIFS_SHARE01]
[2018/06/25 10:10:05.905134, 5] smbd/service.c:1354(make_connection)
making a connection to 'normal' service cifs_share01
[2018/06/25 10:10:05.905215, 3] lib/access.c:338(allow_access)
Allowed connection from 10.10.0.34 (10.10.0.34)
[2018/06/25 10:10:05.905294, 2]
smbd/service.c:616(create_connection_session_info)
guest user (from session setup) not permitted to access this share
(cifs_share01)
[2018/06/25 10:10:05.905369, 1] smbd/service.c:805(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2018/06/25 10:10:05.905450, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
Why is it trying to connect with a guest user when I'm supplying a
valid Windows user and password? I seem to be able to still access the
share just fine from Windows.
My smb.conf is below.
Thanks,
Rob
====== smb.conf
[global]
log level = 10
os level = 1
security = ADS
server string = CIFS Server
workgroup = CDOM
log file = /var/log/samba/%m.log
encrypt passwords = yes
syslog = 1
# #winbind gid = 1000-20000
# #winbind uid = 1000-20000
password server = WIN2016-PW-SERV
idmap uid = 10000-20000
idmap gid = 10000-20000
realm = CDOM.DOM1.COM
# max protocol = SMB2
# min protocol = SMB2
server signing = mandatory
# # Disable cups
store dos attributes = yes
# vfs objects = acl_xattr
map acl inherit = yes
# Performance Enhancements
socket options = SO_RCVBUF=65536 SO_SNDBUF=65536
strict sync = yes
oplocks = yes
kernel oplocks = no
deadtime = 1
case sensitive = no
map to guest = bad user
[cifs_share01]
path = /mnt/cifs_share01/
browseable = no
read only = yes
writeable = no
store dos attributes = yes
map archive = yes
map system = yes
map hidden = yes
write list = cdom\administrator,cdom\rjmuser01