NT_STATUS_ACCESS_DENIED when listing a new system-config-samba created share in Fedora 18

Written by James McDonald

January 21, 2013


[myuser@mypc ~]$ smbclient //mypc/myshare -U myuser
Enter myuser's password: 
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0]
smb: \> ls
NT_STATUS_ACCESS_DENIED
smb: \>q

[myuser@mypc ~]$ smbclient -L mypc
Enter myuser's password: 
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0]

	Sharename       Type      Comment
	---------       ----      -------
	homes           Disk      Home Directories
	myshare          Disk      James Home
	IPC$            IPC       IPC Service (Samba Server Version 4.0.0)
	HP-Officejet-Pro-8500-a910 Printer   HP Officejet Pro 8500 a910
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0]

	Server               Comment
	---------            -------
	mypc                 Samba Server Version 4.0.0

	Workgroup            Master
	---------            -------
	MYDOMAIN

The fix:
As root

setsebool -P samba_enable_home_dirs 1

 

3 Comments

  1. mruse

    hello. got the same problem, and i did everythin as i can, but it doesn’t work , so i want to get some help, what i did is:
    1. iptables
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT
    -A INPUT -p udp -m udp –dport 137 -j ACCEPT
    -A INPUT -p udp -m udp –dport 138 -j ACCEPT

    2. SElinux
    setsebool -P samba_domain_controller on
    setsebool -P samba_enable_home_dirs on
    setsebool -P samba_export_all_ro on
    setsebool -P samba_export_all_rw on

    3. and then execute
    chcon -R -t samba_share_t /data/www
    semanage fcontext -a -t samba_share_t “/data/www(/.*)?”
    restorecon -R -v /data/www

    i’vh set the user level, when i use
    smbclient //192.168.0.1/myproject -U test
    i login sucessfully after i enter my password, but when i type commend “ls”, i got the error just like you did;

    when i set selinux disabled and reboot the server, i still get the error.
    any advice else?
    thank you very much!

    Reply
    • admin

      Check the selinux log files in /var/log/*

      Is the restorecon command resetting the SELinux attributes back to a policy of deny?

      Try the above without restorecon -R -v /data/www

      Check the audit2allow functionality here http://wiki.centos.org/HowTos/SELinux you may have to create a custom selinux policy.

      Do you have appropriate permissions on the files find -type f | xargs chmod 664 /data/www -Rv

      Reply
      • mruse

        i’vh checked /var/log/message, just 2 lines about selinux:
        Sep 23 00:06:35 hostname kernel: SELinux: Disabled at runtime.
        Sep 23 00:06:35 hostname kernel: type=1404 audit(1379894785.690:2): selinux=0 auid=4294967295 ses=4294967295

        I also tried another way, i can’t nunderstand why it works, but it really works:
        i removed the /data/www , and i make a new directory with the same name /data/www
        i’ll try to find it out.
        whatever thank you very much, you are very nice.

        Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…

How to Research a CPU Upgrade

How to Research a CPU Upgrade

Upgrade Time! Doing a lot of VMWare Workstation virtualization to create labs for self-study and training. Finding...