Configuração do Samba, status [NT_STATUS_ACCESS_DENIED],

1

Estou tentando configurar o samba com o centos7 para ser acessado a partir de clientes do Windows 10.

log level = 1 eu usei um smb.conf que funcionava anteriormente no mesmo servidor depois de reinstalar o centos.

log level = 10 você pode realmente pular a leitura disso, seus detalhes de nível 10.

começar

Eu sou muito novo na configuração de um servidor linux, estou familiarizado com o comando básico do Linux ls chmod chown ... ,

Eu segui este artigo para configurar um compartilhamento seguro na rede wlan e, em seguida, testei com um colega, tudo estava funcionando ok exceto que ele não tinha permissão de execução no compartilhamento, o caminho é /home/CompanyFiles/All

então eu executei cd /home/

então chmod -R 777 /

então eu mudei com sucesso as permissões dos arquivos centos inteiros e quebrei a instalação do centos.

depois de algum googling eu decidi que reinstalar o centos é melhor do que tentar recuperar do comando chmod e era possível já que eu só instalei o samba nele, então copiei o smb.conf para outra máquina, reinstalei o centos e reinstalei o samba, e então eu usei o antigo smb.conf.

final

smb.conf:

[global]
        workgroup = WORKGROUP
        security = user
        map to guest = Bad User
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
        log level = 4
        #ntlm auth = yes
        passdb backend = tdbsam
        netbios name = adServer

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browsable = No
        read only = No
        inherit acls = Yes
[CompanyFiles]
        path = /home/CompanyFiles
        guest ok = yes
        browsable = no
        writable = yes

[All]
        comment = Company Access
        path = /home/CompanyFiles/All
        guest ok = no
        browsable = yes
        writable = yes
        #access based share enum = yes

a permissão das pastas é:

drwxrwx--x. 3 everyad adusers 17 Feb 26 09:32 CompanyFiles

drwxrwx--x. 2 everyad adusers 42 Feb 26 11:43 All

em que todos os usuários são membros dos adusers do grupo.

também os usuários que tentam acessar são criados no smb usando smbpasswd -a username

MAS eu recebo o seguinte erro ao tentar acessar o servidor a partir do Windows 10

you do not have permission to access server ...

por favor, não removi o samba e o reinstalei sem sucesso.

ao fazer o nível de log 4 eu recebo status[NT_STATUS_ACCESS_DENIED] , mas com nível mais baixo eu não recebo um erro.

[2018/03/07 12:16:46.480678,  4] ../source3/smbd/uid.c:384(change_to_user)
  Skipping user change - already user
[2018/03/07 12:16:46.480788,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.480835,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.480864,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.480913,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.481098,  4] ../source3/smbd/uid.c:384(change_to_user)
  Skipping user change - already user
[2018/03/07 12:16:46.481145,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.481172,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.481202,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.481244,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.481407,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.481671,  4] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair)
  Create of internal pipe srvsvc requested
[2018/03/07 12:16:46.485044,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.485191,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.485232,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.485286,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.485387,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.485519,  4] ../source3/smbd/uid.c:384(change_to_user)
  Skipping user change - already user
[2018/03/07 12:16:46.485564,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.485593,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.485617,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.485662,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.486887,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.647037,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.647199,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.647244,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.647280,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.647399,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.647849,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.648141,  3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req)
  api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2018/03/07 12:16:46.648192,  3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req)
  check_bind_req for srvsvc context_id=0
[2018/03/07 12:16:46.648242,  3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req)
  check_bind_req: srvsvc -> srvsvc rpc service
[2018/03/07 12:16:46.762983,  4] ../source3/smbd/uid.c:384(change_to_user)
  Skipping user change - already user
[2018/03/07 12:16:46.807647,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.807736,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.807758,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.807777,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.807808,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.816357,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.816537,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(1006, 1014) : sec_ctx_stack_ndx = 1
[2018/03/07 12:16:46.816566,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 1
[2018/03/07 12:16:46.816606,  4] ../source3/rpc_server/srv_pipe.c:1434(api_rpcTNP)
  api_rpcTNP: srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO
[2018/03/07 12:16:46.816664,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.845244,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.845361,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.845381,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.845393,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.845409,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.845461,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.859382,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.859442,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.859458,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.859467,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.859482,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.859547,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.859580,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_FS_DRIVER_REQUIRED] || at ../source3/smbd/smb2_ioctl.c:309
[2018/03/07 12:16:48.603901,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:48.604057,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:48.604105,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
  vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:48.604171,  3] ../source3/smbd/service.c:102(set_current_service)
  chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:48.604228,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c

pesquisar on-line sempre leva a itens, firewall ou permissões do selinux:

o selinux é permissivo

o firewalld está desativado

e ainda recebendo o mesmo problema

    
por George 07.03.2018 / 13:14

1 resposta

1

FINALMENTE consegui resolver este problema.

em primeiro lugar, eu removi as conexões existentes do Windows 10 usando net use * /delete da linha de comando, pois as credenciais foram salvas e eu as alterei no servidor

também por alguma razão eu tive que especificar smbpasswd em /etc/samba/smb.conf: passdb backend = smbpasswd na seção [global]

também a permissão / home onde errado e todos os meus compartilhamentos estão em / home, então eu redefinir a permissão para 755: chmod -R 755 /home

eu redefinir todas as permissões de compartilhamento e acesso de grupo com base nas minhas necessidades.

    
por 08.03.2018 / 14:32