Samba Share Access Denied on Windows 10 and Android

Installing and Using OpenWrt
1

I've been bashing my head against this for HOURS searching every thread on every site I can find, but so far nothing that has worked for other people has worked for me.

I am trying to setup up a network share on a USB drive with Samba4 on my router. I followed the instructions on this page https://openwrt.org/docs/guide-user/services/nas/cifs.server, step by step, very carefully, twice. When I attempt to open the file share from my Win10 PC or my Android phone, I put in the username and password that I added to passwd and smbpasswd (I checked many times that the name and password are correct, and I am not trying to login as root because I understand that this is prohibited by default) I receive a message saying "access denied".

My uci Samba settings:

samba4.@samba[0]=samba
samba4.@samba[0].charset='UTF-8'
samba4.@samba[0].description='Samba on OpenWRT'
samba4.@samba[0].workgroup='WYNTR'
samba4.@samba[0].interface='lan'
samba4.@sambashare[0]=sambashare
samba4.@sambashare[0].name='wyntr-router-smb0'
samba4.@sambashare[0].read_only='no'
samba4.@sambashare[0].force_root='1'
samba4.@sambashare[0].users='1'
samba4.@sambashare[0].path='/mnt/sda2/share'
samba4.@sambashare[0].guest_ok='yes'
samba4.@sambashare[0].create_mask='0666'
samba4.@sambashare[0].dir_mask='777'
samba4.@sambashare[0].inherit_owner='no'

I've tried toggling Force Root, Guest Ok, and Inherit Owner in different combinations to no effect. I changed dir_mask from "0777" to "777" per a recommendation online, but again no effect.

Some threads suggested making various edits to smb.conf, but any changes I try to make there have no effect and get overwritten automatically when I start/restart the Samba service. I also tried using different formats on the share partition (NTFS and Ext4), changing ownership of the share directory from root to wyntrheart, and doing a complete reinstall of Samba, wiping all the config files, and I even tried enabling login as root in smb.conf. Nothing worked, still "Access Denied".

I can post whatever command outputs or config files you need to see, I can change settings with luci or ssh, whatever I need to do to make this damn thing work. I am tired. Thank you in advance to anyone who tries to help me solve this headache

2

ls -ld /mnt /mnt/sda2 /mnt/sda2/share ?

how are you accessing the shares \\rou.ter.I.P\wyntr-router-smb0 ?

3 
root@wyntr-router-0:~# ls -ld /mnt /mnt/sda2 /mnt/sda2/share
drwxr-xr-x    1 root     root          4096 Mar 15 10:53 /mnt
drwxr-xr-x    3 root     root          4096 Mar 15 10:05 /mnt/sda2
drwxrwxrwx    2 wyntrhea root          4096 Mar 15 10:05 /mnt/sda2/share

I've tried accessing by \\(IP address), by \\wyntr-router-0, and both with \wyntr-router-smb0 appended, no luck. The first two will show me the file share in explorer.exe, but all four get "Access denied" on password entry

4

\\IP is the way, start by making /mnt and /mnt/sda2 777, even though
reading is already permitted for everyone, but who knows.

5 
root@wyntr-router-0:~# chmod -R 777 /mnt
root@wyntr-router-0:~# ls -ld /mnt /mnt/sda2 /mnt/sda2/share
drwxrwxrwx    1 root     root          4096 Mar 15 10:53 /mnt
drwxrwxrwx    3 root     root          4096 Mar 15 10:05 /mnt/sda2
drwxrwxrwx    2 wyntrhea root          4096 Mar 15 10:05 /mnt/sda2/share
root@wyntr-router-0:~# service samba4 restart

Still no-go :[

6

Did you create the user wintrhea?
If you ssh to the router, can you log in with wyntrhea and it's password?
If you can login, do you have access to the "shared area"?

7

can you ping lan on your router (from within the router), and get a reply/IP back?
it doesn't work for me, if it's the same for you, try putting the routers LAN IP here.

check if samba is listening, using netstat -l -n -p.

8

No, the user I created is "wyntrheart", I'm assuming ls is just not able to fit the whole name here because it shows correctly as "wyntrheart" in passwd and smbpasswd. I can't ssh with that username, which I'm assuming is because I didn't set a terminal for the user

9

I don't understand what you mean by "ping lan". Like, should I type "ping lan" as a command (doesn't work)? I can ping the routers own IP if that's what you mean, and it works normally.

netstat -l -n -p shows Samba listening

10

on ?
post the output, mask public IP if shown.

