When Windows 10 clients fail to authenticate with Samba 4.1.17 on Ubuntu 15.10 despite correct credentials, we need to examine both protocol compatibility and permission chains. The error manifests when:
[TVShare]
path = /media/MEDIA2/TV
valid users = benjamin
read only = no
writable = no # Conflict with read onlyModern Windows 10 requires NTLMv2 authentication by default. Add these global parameters:
[global]
# Force SMB2+ and modern auth
min protocol = SMB2
client min protocol = SMB2
client ntlmv2 auth = yes
ntlm auth = noVerify Linux filesystem permissions match Samba expectations:
# Check parent directory permissions
namei -l /media/MEDIA2/TV
# Expected output:
drwxrwxr-x benjamin benjamin /media/MEDIA2/TVConfirm user mapping exists in Samba's database:
sudo pdbedit -L -v | grep benjamin
# Should show:
Unix username: benjamin
NT username:
Account Flags: [U ]
User SID: S-1-5-21-...The share definition contains contradictory parameters:
[TVShare]
read only = no # Allows writing
writable = no # Disables writing
# Fix by choosing one:
writable = yes
# OR
read only = yesClear stale credentials on Windows:
net use * /delete /y
cmdkey /delete:192.168.0.5Enable verbose logging by adding to smb.conf:
[global]
log level = 3 auth:5 winbind:5
# Then monitor logs:
tail -f /var/log/samba/log.smbdTry mapping with different syntax:
net use Z: \\192.168.0.5\TVShare /user:benjamin%passwordYou've set up your Samba share on Ubuntu 15.10 (Samba 4.1.17), created the user with smbpasswd, but Windows 10 keeps throwing that infuriating "Access is Denied" message when you try to connect. Let's troubleshoot this systematically.
First, let's verify the key elements from your configuration:
[TVShare]
path = /media/MEDIA2/TV
available = yes
valid users = benjamin
read only = no
browsable = yes
public = yes
writable = no
The directory permissions show correct ownership:
drwxrwxr-x 40 benjamin benjamin 4096 Sep 5 16:18 /media/MEDIA2/TV/
Notice the conflicting parameters in your share definition:
read only = no(should allow writing)writable = no(explicitly denies writing)public = yes(allows guest access)valid users = benjamin(restricts to one user)
Here's a corrected version of your share definition:
[TVShare]
path = /media/MEDIA2/TV
valid users = benjamin
read only = no
browsable = yes
writable = yes
create mask = 0775
directory mask = 0775
force user = benjamin
force group = benjamin
To verify Samba user authentication, run:
sudo smbclient //localhost/TVShare -U benjamin
If this fails, check your Samba user database:
sudo pdbedit -L -v
Modern Windows versions have stricter security policies. Try these steps:
- Enable SMB1 client in Windows Features (temporary troubleshooting)
- Add these lines to your
[global]section:client min protocol = SMB2 client max protocol = SMB3
For more complex scenarios, consider adjusting Unix permissions:
sudo chmod -R 775 /media/MEDIA2/TV
sudo chown -R benjamin:benjamin /media/MEDIA2/TV
Enable verbose logging in smb.conf:
[global]
log level = 3 auth:5
Then monitor logs in real-time:
tail -f /var/log/samba/log.*
- Verify user exists in both system and Samba (
getent passwd benjaminandpdbedit -L) - Ensure consistent password between system and Samba
- Check for IP-based restrictions in Windows firewall
- Test with Windows credentials (DOMAIN\username format if needed)