NT_STATUS_ACCESS_DENIED when listing a new system-config-samba created share in Fedora 18

Written by James McDonald

January 21, 2013

[myuser@mypc ~]$ smbclient //mypc/myshare -U myuser
Enter myuser's password: 
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0]
smb: \> ls
smb: \>q

[myuser@mypc ~]$ smbclient -L mypc
Enter myuser's password: 
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0]

	Sharename       Type      Comment
	---------       ----      -------
	homes           Disk      Home Directories
	myshare          Disk      James Home
	IPC$            IPC       IPC Service (Samba Server Version 4.0.0)
	HP-Officejet-Pro-8500-a910 Printer   HP Officejet Pro 8500 a910
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0]

	Server               Comment
	---------            -------
	mypc                 Samba Server Version 4.0.0

	Workgroup            Master
	---------            -------

The fix:
As root

setsebool -P samba_enable_home_dirs 1



  1. mruse

    hello. got the same problem, and i did everythin as i can, but it doesn’t work , so i want to get some help, what i did is:
    1. iptables
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT
    -A INPUT -p udp -m udp –dport 137 -j ACCEPT
    -A INPUT -p udp -m udp –dport 138 -j ACCEPT

    2. SElinux
    setsebool -P samba_domain_controller on
    setsebool -P samba_enable_home_dirs on
    setsebool -P samba_export_all_ro on
    setsebool -P samba_export_all_rw on

    3. and then execute
    chcon -R -t samba_share_t /data/www
    semanage fcontext -a -t samba_share_t “/data/www(/.*)?”
    restorecon -R -v /data/www

    i’vh set the user level, when i use
    smbclient // -U test
    i login sucessfully after i enter my password, but when i type commend “ls”, i got the error just like you did;

    when i set selinux disabled and reboot the server, i still get the error.
    any advice else?
    thank you very much!

    • admin

      Check the selinux log files in /var/log/*

      Is the restorecon command resetting the SELinux attributes back to a policy of deny?

      Try the above without restorecon -R -v /data/www

      Check the audit2allow functionality here http://wiki.centos.org/HowTos/SELinux you may have to create a custom selinux policy.

      Do you have appropriate permissions on the files find -type f | xargs chmod 664 /data/www -Rv

      • mruse

        i’vh checked /var/log/message, just 2 lines about selinux:
        Sep 23 00:06:35 hostname kernel: SELinux: Disabled at runtime.
        Sep 23 00:06:35 hostname kernel: type=1404 audit(1379894785.690:2): selinux=0 auid=4294967295 ses=4294967295

        I also tried another way, i can’t nunderstand why it works, but it really works:
        i removed the /data/www , and i make a new directory with the same name /data/www
        i’ll try to find it out.
        whatever thank you very much, you are very nice.


Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Meraki Open Source Licenses

Until today I assumed that Meraki was built in-house with only closed source software. But having a look at the...


If you have Veeam backup failing with the Updating BCD failed with Cannot update SafeBoot flag and SentinelOne is...