Web lists-archives.com

[Samba] Shared printing between Linux (client) and Windows (server): NT_STATUS_ACCESS_DENIED




I have a Windows 7 workstation with physically connected printer and Linux laptop (Linux Mint 19). They are connected to each other via router with internet cord plugged in.

I managed to establish file exchange between them: create a shared resource on one computer, then access it from another. But the same trick with printer just do not work: as soon as I try to access it via network from laptop, it gives me an Access Denied error (if accessed from terminal) or requires me to authenticate endlessly (if accessed from GUI; any document in print queue gets a `Held for Authentication' status if I refuse to enter any credentials.

$ samba --version
Version 4.7.6-Ubuntu

$ uname -r
4.15.0-46-generic

I made some log excerpts and command results provided below. I am not sure about what else should I include; I am not an experienced Linux user by any means, but hope you can give me some advices.

Additional info: SMB v1 is switched off on Windows side due to security reasons. `$ smbtree' gives no results. Switching ufw does not change anything. On Windows side Guest account is active and Password Protected Sharing is disabled. Printer permissions are set for Guest and I can print under Guest account locally on that Win7 machine with no problem. LOCAL is the name of workgroup.

--------------------------------------------------
           resource list cmd
--------------------------------------------------
$ smbclient -L 192.168.0.100
WARNING: The "null passwords" option is deprecated
Enter LOCAL\kotee's password:

    Sharename       Type      Comment
    ---------       ----      -------
    ADMIN$          Disk      Удаленный Admin
    C$              Disk      Стандартный общий ресурс
    D$              Disk      Стандартный общий ресурс
    F$              Disk      Стандартный общий ресурс
    H$              Disk      Стандартный общий ресурс
    hp1516          Printer   hp1516
    IPC$            IPC       Удаленный IPC
    print$          Disk      Драйверы принтеров
    Public          Disk
    Users           Disk
SMB1 disabled -- no workgroup available
------------------------------------------------
              end of cmd output
------------------------------------------------










------------------------------------------------
             /etc/samba/smb.conf
------------------------------------------------

[global]
    browseable = yes
    workgroup = local
    null passwords = yes
    wins support = true
    local master = no
    domain master = no
    preferred master = no
    client min protocol = SMB2
    ntlm auth = no
    lanman auth = yes
    client ntlmv2 auth = yes
    server string = XXXXXXXXX
    load printers = yes
    printing = cups
    printcap name = cups
    use client driver = yes
    log file = /var/log/samba/log.%m
    max log size = 1000
    panic action = /usr/share/samba/panic-action %d
    server role = standalone server
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
    map to guest = Bad Password
    usershare allow guests = yes
    usershare owner only = no
    security = user
    encrypt passwords = yes
    guest ok = yes
    guest account = kotee
[printers]
    comment = All Printers
;    browseable = yes
    path = /tmp
    printable = yes
    guest ok = yes
;    read only = yes
    create mask = 0700
    use client driver = yes

[temp]
    browseable = yes
    writeable = yes
    path = /home/kotee/tmp
    force user = kotee
    force group = kotee
    guest ok = yes

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
;    browseable = yes
;    read only = yes
;    guest ok = no
-----------------------------------------------------
               end of /etc/samba/smb.conf file
-----------------------------------------------------


