When setting up a Samba share on CentOS 5.2 (Samba 3.0.33-3.29), I encountered persistent "Permission denied" errors despite seemingly correct configurations. The share was configured in /etc/samba/smb.conf as follows:
[upload]
comment = upload folder
path = /upload
valid users = kevin root
public = yes
writable = yes
browsable = yes
create mask = 0777
directory mask = 0777
guest ok = yes
Before diving deeper, let's validate the fundamental requirements:
# Check directory permissions ls -ld /upload # Should show kevin as owner drwxrwxrwx 2 kevin root 4096 Jul 2 17:00 /upload # Verify Samba user exists sudo pdbedit -L | grep kevin # Should list kevin:XXX:XXXXXXXXX
The key evidence came from /var/log/samba/smbd.log:
[2010/07/02 16:56:10, 0] smbd/service.c:make_connection_snum(1013) '/upload' does not exist or permission denied when connecting to [upload] Error was Permission denied
This indicates either:
- SELinux is blocking access
- Filesystem permissions are insufficient despite the 777 masks
- Parent directory permissions are restrictive
1. SELinux Context Configuration
For CentOS systems, SELinux often interferes with Samba shares:
# Check current SELinux context ls -Z /upload # Apply proper context sudo chcon -t samba_share_t /upload # Make it persistent sudo semanage fcontext -a -t samba_share_t "/upload(/.*)?" sudo restorecon -R -v /upload
2. Filesystem Permission Verification
Even with 777 permissions, parent directories matter:
# Check all parent directory permissions namei -l /upload # Should show at least rx permissions for all components
3. Samba Configuration Tweaks
Try adding these parameters to your share definition:
[upload]
force user = kevin
force group = kevin
inherit permissions = yes
inherit acls = yes
4. Windows Client Configuration
For Windows 7 clients, ensure these registry settings:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "LmCompatibilityLevel"=dword:00000001
When basic fixes don't work, try these diagnostic commands:
# Test Samba configuration testparm -s # Check smbd process capabilities sudo getcap /usr/sbin/smbd # Enable verbose logging in smb.conf log level = 3 auth:5 auth_audit:5 # Test share access manually smbclient //localhost/upload -U kevin
Remember that older Samba versions (like 3.0.x) may have compatibility issues with newer Windows clients. Consider upgrading Samba if possible.
When your Windows machine throws error code 0x80070035 while trying to access a Samba share on CentOS, it typically indicates one of three things:
- Permission issues at either the filesystem or Samba level
- Configuration problems in smb.conf
- Authentication protocol mismatches
The error log clearly shows "/upload does not exist or permission denied". Let's verify the directory exists and has correct permissions:
# Check directory existence and permissions ls -ld /upload # Expected output: # drwxrwxrwx 2 kevin root 4096 Jul 10 10:00 /upload # If permissions are incorrect: chown kevin:root /upload chmod 2777 /upload # 2 for SGID bit if needed
The sticky bit (1777) might be necessary if multiple users need to maintain ownership of their files.
Your current smb.conf has potential conflicts that need resolution:
[upload]
comment = upload folder
path = /upload
valid users = kevin root
public = yes # Conflicts with 'valid users'
writable = yes
browsable = yes
create mask = 0777 # Consider more restrictive like 0770
directory mask = 0777
guest ok = yes # Conflicts with authentication requirements
force user = kevin # Ensures files are owned by kevin
force group = root
Windows 7 and CentOS 5.2 might have NTLM version mismatches. Add these to your smb.conf global section:
[global]
client ntlmv2 auth = yes
client use spnego = yes
ntlm auth = yes
lanman auth = no
Test basic connectivity before troubleshooting Samba:
# From Windows command prompt: ping cos-01 nbtstat -A 172.17.3.90 # From CentOS: testparm -s smbclient -L localhost -U kevin
CentOS 5.2 might have these blocking access:
# Check SELinux context: ls -Z /upload # If needed: chcon -t samba_share_t /upload # Firewall rules: iptables -I INPUT -p tcp --dport 139 -j ACCEPT iptables -I INPUT -p tcp --dport 445 -j ACCEPT service iptables save
When basic fixes don't work, try these diagnostic commands:
# Monitor Samba access in real-time: tail -f /var/log/samba/log.smbd # Test share access directly: smbclient //cos-01/upload -U kevin -d 3 # Verify name resolution: nmblookup cos-01