Samba authentication error

Hello,

I’m trying to setup a samba share to acces my files from a windows 11 pc.
I have followed this guide:

Whenever i try to acces to share from the windows pc or using the KDE file manager i’m getting acces denied when it asks for a username and password.

i made a user with the command:

sudo smbpasswd -a nick

I’m also able to change the password using this command.

My config files is as follows:

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
#
# Note:
# SMB1 is disabled by default. This means clients without support for SMB2 or
# SMB3 are no longer able to connect to smbd (by default).

[global]
	workgroup = SAMBA
	security = user

	passdb backend = tdbsam

	printing = cups
	printcap name = cups
	load printers = yes
	cups options = raw

	# Install samba-usershares package for support
	include = /etc/samba/usershares.conf
	log level = 3
[homes]
	comment = Home Directories
	valid users = %S, %D%w%S
	browseable = No
	read only = No
	inherit acls = Yes

[printers]
	comment = All Printers
	path = /var/tmp
	printable = Yes
	create mask = 0600
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	write list = @printadmin root
	force group = @printadmin
	create mask = 0664
	directory mask = 0775

	
[shared]
        comment = My Share
        path = /home/nick/shared
        writeable = yes
        browseable = yes
        public = yes
        create mask = 0644
        directory mask = 0755
        write list = user

My log file can be found here:

Could somebody please help me?

Hello @nick1402 and welcome to the community.
Did you follow the selinux steps as well?

1 Like

Hello,

No i did not. I don’t really know what selinux is.
I setup a samba share on a Raspberry pi earlier and this wasn’t necessary.

These steps from the document you followed

sudo semanage fcontext --add --type "samba_share_t" "/home/nick/shared(/.*)?"
sudo restorecon -R ~/shared

On Fedora Linux?

1 Like

Yes, i ran that command when i set everything up. I just ran it again and it gave this as output:

File context for /home/nick/shared(/.*)? already defined, modifying instead

No, on raspbian. no additional steps were required to get it working there so i assumed the same applied to Fedora.

In the log I see

vfs_ChDir(/home/nick/share) failed: Permission denied.

While in smb.conf there is

[shared]
...
        path = /home/nick/shared
...

Could that “d” be the culprit?

I dont think that’s the culprint. I first made a folder called ‘share’ but that gave the same authentication error so i tried again with a folder called ‘shared’.

I just added the ‘share’ folder back to the smb.conf file but i can’t acces it neither.

Make sure to restart the service to apply the changes:

sudo systemctl restart smb.service

If the problem persists, check the output:

systemctl status smb.service
sudo testparm -s
sudo semanage fcontext -l | grep -e ~
sudo -u nobody ls -l -d -Z ~/share*

Ok. Could you provide the output of ls -laZ /home/nick/share?

In your smb.conf your workgroup is named SAMBA is that the name on the win computer.If not you might change the workgroup to workgroup = WORKGROUP which should be the name of the win computer.

Actually, it doesn’t matter.

1 Like

Other interesting commands
pdbedit --list --smbpasswd-style

ausearch -m AVC,USER_AVC -ts recent

Hello,

You can find the output here:

nick@fedora:~$ sudo pdbedit --list --smbpasswd-style
added interface wlo1 ip=fd00::5b67:a437:b413:7af3 bcast= netmask=ffff:ffff:ffff:ffff::
added interface wlo1 ip=192.168.178.117 bcast=192.168.178.255 netmask=255.255.255.0
No builtin backend found, trying to load plugin
load_module_absolute_path: Module '/usr/lib64/samba/pdb/tdbsam.so' loaded
nick:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:6CD096C09331D82DA427FA9D002C5EE0:[U          ]:LCT-672F734F:
nick2:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:6CD096C09331D82DA427FA9D002C5EE0:[U          ]:LCT-672F93FF:

nick@fedora:~$ ausearch -m AVC,USER_AVC -ts recent
Error opening config file (Permission denied)
NOTE - using built-in end_of_event_timeout: 2
NOTE - using built-in logs: /var/log/audit/audit.log
Error opening /var/log/audit/audit.log (Permission denied)
nick@fedora:~$ sudo ausearch -m AVC,USER_AVC -ts recent
<no matches>

Hello, i always restart the samba service after applying changes.

systemctl status smb.service

Can be found here:

sudo testparm -s
nick@fedora:~$ sudo semanage fcontext -l | grep -e ~
/home/nick/share(/.*)?                             all files          system_u:object_r:samba_share_t:s0 
/home/nick/shared(/.*)?                            all files          system_u:object_r:samba_share_t:s0 

nick@fedora:~$ sudo -u nobody ls -l -d -Z ~/share*
ls: cannot access '/home/nick/share': Permission denied
ls: cannot access '/home/nick/shared': Permission denied

I just tried changing that line to but it doesn’t change anything. It keeps giving login fails.

1 Like

Added samba

Fix permissions:

chmod o+x ~

No, it should not be needed.

Shouldn’t user be replaced with your actual username (nick)?

That should probably be clarified in the documentation by expressing user as <username>.

I tried to follow the Quick Doc. And it works.
I get

smbclient //localhost/share -U alessio
Password for [SAMBA\alessio]:
Try "help" to get a list of possible commands.
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*

Until I don’t perform

sudo semanage fcontext --add --type "samba_share_t" "/home/alessio/share(/.*)?"
sudo restorecon -R ~/shared

No need to do anything else.

This is necessary because the OP connects anonymously, see UID and GID in the log.

I agree. The point is that you can write to the share with or without such option (write list = user). Mh, the documentation should be revised.