Samba Password File
From: https://askubuntu.com/questions/1391434/troubleshooting-access-denied -on-samba 





Troubleshooting Access Denied on SAMBA
I'm new to SAMBA, but have set up a SAMBA server on an Ubuntu 20.04 desktop,
but consistently get Access Denied, when trying to map any SAMBA share from
my Windows 11 laptop. How do I troubleshoot the problem? Here's what I
believe to be the relevant parts of smb.conf:

[global]
server role = standalone server
obey pam restrictions = yes
security = user
encrypt passwords = true
map to guest = bad user
guest account = nobody

[media]
path=/data/media
valid users = @media
  guest ok = no
  writable = yes
  browsable = yes
[public]
path=/data/public
valid users = @smbgroup
  guest ok = no
  writable = yes
  browsable = yes

[documents]
path=/data/documents
valid users = @simon
  guest ok = no
  writable = yes
  browsable = yes
[downloads]
path=/data/downloads
valid users = @media
  guest ok = no
  writable = yes
  browsable = yes

Here are the permissions on the relevant shared folders:

root@KTchia01:/data# ls -l
total 100375
drwxrwx---  8 simon simon           27 Jun  8  2021 documents
drwxrwx---  2 simon simon            6 Jun  8  2021 downloads
drwxrwxr-x 16 simon media           17 Jun 10  2021 media
-rw-r--r--  1 chia  chia     102672297 Jun  8  2021 oldhome.tgz
drwxrwxrwx  2 simon smbgroup         2 Feb  5 21:20 public

I connect as the user simon from the Windows 11 laptop KTLAPTOP02, and simon
is both an ordinary user on the linux box and has set a SMB password. Group
memberships for simon:

root@KTchia01:~# grep simon /etc/group
adm:x:4:syslog,simon,chia
cdrom:x:24:simon
sudo:x:27:simon,chia
dip:x:30:simon
plugdev:x:46:simon
lpadmin:x:120:simon
lxd:x:131:simon
simon:x:1000:
sambashare:x:132:simon
smbgroup:x:1001:simon
plex:x:998:simon,plex
media:x:1002:simon,plex
chia:x:1003:simon

Log output, when trying to connect:

root@KTchia01:/var/log/samba# tail -f log.ktlaptop02
[2022/02/05 21:41:36.200402,  2] ../../source3/param
/loadparm.c:2864(lp_do_section)
  Processing section "[public]"
[2022/02/05 21:41:36.200454,  2] ../../source3/param
/loadparm.c:2864(lp_do_section)
  Processing section "[documents]"
[2022/02/05 21:41:36.200509,  2] ../../source3/param
/loadparm.c:2864(lp_do_section)
  Processing section "[downloads]"
[2022/02/05 21:41:36.212158,  1] ../../source3/smbd/
service.c:362(create_connection_session_info)
  create_connection_session_info: user 'simon' (from session setup) not
permitted to access this share (IPC$)
[2022/02/05 21:41:36.212187,  1] ../../source3/smbd/
service.c:543(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED

Can anyone point me in the right direction of how to further troubleshoot,
why I get Access Denied, regardless of which share I try to access?

    permissionssambasamba4




Answer 3
Here are some good troubleshooting steps, shamelessly copied from
ServerFault:

    

  1. Maybe your Windows host is prepending your username with the wrong domain
name. From the Windows machine, try to login using localhost\simon as the
username

  2. Issue sudo pdbedit -L (must run as root) and check if user simon is listed.
If so, set a trivial password (you can change it later) using smbpasswd simon

  3. If user simon is not listed, try to recreate it issuing smbpasswd -a simon

  4. If it does not work, delete the passwd file (it is named passwd.tdb; for
reference, it is found under /var/lib/samba/private/). Then, recreate your
user issuing smbpasswd -a simon

  5. If it still not working, try to use the root account issuing smbpasswd -a
root and check if you can login using the root user. Note: this is only a try. 
After having done with it, you must delete root's entry issuing: 
	smbpasswd -x root

  6. Your last resort is to increase the verbosity of logging and see if you can
find clues there. For authentication attempts, edit or add the following
line on your smb.conf: log level = 2 winbind:5, check the logs with
something like tail -f /var/log/samba/log* and try to login.

Hope some of it helps.




Simon Kepp Nielsen
That apparently got me some more detailed info. I can see from the samba
logs, that I connect as the correct user ( simon or root), but it also
states, that said user not permitted to access this share (IPC$) – 




Artur Meinild
Did you try resetting the Samba password database? Unfortunately, I can't see 
anything wrong with your config. 🤔 – 




Simon Kepp Nielsen
Yes. According to the log file available in full at home.kepp.tech/samba/log.ktlaptop02
Authentication appears to succeed, but authorization seems to fail. – 




Simon Kepp Nielsen
All relevant configuration and log files now available at http://home.kepp.tech/samba –




bitdruid
Already found a solution? I have nearly the same problem... even a share in /samba with 0777 isnt accessible through any network device – 




Artur Meinild or bitdruid
I had the same issue and finale found a solution as mentioned here.

AppArmor and Samba may interfere each other after updates or not being properly configured. The suggested solution is to activate complaint-mode for AppArmor's smbd:
	sudo aa-complain /etc/apparmor.d/usr.sbin.smbd

However you could also add Site-specific additions in /etc/apparmor.d/local/usr.sbin.smbd
 to get access.