Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Invalid Login to Gentoo Samba from Windows 11
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
alienjon
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1722
PostPosted: Thu Nov 07, 2024 1:27 am    Post subject: Invalid Login to Gentoo Samba from Windows 11 Reply with quote
So my goal is to setup a file server that is accessible from other computers on my home LAN. I already have a Gentoo server up and running, have installed Samba per the wiki and reviewed the guide. It starts up without any errors in the logs or dmesg. In File Explorer in windows the server even shows up, but when I try to open it, and it asks for my credentials, I get "Access is denied." errors. I've tried the username as both [username] and [domain]\[username] as well as both the samba password for that user and the server login for that user. The guides seem to work great, until they don't, and I'm honestly not even sure what I'm looking for online, as everything is a little off of my problem. Here's my setup:

emerge samba -pv:
[ebuild   R    ] net-fs/samba-4.19.7::gentoo  USE="acl ads client cups ldap pam python regedit system-mitkrb5 winbind zeroconf -addc -ceph -cluster -debug (-fam) -glusterfs -gpg -iprint -json -llvm-libunwind -profiling-data -quota (-selinux) -snapper -spotlight -syslog (-system-heimdal) -systemd (-test) -unwind" ABI_X86="(64) -32 (-x32)" PYTHON_SINGLE_TARGET="python3_12 -python3_10 -python3_11" 0 KiB


This is when I put in my samba password - I get this error.
smbclient -L DEVOLVED:
Password for [WORKGROUP\{USERNAME}]:
tree connect failed: NT_STATUS_ACCESS_DENIED



It works when I use my server password (ie: the actual password for the user on my machine)
smbclient -L DEVOLVED:
Password for [WORKGROUP\alienjon]:
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
        RootStorage     Disk      Root storage for the main storage drive.
        Movies1         Disk      Share to the first movie storage.
        Music           Disk      Share for music.
        Movies2         Disk      Share to the second movie storage.
        JonShare        Disk      Jon's Share
        LauraShare      Disk      Laura's Share
        IPC$            IPC       IPC Service (Rosen Home Server)
SMB1 disabled -- no workgroup available



testparm:
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
        bind interfaces only = Yes
        dns proxy = No
        interfaces = lo 192.168.1.0/24 enp6s0
        log file = /var/log/samba/log.%m
        max disk size = 102400
        max log size = 50
        security = USER
        server role = standalone server
        server signing = if_required
        server string = {server string}
        wins support = Yes
        idmap config * : backend = tdb
        hosts allow = 192.168.1. 127.
        invalid users = root @wheel


[RootStorage]
        comment = {comment}
        path = /mnt/Storage1
        read only = No
        valid users = {user1} {user2}


[Movies1]
        comment = {comment}
        path = /mnt/Storage2
        read only = No
        valid users = {user1} {user2}


[Music]
        comment = {comment}
        path = /mnt/Storage1/Music
        read only = No
        valid users = {user1} {user2}


[Movies2]
        comment = {comment}
        path = /mnt/Storage3
        read only = No
        valid users = {user1} {user2}


[JonShare]
        comment = {comment}
        path = /mnt/Storage1/Users/{user1}
        read only = No
        valid users = {user1}


[LauraShare]
        comment = {comment}
        path = /mnt/Storage1/Users/{user2}
        read only = No
        valid users = {user2}



If it's not obvious I'm replacing the private stuff in {brackets}.
Back to top
View user's profile Send private message
rab0171610
Guru
Guru


Joined: 24 Dec 2022
Posts: 419
PostPosted: Thu Nov 07, 2024 4:47 am    Post subject: Reply with quote
I am just speculating here. I had a similar problem at some point in the past. It may be that the smb protocols are different between the two machines. You may need to do a little research to find out what versions of the smb protocol your version of samba and Windows both support. Without looking into it further, I cannot say definitively.
I currently have this in my smb.conf:
Code:
client max protocol = SMB2_02
server max protocol = SMB2_02
client min protocol = NT1
server min protocol = NT1

You can use a combination of these client/server min/max protocol entries to restrict the subset of smb protocols which are valid for both machines. In my case, they were not negotiating a common supported smb protocol correctly due to a known bug.
Back to top
View user's profile Send private message
alienjon
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1722
PostPosted: Thu Nov 07, 2024 5:28 am    Post subject: Reply with quote
@rab0171610
No change. Lots of ideas like that floating around and hard to really know the problem. "Access denied" really isn't all that helpful on the Windows end.

I have been toying around on the Samba server configuration on my Gentoo box, though, and am focusing on this error:

smbclient -L DEVOLVED:
Password for [WORKGROUP\{USERNAME}]:
tree connect failed: NT_STATUS_ACCESS_DENIED


This at least seems to match (somewhat) the issue in Windows. I have debugging on and am trying to see what pops up (log level of 2 in smb.conf). I did find some interesting details in the logs:


/var/log/samba/log.{IP}:
[2024/11/07 00:24:21.056830,  2] ../../source3/auth/auth.c:332(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [{USERNAME}] -> [{USERNAME}] -> [{USERNAME}] succeeded
[2024/11/07 00:24:21.057024,  2] ../../source3/param/loadparm.c:2916(lp_do_section)
  Processing section "[RootStorage]"
[2024/11/07 00:24:21.057061,  2] ../../source3/param/loadparm.c:2916(lp_do_section)
  Processing section "[Movies1]"
[2024/11/07 00:24:21.057093,  2] ../../source3/param/loadparm.c:2916(lp_do_section)
  Processing section "[Music]"
[2024/11/07 00:24:21.057126,  2] ../../source3/param/loadparm.c:2916(lp_do_section)
  Processing section "[Movies2]"



/var/log/samba/log.devolved:
[2024/11/07 00:24:21.058787,  1] ../../source3/smbd/smb2_service.c:337(create_connection_session_info)
  create_connection_session_info: user '{USERNAME}' (from session setup) not permitted to access this share (IPC$)
[2024/11/07 00:24:21.058802,  1] ../../source3/smbd/smb2_service.c:519(make_connection_snum)
  make_connection_snum: create_connection_session_info failed: NT_STATUS_ACCESS_DENIED



It looks like the authentication does work (so my password is being read correctly) but it's access to the IPC$ share. I'm not sure what that is, but it's late and that research may have to wait until tomorrow at this point.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy