cloun
2019-Apr-03 22:37 UTC
[Samba] Shared printing between Linux (client) and Windows (server): NT_STATUS_ACCESS_DENIED
I have a Windows 7 workstation with physically connected printer and
Linux laptop (Linux Mint 19). They are connected to each other via
router with internet cord plugged in.
I managed to establish file exchange between them: create a shared
resource on one computer, then access it from another. But the same
trick with printer just do not work: as soon as I try to access it via
network from laptop, it gives me an Access Denied error (if accessed
from terminal) or requires me to authenticate endlessly (if accessed
from GUI; any document in print queue gets a `Held for Authentication'
status if I refuse to enter any credentials.
$ samba --version
Version 4.7.6-Ubuntu
$ uname -r
4.15.0-46-generic
I made some log excerpts and command results provided below. I am not
sure about what else should I include; I am not an experienced Linux
user by any means, but hope you can give me some advices.
Additional info: SMB v1 is switched off on Windows side due to security
reasons. `$ smbtree' gives no results. Switching ufw does not change
anything. On Windows side Guest account is active and Password Protected
Sharing is disabled. Printer permissions are set for Guest and I can
print under Guest account locally on that Win7 machine with no problem.
LOCAL is the name of workgroup.
--------------------------------------------------
resource list cmd
--------------------------------------------------
$ smbclient -L 192.168.0.100
WARNING: The "null passwords" option is deprecated
Enter LOCAL\kotee's password:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Удаленный Admin
C$ Disk Стандартный общий ресурс
D$ Disk Стандартный общий ресурс
F$ Disk Стандартный общий ресурс
H$ Disk Стандартный общий ресурс
hp1516 Printer hp1516
IPC$ IPC Удаленный IPC
print$ Disk Драйверы принтеров
Public Disk
Users Disk
SMB1 disabled -- no workgroup available
------------------------------------------------
end of cmd output
------------------------------------------------
------------------------------------------------
/etc/samba/smb.conf
------------------------------------------------
[global]
browseable = yes
workgroup = local
null passwords = yes
wins support = true
local master = no
domain master = no
preferred master = no
client min protocol = SMB2
ntlm auth = no
lanman auth = yes
client ntlmv2 auth = yes
server string = XXXXXXXXX
load printers = yes
printing = cups
printcap name = cups
use client driver = yes
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
server role = standalone server
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = Bad Password
usershare allow guests = yes
usershare owner only = no
security = user
encrypt passwords = yes
guest ok = yes
guest account = kotee
[printers]
comment = All Printers
; browseable = yes
path = /tmp
printable = yes
guest ok = yes
; read only = yes
create mask = 0700
use client driver = yes
[temp]
browseable = yes
writeable = yes
path = /home/kotee/tmp
force user = kotee
force group = kotee
guest ok = yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
; browseable = yes
; read only = yes
; guest ok = no
-----------------------------------------------------
end of /etc/samba/smb.conf file
-----------------------------------------------------
-----------------------------------------------------
a test printing command
-----------------------------------------------------
$ echo -en "asdfg\n" | smbclient "\\\\192.168.0.100\\hp1516"
-c "print -" -N -d10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
Processing section "[global]"
doing parameter browseable = yes
doing parameter workgroup = local
doing parameter null passwords = yes
WARNING: The "null passwords" option is deprecated
doing parameter wins support = true
doing parameter local master = no
doing parameter domain master = no
doing parameter preferred master = no
doing parameter client min protocol = SMB2
doing parameter ntlm auth = no
doing parameter lanman auth = yes
doing parameter client ntlmv2 auth = yes
doing parameter server string = XXXXXX
doing parameter load printers = yes
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter use client driver = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter server role = standalone server
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter pam password change = yes
doing parameter map to guest = Bad Password
doing parameter usershare allow guests = yes
doing parameter usershare owner only = no
doing parameter security = user
doing parameter encrypt passwords = yes
doing parameter guest ok = yes
doing parameter guest account = kotee
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface wlp4s0 ip=192.168.0.102 bcast=192.168.0.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="XXXXXXXXXX"
Client started (version 4.7.6-Ubuntu).
