To access the samba share, please pay attention to:
- You had to create a system user with the same username. In this case, please issue the following command:
useradd -s /sbin/nologin benjamin - If you are using a SELINUX-enabled system (eg: CentOS), try to temporarily disable it issuing
setenforce 0
EDIT: as the problem persists, try the following:
- maybe your Windows host is prepending your username with the wrong domain name. From the Windows machine, try to login using
localhost\benjaminas the username - issue
pdbedit -Land check if userbenjaminis listed. If so, set a trivial password (you can change it later) usingsmbpasswd benjamin - if user
benjaminis not listed, try to recreate it issuingsmbpasswd -a benjamin - if it does not work, delete the passwd file (it is named
passwd.tdb; for reference, in a CentOS 6.x system it is found under/var/lib/samba/private/). Then, recreate your user issuingsmbpasswd -a benjamin - if it still not working, try to use the root account issuing
smbpasswd -a rootand check if you can login using the root user. Note: this is only a try. After having done with it, you must delete root's entry issuingsmbpasswd -x root - Your last resort is to increase the verbosity of logging and see if you can find clues there. For authentication attempts, edit or add the following line on your smb.conf
log level = 2 winbind:5, check the logs with something liketail -f /var/log/samba/log*and try to login.
To access the samba share, please pay attention to:
- You had to create a system user with the same username. In this case, please issue the following command:
useradd -s /sbin/nologin benjamin - If you are using a SELINUX-enabled system (eg: CentOS), try to temporarily disable it issuing
setenforce 0
EDIT: as the problem persists, try the following:
- maybe your Windows host is prepending your username with the wrong domain name. From the Windows machine, try to login using
localhost\benjaminas the username - issue
pdbedit -Land check if userbenjaminis listed. If so, set a trivial password (you can change it later) usingsmbpasswd benjamin - if user
benjaminis not listed, try to recreate it issuingsmbpasswd -a benjamin - if it does not work, delete the passwd file (it is named
passwd.tdb; for reference, in a CentOS 6.x system it is found under/var/lib/samba/private/). Then, recreate your user issuingsmbpasswd -a benjamin - if it still not working, try to use the root account issuing
smbpasswd -a rootand check if you can login using the root user. Note: this is only a try. After having done with it, you must delete root's entry issuingsmbpasswd -x root - Your last resort is to increase the verbosity of logging and see if you can find clues there. For authentication attempts, edit or add the following line on your smb.conf
log level = 2 winbind:5, check the logs with something liketail -f /var/log/samba/log*and try to login.
It is possible you need to add the user in question to your smb service in linux
sudo smbpasswd -a myuser
SOLVED
Steps in the end
Been breaking my head over setting up samba on my RPi2. I got my Pi last week and I set it up with no issues and then I had to reflash the SD card and start from scratch and I forgot to keep note of the steps and settings(my bad for not taking a backup, I know)
So I am facing an "Access is denied" error when trying to access from "Network" in Windows 10. I have tried with modifying group policy settings too but still the same. This is the samba.conf file :pastebin
As stated in the title, I can access the home directory, create files and folders there but as mentioned in the conf file, the other share usb is just stuck at enter password screen which I enter right every time. It just says "Access is denied."
It is a usb of ext4 format mounted at /mnt/usbd automounted at reboot.
It would be very helpful and would appreciate it if someone could guide me with what I am doing wrong.
Steps
-
I purged samba and samba-common completely and removed the conf file too.
-
Install samba and samba-common-bin and samba won't run as there's no conf file so copy
smb.conffromusr/share/samba/smb.conf -
Now this is my new share file.pastebin Changes made:
wins support = yes
encrypt passwords = yes
added the share in the end as opposed to in the middle of the file from before. -
Tested with
smbtreeandsmbclient -L hostname
I sat up and read the samba docs for some time and started on the troubleshooting docs and tried step by step which helped me solve it. link
Thanks to everyone who tried to help me.
Beating my head against the wall on this- I'm trying to set up a Samba share on a RPi and for whatever reason when I try to access it from Windows I get "access is denied". When I purposely try a wrong password I get a "username or password is incorrect"- so I know it's recognizing that the password is correct, just denies access for some reason.
My testparm -s output (Trying to access Passport):
# Global parameters
[global]
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server role = standalone server
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
browseable = No
comment = All Printers
path = /var/spool/samba
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[Passport]
comment = Passport
guest ok = Yes
path = /mnt/Passport
read only = Nofor what it is worth, I couldn't access my samba share, maybe you have forgotten to add you username to the samba password group (for lack of beter description phrase)
this is what I did to get mine to work
smbpasswd -a username
after by using nautilus, shared my drive/folder with right-click, sharing, etc.
create your password, and use your username and passsword (which you just entered) to access your samba drive, you can also map this drive in Windows
hope this could help
Are the group and owner of the shared folder set properly for the samba user? Should be the same, or try
$ chown -R nobody:nogroup sharedfolder
for testing purposes...
