Vincent Maule's picture

I am fairly new when it comes to Linux. Not exactly Beginner but wouldn't classify myself as useful yet. I have a container that I set up from Turnkey Linux for SAMBA and I seem to run into some issues even with checking everything I can from Webmin where a user is not able to access files at all, not even their home share. Actually recently switched around to where their not able to login to the through Samba and all the logs for SAMBA show nothing except me bringing up and down Samba. Any ideas on where I could look at or trying?

Forum: 
Jeremy Davis's picture

On face value, it sounds like an authentication issue. Although the fact that there is nothing in the Samba logs about failing authentication makes me think that it's something else. FWIW, authentication failures should show in the logs and include the text "NT_STATUS_ACCESS_DENIED" (or something similar).

Out of interest, is the access problem on a specific PC? Or does it specifically relate to a particular user? If you haven't already tried, get the user to try from a different PC (ideally one that you can confirm works fine with another Samba user).

FWIW Samba usually doesn't support the latest Microsoft protocols, so if it's a PC that users can't log in from, then it could be that that particular PC has been locked to newer/newest SMB protocol (which Samba doesn't yet support; at least the version that TurnKey provides). TBH, I'm not sure whether that is a legitimate concern ATM, but I know that it has been an issue in the past. FYI TurnKey includes Samba v4.9.5.

Also if it is a problem with a specific PC, then try logging in with a user that does work elsewhere. It may perhaps be as simple as a Windows firewall issue?!

Another thing to consider that may assist troubleshooting might be to ease off the default Samba restrictions and see if you can get the user to be able to access the files. Then try locking things back down, step by step.

As you note that there are no authentication failures in the logs, then it's unlikely to help, but resetting the user password may be worth a try if you haven't already.

Again I don't think that it's relevant here (because no auth failures in logs) but it's also worth being aware, that there are layers of permissions. The way we have the Samba components setup, each Samba user maps to a Linux user. So the initial access is managed by Samba "share permissions", but to be able to access files, the Linux user also needs the relevant permissions.

Good luck with it and please post back if you need more elaboration and/or have more info to share about the issue.

Jeremy Davis's picture

I'm curious what you have running with the IP of 192.168.0.55. It seems that is also responding to requests related to the WORKGROUP Netbios domain? I'm not at all clear whether that may be related to this issue or not.

TBH, with my extremely limited experience with Samba and no direct access to Windows (I'm a Linux daily driver) I'm not sure how helpful I'm going to be here at all...

Regardless, it turns out that I do have a Samba server running locally (as I have an instance of the Mediaserver appliance running - which includes the Fileserver functionality). I don't ever recall even trying to access it via Samba, but I will try. First though, I have vaguely similar error message in my logs, although it's not quite the same:

[2021/03/15 15:24:51.867988,  0] ../source3/nmbd/nmbd_browsesync.c:354(find_domain_master_name_query_fail)
  find_domain_master_name_query_fail:
  Unable to find the Domain Master Browser name WORKGROUP for the workgroup WORKGROUP.
  Unable to sync browse lists in this workgroup.

I also tried logging in via Samba (using the built-in Gnome client in Linux) and it "just worked" for me. Although I suspect that I haven't changed anything in my config...

For what it's worth, the default smb.conf file can be found here. I suggest that you don't do any radical changes without first testing. I.e. make your changes incrementally. That way you'll have a much better idea of what causes your issues.

Add new comment