11 
root@wyntr-router-0:~# netstat -l -n -p
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.0.2:139         0.0.0.0:*               LISTEN      3983/smbd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1661/uhttpd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1409/dropbear
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1661/uhttpd
tcp        0      0 192.168.0.2:445         0.0.0.0:*               LISTEN      3983/smbd
tcp        0      0 fdbc:a7ce:9de6::1:139   :::*                    LISTEN      3983/smbd
tcp        0      0 :::80                   :::*                    LISTEN      1661/uhttpd
tcp        0      0 :::22                   :::*                    LISTEN      1409/dropbear
tcp        0      0 :::443                  :::*                    LISTEN      1661/uhttpd
tcp        0      0 fdbc:a7ce:9de6::1:445   :::*                    LISTEN      3983/smbd
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1776/avahi-daemon:
udp        0      0 192.168.0.255:137       0.0.0.0:*                           3984/nmbd
udp        0      0 192.168.0.2:137         0.0.0.0:*                           3984/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           3984/nmbd
udp        0      0 192.168.0.255:138       0.0.0.0:*                           3984/nmbd
udp        0      0 192.168.0.2:138         0.0.0.0:*                           3984/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           3984/nmbd
udp        0      0 :::5353                 :::*                                1776/avahi-daemon:
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING        249 652/ubusd           /var/run/ubus/ubus.sock
unix  2      [ ACC ]     STREAM     LISTENING       1503 1711/dbus-daemon    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING       1526 1776/avahi-daemon:  /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING       5770 3984/nmbd           /var/run/samba/nmbd/unexpected
unix  2      [ ACC ]     STREAM     LISTENING       5809 3983/smbd           /var/run/samba/ncalrpc/np/initshutdown
unix  2      [ ACC ]     STREAM     LISTENING       5810 3983/smbd           /var/run/samba/ncalrpc/np/eventlog
unix  2      [ ACC ]     STREAM     LISTENING       5811 3983/smbd           /var/run/samba/ncalrpc/np/plugplay
unix  2      [ ACC ]     STREAM     LISTENING       5812 3983/smbd           /var/run/samba/ncalrpc/np/ntsvcs
unix  2      [ ACC ]     STREAM     LISTENING       5813 3983/smbd           /var/run/samba/ncalrpc/np/svcctl
unix  2      [ ACC ]     STREAM     LISTENING       5814 3983/smbd           /var/run/samba/ncalrpc/np/wkssvc
unix  2      [ ACC ]     STREAM     LISTENING       5815 3983/smbd           /var/run/samba/ncalrpc/np/netdfs
unix  2      [ ACC ]     STREAM     LISTENING       5816 3983/smbd           /var/run/samba/ncalrpc/np/samr
unix  2      [ ACC ]     STREAM     LISTENING       5817 3983/smbd           /var/run/samba/ncalrpc/np/lsass
unix  2      [ ACC ]     STREAM     LISTENING       5818 3983/smbd           /var/run/samba/ncalrpc/np/lsarpc
unix  2      [ ACC ]     STREAM     LISTENING       5819 3983/smbd           /var/run/samba/ncalrpc/np/netlogon
unix  2      [ ACC ]     STREAM     LISTENING       5820 3983/smbd           /var/run/samba/ncalrpc/np/srvsvc
unix  2      [ ACC ]     STREAM     LISTENING       5821 3983/smbd           /var/run/samba/ncalrpc/DEFAULT
unix  2      [ ACC ]     STREAM     LISTENING       5822 3983/smbd           /var/run/samba/ncalrpc/np/winreg
12

I had to set this up a few years ago for an office full of windows machinesđŸ˜±
I recall that it would only work if I could ssh as the user first. This might not be true I guess but is what I did.

I created a group for SMB users and gave the group rights keeping root as the owner.. Then added any users to the group.
I had no problems after.

13

I assume 192.168.0.2 is the IP you're using when you try to access the same share, right ?

14

yep, my router's local IP. Actually it's set up as a dumb AP, not the main router if that makes any difference

15

How do I create a group and 'give them rights'? In particular what kind of "rights" does the group need to have? (I can look up how to add a group, but I need more specific instructions about what I need to do with the group)

16

Use chown to set owner and group for the share directory.
Then use chmod to set the access rights.

I'm not saying all this is necessary but from memory it worked for me. The advantage being you can be very flexible with multiple users eg read-only or read write depending on user etc.

17

should already be 777 ....

18

You can set whatever you like. Give group members r/w and others just read-only.

19

Ok so I made a group called smb-group, made that wyntrheart's primary group, and did chgrp -R smb-group /mnt/sda2, then restarted Samba service again.

Still not working ;-;

I have to sleep now, it's insanely late. I'll check back here tomorrow

20

I'm still stuck. Is there anything else I can try?