For Fedora 25, I am not familiar with fedora version numbers but I am with RHEL/Centos 7.x If you have selinux enabled by default, you might try as root setenforce 0 to temporarily put selinux into permissive mode until next reboot, see if this allows samba access to work. If so then it's a selinux problem, and in RHEL/Centos there is etc/samba/smb.conf.example which explains the samba related selinux commands needed to allow samba shares to work with selinux set to enforcing.
For your version of fedora, I would work off the /etc/samba/smb.conf.example.
for reference here is my working smb.conf from an older version of samba showing what i believe is the minimum required to get it to work. If you go too restrictive with settings then you can prevent a successful connection so sometimes it's best to not specify which generally means allow for all.
In your [myshare] take out allow hosts and valid users. Once samba working then consider adding restrictive measures like these as necessary.
[global]
# min protocol = SMB1 needed for winxp
min protocol = SMB1
# max protocol SMB2 needed to work with win10, unspecified for this older version of samba is smb1.
max protocol = SMB2
security = user
passdb backend = tdbsam
# map to guest = never prevents popup option, bad user allows popup in windows
map to guest = Bad User
[data]
path = /data
read only = No
# guest ok = no
# create mask = 660
# directory mask = 770
with guest ok = no, and map to guest bad user, will allow popup in windows giving anyone a chance to enter correct linux username and pw. map to guest never prevents popup, meaning the username of the windows user has to be the same as a valid local user in linux, per security=user. You likely do not need min/max protocol specified, I do in samba version 3.6. I don't know what verion of samba u have in fedora 25, if it's samba 3.x then try specifying the min/max protocol.
don't forget to do smbpasswd -a <username on your linux system.
I have a system that allows WinXP and Win7 to access samba as guests. A few entries that may help are:
[global]
security = user
null passwords = yes
map to guest = Bad Password
guest ok = Yes
I am using wide open shares on a trusted lan.
Considering "non-root through Samba", especially in new releases of OpenSuse (...15.3 -- 15.4), I do few movements into normal configuration panels (no sudo commands or anything technical).
Using Yast Firewall section -- For now (immediate solution):
I turn off the firewall, then see what you can turn on (after this) to keep the samba working with Microsoft Windows.
More details on how to do this with images on my website.
This happens when the directory on the Samba share does not have permission for non-root users.
In your smb4.conf file:
[test]
comment = Test share
path = /path/to/directory
force user = unixuser
valid users = sambauser
In this example, unixuser should be the owner of the files in /path/to/directory. The user logged into Samba in this example is a user called sambauser.
I recommend to create a dedicated user for that share and specify it in force user(see docs).
Create a user (shareuser for example) and set the owner of everything in the share folder to that user:
adduser --system shareuser
chown -R shareuser /path/to/share
Then add force user and permission mask settings in smb.conf:
[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser
Note that guest ok is a synonym for public.
In the share settings in smb.conf, you'll need to specify the names of users and/or groups that are allowed to write to the share, using a write list = ... line.
Example:
[myshare]
...
write list = my_linux_username
Then you'll need to use the smbpasswd command to set up a password to authenticate my_linux_username for Samba:
sudo smbpasswd -a my_linux_username
This step is necessary because the standard system passwords in /etc/shadow are hashed in algorithms that are incompatible with the password hash algorithms used in the SMB protocol. When a client sends a SMB authentication packet, it includes a hashed password. It can only be compared to another password hash that uses the same algorithm.
(Very, very old instructions from the previous millennium may recommend disabling password encryption in Samba, and using certain registry hacks to allow Windows to emit unencrypted passwords to the network. This advice is obsolete: those registry hacks may no longer work in current versions of Windows, and allow anyone who can monitor your network traffic to trivially capture your password.)
There's one more thing you may have to do client-side. When your Windows client system is joined to an Active Directory domain and you're logged in with an AD account, it automatically prefixes all unqualified usernames with the name of the AD domain of the user, i.e. you will be authenticating as AD_DOMAIN\your_username, not just your_username.
If you are logged in with a local account (or your client system is not joined to an AD domain), Windows may automatically prefix the username with the client hostname unless you specify another domain name.
To successfully log in to a stand-alone Samba server from a stand-alone Windows client, you may have to specify your username as SAMBA_SERVER_HOSTNAME\your_username.
Otherwise Samba will see the username as WINDOWS_CLIENT_HOSTNAME\your_username, conclude that it has no way to verify any users belonging to domain named WINDOWS_CLIENT_HOSTNAME, and will reject the login.
(Newer versions of Samba may have a built-in check for this specific situation, and they might allow you access nevertheless. But this is basically how SMB authentication works "under the hood", and if you need to deal with old versions of Samba, it might be useful still.)

