Web lists-archives.com

[Samba] NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue




I have a Samba AD running Samba 4.7.5. Everything was working fine, when, seemingly out of the blue, the users started to be denied access to all shares. If I try from a Windows 7 or Windows 10 machine, logged in as a user in "Domain Uses", I get:

"Windows cannot access \\server-name\share_name. You do not have permission to access \\server-name\share_name"

If I use smbclient, it allows me to login on the share, but if I do 'ls', I get:

smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*

I have tried the following:

1. The Domain admin can still access the shares - both from smbclient and from Windows machines.

2. I have checked the acl's on the server, they look ok:

# getfacl share_name/
# file: clients/
# owner: root
# group: MYDOMAIN\134domain\040users
user::rwx
group::rwx
group:MYDOMAIN\134domain\040users:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:MYDOMAIN\134domain\040users:rwx
default:mask::rwx
default:other::---

3. "wbinfo -g" and "wbinfo -u" work correctly

4. Kerberos tests work correctly

5. There are no errors in the Bind/dns configuration

6. I have logged in through Windows and reset the permissions there to allow "Domain Users" on the share

7. All my smb.conf shares look like this:

[share_name]
path = /srv/samba/share_name
read only = No
inherit acls = yes


I am at a loss how "Domain Users" is denied access to the share, when everything appears to be fine. Any suggestions much appreciated!

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba