search

jborean93 / smbprotocol

Python SMBv2 and v3 Client
MIT License
320 stars 74 forks source link

Access Denied using smb2.1 with AWS FSx #116

Closed yokrysty closed 3 years ago

yokrysty commented 3 years ago

It is working fine using SMB 3.1 dialect but not working with 2.1 dialect, getting access denied. From the official AWS documentation it should work: Amazon FSx is accessible from compute instances with the SMB protocol (supporting versions 2.0 to 3.1.1). https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html#fsx-access-shares

Traceback (most recent call last):
  File "<pyshell#4>", line 1, in <module>
    smbclient.listdir(share)
  File "C:\Python39\lib\site-packages\smbclient\_os.py", line 242, in listdir
    with SMBDirectoryIO(path, mode='r', share_access='r', **kwargs) as dir_fd:
  File "C:\Python39\lib\site-packages\smbclient\_io.py", line 372, in __init__
    tree, fd_path = get_smb_tree(path, **kwargs)
  File "C:\Python39\lib\site-packages\smbclient\_pool.py", line 294, in get_smb_tree
    session = register_session(server, username=username, password=password, port=port, encrypt=encrypt,
  File "C:\Python39\lib\site-packages\smbclient\_pool.py", line 361, in register_session
    session.connect()
  File "C:\Python39\lib\site-packages\smbprotocol\session.py", line 292, in connect
    response = self.connection.receive(request)
  File "C:\Python39\lib\site-packages\smbprotocol\connection.py", line 928, in receive
    raise SMBResponseException(response)
smbprotocol.exceptions.AccessDenied: Received unexpected status from the server: A process has requested access to an object but has not been granted those access rights. (3221225506) STATUS_ACCESS_DENIED: 0xc0000022
jborean93 commented 3 years ago

There was a similar report but not exactly the same here that may possible be related https://github.com/jborean93/smbprotocol/issues/111. Is the username you are providing in the form DOMAIN\username or just username? The linked issue seemed to indicate the netlogon DOMAIN\username may be needed. Otherwise my other comment in there has some debugging tips to try and track down what may be the problem.

yokrysty commented 3 years ago

i made some digging and it seems that the SMB server only accepts encrypted packets, maybe due to some internal company policies, so not a default AWS setup, this means i can use minimum dialect of 3.0.0, issue can be closed

jborean93 commented 3 years ago

Thanks for confirming!