Connecting to 192.168.0.100 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[SMB2_10] against server[192.168.0.100]
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x62088215 (1644724757)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
WorkstationLen : 0x0000 (0)
WorkstationMaxLen : 0x0000 (0)
Workstation : *
Workstation : ''
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
ProductBuild : 0x0000 (0)
Reserved: ARRAY(3)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_SERVER
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62008215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62008215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - using NTLM1
session setup ok
tconx ok
map_open_params_to_ntcreate: fname = stdin-7154, deny_mode = 0x42, open_func =
0x12
map_open_params_to_ntcreate: file stdin-7154, access_mask = 0x12019f, share_mode
= 0x3, create_disposition = 0x5, create_options = 0x40 private_flags = 0x0
NT_STATUS_ACCESS_DENIED opening remote file stdin-7154
------------------------------------------------------------
end of cmd output
------------------------------------------------------------
------------------------------------------------------------
/var/log/cups/error_log
------------------------------------------------------------
E [01/Apr/2019:00:09:15 +0300] [Job 74] NT_STATUS_ACCESS_DENIED opening remote
spool Test Page
E [01/Apr/2019:00:09:29 +0300] [Job 74] Session setup failed:
NT_STATUS_LOGON_FAILURE
E [01/Apr/2019:00:09:29 +0300] [Job 74] Session setup failed:
NT_STATUS_ACCESS_DENIED
E [01/Apr/2019:00:09:29 +0300] [Job 74] NT_STATUS_ACCESS_DENIED opening remote
spool Test Page
E [01/Apr/2019:00:12:20 +0300] [Job 75] Session setup failed:
NT_STATUS_LOGON_FAILURE
E [01/Apr/2019:00:12:20 +0300] [Job 75] Session setup failed:
NT_STATUS_ACCESS_DENIED
........... (omitted lines) .....................
E [01/Apr/2019:16:27:12 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote
spool Test Page
E [01/Apr/2019:16:30:09 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote
spool Test Page
E [01/Apr/2019:16:30:14 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote
spool Test Page
E [01/Apr/2019:16:30:19 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote
spool Test Page
E [01/Apr/2019:16:30:24 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote
spool Test Page
E [01/Apr/2019:16:30:35 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote
spool Test Page
-------------------------------------------------------------
end of excerpt from /var/log/cups/error_log
-------------------------------------------------------------
-------------------------------------------------------------
/var/log/samba/log.smbd
-------------------------------------------------------------
... (same lines) ...
STATUS=daemon 'smbd' finished starting up and ready to serve
connections
[2019/04/01 17:25:05.324671, 0] ../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'smbd' finished starting up and ready to serve
connections
[2019/04/01 18:03:11.886409, 0] ../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'smbd' finished starting up and ready to serve
connections
--------------------------------------------------------------
end of excerpt from /var/log/samba/log.smbd
--------------------------------------------------------------
-------------------------------------------------------------
/var/log/samba/log.nmbd
-------------------------------------------------------------
... (same lines) ...
[2019/04/01 18:03:14.227989, 0] ../source3/nmbd/nmbd.c:58(terminate)
Got SIGTERM: going down...
[2019/04/01 18:03:14.309438, 0] ../source3/nmbd/asyncdns.c:158(start_async_dns)
started asyncdns process 4299
[2019/04/01 18:03:14.315341, 0] ../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'nmbd' finished starting up and ready to serve
connections
--------------------------------------------------------------
end of excerpt from /var/log/samba/log.nmbd
--------------------------------------------------------------
Rowland Penny
2019-Apr-04 07:57 UTC
[Samba] Shared printing between Linux (client) and Windows (server): NT_STATUS_ACCESS_DENIED
On Thu, 4 Apr 2019 01:37:34 +0300 cloun via samba <samba at lists.samba.org> wrote:> I have a Windows 7 workstation with physically connected printer and > Linux laptop (Linux Mint 19). They are connected to each other via > router with internet cord plugged in. > > I managed to establish file exchange between them: create a shared > resource on one computer, then access it from another. But the same > trick with printer just do not work: as soon as I try to access it > via network from laptop, it gives me an Access Denied error (if > accessed from terminal) or requires me to authenticate endlessly (if > accessed from GUI; any document in print queue gets a `Held for > Authentication' status if I refuse to enter any credentials. > > $ samba --version > Version 4.7.6-UbuntuIt should work if you removed all the default and incorrect lines from your smb.conf. Try this one: [global] workgroup = local security = user server string = XXXXXXXXX printing = cups printcap name = cups log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = Bad User usershare allow guests = yes usershare owner only = no [printers] comment = All Printers path = /tmp printable = yes guest ok = yes create mask = 0700 use client driver = yes [temp] read only = no path = /home/kotee/tmp force user = kotee force group = kotee guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers You should also be aware that the Windows user 'Guest' != the Unix guest user, there is NO connection. Rowland
Giulio
2019-Apr-05 15:05 UTC
[Samba] Shared printing between Linux (client) and Windows (server): NT_STATUS_ACCESS_DENIED
On Thu, Apr 4, 2019 at 12:37 AM cloun via samba <samba at lists.samba.org> wrote:> > I have a Windows 7 workstation with physically connected printer and > Linux laptop (Linux Mint 19). They are connected to each other via > router with internet cord plugged in....> But the same > > Additional info: SMB v1 is switched off on Windows side due to security >.. >and Password Protected Sharing is disabledI have the same issue when using SMB2, not with SMB1: https://bugzilla.samba.org/show_bug.cgi?id=13072
Maybe Matching Threads
- Shared printing between Linux (client) and Windows (server): NT_STATUS_ACCESS_DENIED
- Shared printing between Linux (client) and Windows (server): NT_STATUS_ACCESS_DENIED
- DRS Replication between two DC's Failing
- domain won't go online
- DRS Replication between two DC's Failing