Solved

Connecting to linux share from Windows - error

Posted on 2016-09-26
8
32 Views
Last Modified: 2016-10-03
Have a workstation trying to connect to a linux share and receiving an error.  Mapping to a Windows share - no issue.  When the Windows 10 machine (Surface Pro 4) maps to a Linux share, receive the following error message:

\\IP is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.

A Specified logon session does not exist.  It may already have been terminated.

No problem for 100 other machines to connect to it, just the surface.  I have changed some security sessions to no resolution.  when trying to connect to \\IP address, it does not even show any shares on that server..
0
Comment
Question by:odddball
  • 3
  • 3
  • 2
8 Comments
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 41818017
From a first glance, I would say this is a LINUX permissions issue.

When you're running SAMBA, you allow Windows-based client systems to connect to your LINUX system. There is a username associated with the connection (sometimes a LINUX user, sometimes an AD user -- if the LINUX system has been joined to an AD).

THAT username must have share permissions in SAMBA, but then must also have access permissions in LINUX.

SO, by way of example, lets say the username you're connecting to is 'MYAD\expert' (and the LINUX system is successfully joined to the MYAD domain). Let's also say the share, as defined in SAMBA, is called 'PUBLIC' and the location of that share on the LINUX system is '/home/public'.
 - If SAMBA does not list 'MYAD\expert' as an allowed user in the share definition, the connection will be refused by SAMBA
 - if the folders / and /home don't have at least EXECUTE permission for the user 'MYAD\expert', then the share will be unreachable and the connection will be refused by SAMBA
 - if the /home/public folder has ONLY EXECUTE permission for the user 'BYAD\expert', you will be able to connect, but will NOT be able to see anything in the share. (However, if you KNOW the name of the file/folder in the share, AND you have permissions to it, you CAN actually access it!)
 - ONLY if all these above tests pass, AND the user 'MYAD\expert' has READ AND EXECUTE permission on /home/public -- ONLY THEN will the share work properly.

So again, you appear to need to check the credentials being sent to the LINUX/SAMBA system, and check both the SAMBA SHARE permissions AND the LINUX file/folder permissions to resolve this issue.

I hope this helps!

Dan
IT4SOHO
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
ID: 41818050
Allow me to throw two wild guesses into the air for you:

1) Does the surface have the Windows firewall on?  If so, as a test, can you disable it or whatever firewall is in use to see if a connection is successful?

2) What authentication method does the Surface use by default?  (Kerberos, NTLMv2, NTLMv1).  I recently encountered a situation where a firewall would not join a Windows 2012r2 DC to provide SSO authentication because the DC didn't allow both NTLMv1 and NTLMv2...it allowed only Kerberos by default.  A simple registry update allowed what our firewall required.

Perhaps these will take you in a positive direction.

Scott
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 41818074
Zen makes a couple of good points, but I think its important to make a counter-point.

A) The Surface might be being blocked by its own firewall -- it must "trust" the connection that it is using to connect to the Linux system (be a PRIVATE connection, not a PUBLIC one).

2) The Surface NEED NOT be joined to the AD domain to connect to the Linux share -- however, if it IS joined, then the credentials on the AD will be used to make the connection and that takes us back to the LINUX permissions. If the Surface is NOT joined, but you are using an AD set of credentials, you MUST include the AD name in the credentials provided. (E.g.: the username in my example is  'MYAD\expert' -- NOT just plain 'expert'.


Dan
IT4SOHO
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
ID: 41818104
Dan,
I agree on both of your points.  

I have a CentOS 5.4 (its a bit old) box that I needed to connect a Windows 7 Pro laptop to recently.  I installed Samba onto and created my user account both with the useradd command, putting it into the /etc/passwd file and with the smbpasswd command.  I don't recall assigning any specific permissions to the linux file system, nor putting the user account into sudo or a full-access group (root).  Once done I can enter the following into a CMD prompt:

net use r: \\CentOS-IP\backups /user:scott and it connects

Scott
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 41818145
You definitely DO NOT want to have a 'samba' user as a SUDOER -- but that being said, Samba has no way to exploit the added permissions to such a user in any case!

If your share definition and user add (more appropriately, smbpasswd user add) allowed you to browse with no further action, then the permissions (likely for ALL) were already present. Common, but you cannot RELY on that fact. Whats more, there are potential ACLs that can play havoc with permissions.

Dan
IT4SOHO
0
 

Accepted Solution

by:
odddball earned 0 total points
ID: 41820550
Thank you for the assistance.  Unfortunately they did not help.  In the end, looks like a Windows 10 update caused the issue.  Used the restore point and the issue went away.  Thank you for all your help.
0
 

Author Comment

by:odddball
ID: 41820552
Windows 10 update issue
0
 

Author Closing Comment

by:odddball
ID: 41826028
Windows 10 update
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now