Let's have this situation:
- Windows server named SERVER_WINDOWS (Windows Server 2008 R2 with latest patches),
- Linux client named CLIENT_LINUX (VMware Data Recovery = CentOS 5.5 x64),
- SERVER_WINDOWS is member of CONTOSO domain,
- CLIENT_LINUX is not member of CONTOSO domain or any other,
- both server and client are in same subnet and without firewall and antivirus program,
- both server and client are reachable
- SERVER_WINDOWS has shared folder named SHARED_FOLDER, share R/W permissions granted to Everyone, NTFS R/W permissions granted to domain user
John@CONTOSO.tld
- I can access SHARED_FOLDER from any computer in CONTOSO domain with
John@CONTOSO.tld credentials
Problem:
- cannot access SHARED_FOLDER from CLIENT_LINUX using command "mount -t cifs //SERVER_WINDOWS/SHARED_FOLDER /mnt/cifs -o
username=John@CONTOSO.tld"
- mount command exits with permission denied error
Steps taken (without any success):
- tried using Linux mount command with different syntax of username (username=CONTOSO\John, username=contoso.tld\John, username=John,domain=CONTOSO, username=John,domain=contoso.tld)
- granted NTFS R/W permissions for Everyone
- setup audit object access (when I access SHARED_FOLDER from my computer I can see "Audit Successfull", but when I try to access SHARED_FOLDER from CLIENT_LINUX I can see nothing - no audit logs produced!) - see below for more details
- adjusted some local security policies - see below for more details
Debugging:
- output of Network Monitor:
CLIENT_LINUX -> SERVER_WINDOWS SMB SMB:C; Negotiate, Dialect = LM1.2X002, LANMAN2.1, NT LM 0.12, POSIX 2 {SMBOverTCP:2, TCP:1, IPv4:22}
SERVER_WINDOWS -> CLIENT_LINUX SMB SMB:R; Negotiate, Dialect is NT LM 0.12 (#2) {SMBOverTCP:2, TCP:1, IPv4:22}
CLIENT_LINUX -> SERVER_WINDOWS TCP TCP:Flags=...A...., SrcPort=41583, DstPort=Microsoft-DS(445)
CLIENT_LINUX -> SERVER_WINDOWS SMB SMB:C; Session Setup Andx, Account =
John@CONTOSO.tld {SMBOverTCP:2, TCP:1, IPv4:22}
SERVER_WINDOWS -> CLIENT_LINUX SMB SMB:R; Session Setup Andx - NT Status: System - Error, Code = (109) STATUS_LOGON_FAILURE {SMBOverTCP:2, TCP:1, IPv4:22}
Frame: Number = 1694, Captured Frame Length = 105, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-50-56-89-00-01],SourceAddress:[44-1E-A1-45-0D-E8]
+ Ipv4: Src = SERVER_WINDOWS, Dest = CLIENT_LINUX, Next Protocol = TCP, Packet ID = 29936, Total IP Length = 91
+ Tcp: Flags=...AP..., SrcPort=Microsoft-DS(445), DstPort=41583, PayloadLen=39, Seq=3715109303 - 3715109342, Ack=2100360946, Win=259 (scale factor 0x8) = 66304
+ SMBOverTCP: Length = 35
- Smb: R; Session Setup Andx - NT Status: System - Error, Code = (109) STATUS_LOGON_FAILURE
Protocol: SMB
Command: Session Setup Andx 115(0x73)
+ NTStatus: 0xC000006D, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_ERROR, Code = (109) STATUS_LOGON_FAILURE
- SMBHeader: Response, TID: 0x0000, PID: 0x0EC7, UID: 0x0000, MID: 0x0002
+ Flags: 128 (0x80)
+ Flags2: 49153 (0xC001)
PIDHigh: 0 (0x0)
SecuritySignature: 0x0
Unused: 0 (0x0)
TreeID: 0 (0x0)
ProcessID: 3783 (0xEC7)
UserID: 0 (0x0)
MultiplexID: 2 (0x2)
- ErrorMessage: 0x1
WordCount: 0 (0x0)
ByteCount: 0 (0x0)
- rare failure audit (unfortunately I am not able to reproduce it)
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: Guest
Source Workstation: SERVER_WINDOWS
Error Code: 0xc0000072
- audit policies:
- adjusted local security policies:
DISABLED: Do not allow anonymous enumeration of SAM accounts
DISABLED: Do not allow anonymous enumeration of SAM accounts and shares
DISABLED: Restrict anonymous access to Named Pipes and Shares
ENABLED: Allow anonymous SID/name translation
ENABLED: Send unencrypted password to connect to third-party SMB servers