# anonymous access to windows mount via smbclient denied

## mathfeel

Hi all:

Here's the deal:

[WIN64]: Guest account enabled (with no password), share has the following permission:

Myuser: Full Control

Everyone: Read

Now I am trying to access this mount as Guest

```

Myuser # smbclient --user=guest -N -L hostname

Anonymous login successful

Domain=[WORKGROUP] OS=[Windows XP 3790 Service Pack 1] Server=[Windows XP 5.2]

        Sharename       Type      Comment

        ---------       ----      -------

Error returning browse list: NT_STATUS_ACCESS_DENIED

Anonymous login successful

Domain=[WORKGROUP] OS=[Windows XP 3790 Service Pack 1] Server=[Windows XP 5.2]

```

```

Myuser # smbclient -L hostname

Password: (Myuser password)

session setup failed: NT_STATUS_LOGON_TYPE_NOT_GRANTED

```

```

Myuser # smbclient -N -L hostname

Anonymous login successful

Domain=[WORKGROUP] OS=[Windows XP 3790 Service Pack 1] Server=[Windows XP 5.2]

        Sharename       Type      Comment

        ---------       ----      -------

Error returning browse list: NT_STATUS_ACCESS_DENIED

Anonymous login successful

Domain=[WORKGROUP] OS=[Windows XP 3790 Service Pack 1] Server=[Windows XP 5.2]

```

```

Myuser # smbclient  --user=Myuser -L hostname

password: (Myuser passwd)

Domain=[MATHEMAWIZARD] OS=[Windows XP 3790 Service Pack 1] Server=[Windows XP 5.2]

        Sharename       Type      Comment

        ---------       ----      -------

        IPC$            IPC       Remote IPC

        C$              Disk      Default share

        ADMIN$          Disk      Remote Admin

        Matt Music      Disk

        incoming        Disk

        F$              Disk      Default share

        D$              Disk      Default share

        E$              Disk      Default share

Domain=[MATHEMAWIZARD] OS=[Windows XP 3790 Service Pack 1] Server=[Windows XP 5.2]

        Server               Comment

        ---------            -------

        Workgroup            Master

        ---------            -------

```

So it only worked in the last case. But I want anonymous access to the shares. Help please?

----------

## Cpt_McLane

how about the user "guest"? tried that one?

----------

## mathfeel

 *Cpt_McLane wrote:*   

> how about the user "guest"? tried that one?

 

The very first try was with --user=guest

----------

## Cpt_McLane

oops.... my fault...

can you mount the shares as an anonymus user to your gentoo machine?

----------

## mathfeel

 *Cpt_McLane wrote:*   

> oops.... my fault...
> 
> can you mount the shares as an anonymus user to your gentoo machine?

 

you mean like this:

```

mount -t smbfs \\hostname\share \mnt\smbmnt

```

err....no....

----------

## Cpt_McLane

ok, i've thought a lot and tried something with my windows... first i've to say, my windows is a german version, so if the expressions aren't right, excuse me...

in windows (xp) there are two ways to share a directory. one is called (german:"einfache Dateifreigabe") i assume "easy share" and the other one is the oposite (taking the hook out of the checkbox).

i can reproduce your problem by not using the easy share when assigning directories as shares. but when afterwards i switch to "easy share" the policies for the directories declared as shares while not running easy share are still active and i can connect with correct account informations.

maybe you should give it a shot. (hope, easy share is the right translation)

----------

## Mben

 *Cpt_McLane wrote:*   

> (hope, easy share is the right translation)

 

there is an ms knowledge base article here: http://support.microsoft.com/default.aspx?scid=kb;en-us;304040 about file sharing. it looks like it is called simple sharing in the english version of windows. also make sure you are not sharing a folder that windows blocks from file sharing like \windows or \documents and settings  (including my documents, but subdirectories of my documents/desktop are fine)  

also: do you know that another windows machine can access your shares? it looks like you are doing the right things from linux

----------

## ph03n1x

Have a look for a user called anonymous or so. If I recall correctly windows xp denies completely anonymous access since sp2. But I might be wrong on this... at least it's true for the servers.

----------

## number_nine

I'm bumping this because I'm having the exact same problems---can't even get a browse list:

I'm trying to access my friends Windows XP Pro computer, which is named "JDpc":

```

# smbclient -L //jdpc -U guest -N

Anonymous login successful

Domain=[WORKGROUP] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

        Sharename       Type      Comment

        ---------       ----      -------

Error returning browse list: NT_STATUS_ACCESS_DENIED

Anonymous login successful

Domain=[WORKGROUP] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

        Server               Comment

        ---------            -------

        JDPC                 

        Workgroup            Master

        ---------            -------

        RAWSEWAGE            SEPTICTANK

        WORKGROUP            JDPC

```

There's that dreaded NT_STATUS_ACCESS_DENIED message again.

Does anyone have any further suggestions?  Even if I try to list or connect to specific shares, I get some form of permission denied error.  All the Win XP shares have been set so that both "Everyone" and "Guest" have Full Control.  Why can't I even see that those shares are available?

I'm fairly certain that this is a Windows problem, since my setup used to work perfectly when this Windows box was running 2000.  The upgrade to XP broke filesharing.

Anyone have any more advice?  I'm desparate!

Thanks!

----------

## number_nine

As far as I can tell, it appears that you must use an actual nonblank username AND password to connect to a Windows XP Pro share.  The account you use to connect must exist on the Windows box and the password cannot be blank.  As far as I can tell, real "anonymous" browsing (i.e. no username/password, or variations on username=guest or whatever with a blank password) is simply not available.

Anyone have any evidence or HOWTOs that refute this?

Thanks again!

----------