-----------------------------------------------------
            a test printing command
-----------------------------------------------------
$ echo -en "asdfg\n" | smbclient "\\\\192.168.0.100\\hp1516" -c "print -" -N -d10
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
Processing section "[global]"
doing parameter browseable = yes
doing parameter workgroup = local
doing parameter null passwords = yes
WARNING: The "null passwords" option is deprecated
doing parameter wins support = true
doing parameter local master = no
doing parameter domain master = no
doing parameter preferred master = no
doing parameter client min protocol = SMB2
doing parameter ntlm auth = no
doing parameter lanman auth = yes
doing parameter client ntlmv2 auth = yes
doing parameter server string = XXXXXX
doing parameter load printers = yes
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter use client driver = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter server role = standalone server
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter pam password change = yes
doing parameter map to guest = Bad Password
doing parameter usershare allow guests = yes
doing parameter usershare owner only = no
doing parameter security = user
doing parameter encrypt passwords = yes
doing parameter guest ok = yes
doing parameter guest account = kotee
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface wlp4s0 ip=192.168.0.102 bcast=192.168.0.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="XXXXXXXXXX"
Client started (version 4.7.6-Ubuntu).
Connecting to 192.168.0.100 at port 445
Socket options:
    SO_KEEPALIVE = 0
    SO_REUSEADDR = 0
    SO_BROADCAST = 0
    TCP_NODELAY = 1
    TCP_KEEPCNT = 9
    TCP_KEEPIDLE = 7200
    TCP_KEEPINTVL = 75
    IPTOS_LOWDELAY = 0
    IPTOS_THROUGHPUT = 0
    SO_REUSEPORT = 0
    SO_SNDBUF = 87040
    SO_RCVBUF = 372480
    SO_SNDLOWAT = 1
    SO_RCVLOWAT = 1
    SO_SNDTIMEO = 0
    SO_RCVTIMEO = 0
    TCP_QUICKACK = 1
    TCP_DEFER_ACCEPT = 0
 session request ok
 negotiated dialect[SMB2_10] against server[192.168.0.100]
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
     negotiate: struct NEGOTIATE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmNegotiate (1)
        NegotiateFlags           : 0x62088215 (1644724757)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM
               1: NTLMSSP_REQUEST_TARGET
               1: NTLMSSP_NEGOTIATE_SIGN
               0: NTLMSSP_NEGOTIATE_SEAL
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               0: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               0: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56
        DomainNameLen            : 0x0000 (0)
        DomainNameMaxLen         : 0x0000 (0)
        DomainName               : *
            DomainName               : ''
        WorkstationLen           : 0x0000 (0)
        WorkstationMaxLen        : 0x0000 (0)
        Workstation              : *
            Workstation              : ''
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
            ProductBuild             : 0x0000 (0)
            Reserved: ARRAY(3)
                [0]                      : 0x00 (0)
                [1]                      : 0x00 (0)
                [2]                      : 0x00 (0)
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_SERVER
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - using NTLM1
 session setup ok
 tconx ok
map_open_params_to_ntcreate: fname = stdin-7154, deny_mode = 0x42, open_func = 0x12
map_open_params_to_ntcreate: file stdin-7154, access_mask = 0x12019f, share_mode = 0x3, create_disposition = 0x5, create_options = 0x40 private_flags = 0x0
NT_STATUS_ACCESS_DENIED opening remote file stdin-7154
------------------------------------------------------------
                 end of cmd output
------------------------------------------------------------

------------------------------------------------------------
                   /var/log/cups/error_log
------------------------------------------------------------
E [01/Apr/2019:00:09:15 +0300] [Job 74] NT_STATUS_ACCESS_DENIED opening remote spool Test Page
E [01/Apr/2019:00:09:29 +0300] [Job 74] Session setup failed: NT_STATUS_LOGON_FAILURE
E [01/Apr/2019:00:09:29 +0300] [Job 74] Session setup failed: NT_STATUS_ACCESS_DENIED
E [01/Apr/2019:00:09:29 +0300] [Job 74] NT_STATUS_ACCESS_DENIED opening remote spool Test Page
E [01/Apr/2019:00:12:20 +0300] [Job 75] Session setup failed: NT_STATUS_LOGON_FAILURE
E [01/Apr/2019:00:12:20 +0300] [Job 75] Session setup failed: NT_STATUS_ACCESS_DENIED
........... (omitted lines) .....................
E [01/Apr/2019:16:27:12 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote spool Test Page
E [01/Apr/2019:16:30:09 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote spool Test Page
E [01/Apr/2019:16:30:14 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote spool Test Page
E [01/Apr/2019:16:30:19 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote spool Test Page
E [01/Apr/2019:16:30:24 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote spool Test Page
E [01/Apr/2019:16:30:35 +0300] [Job 107] NT_STATUS_ACCESS_DENIED opening remote spool Test Page
-------------------------------------------------------------
              end of excerpt from /var/log/cups/error_log
-------------------------------------------------------------

-------------------------------------------------------------
           /var/log/samba/log.smbd
-------------------------------------------------------------
... (same lines) ...
  STATUS=daemon 'smbd' finished starting up and ready to serve connections
[2019/04/01 17:25:05.324671,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections
[2019/04/01 18:03:11.886409,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections
--------------------------------------------------------------
            end of excerpt from /var/log/samba/log.smbd
--------------------------------------------------------------

-------------------------------------------------------------
           /var/log/samba/log.nmbd
-------------------------------------------------------------
... (same lines) ...
[2019/04/01 18:03:14.227989,  0] ../source3/nmbd/nmbd.c:58(terminate)
  Got SIGTERM: going down...
[2019/04/01 18:03:14.309438,  0] ../source3/nmbd/asyncdns.c:158(start_async_dns)
  started asyncdns process 4299
[2019/04/01 18:03:14.315341,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'nmbd' finished starting up and ready to serve connections
--------------------------------------------------------------
            end of excerpt from /var/log/samba/log.nmbd
--------------------------------------------------------------

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba