Cfrtjryk

I have set up Samba server on CentOS 7.4 and supposedly allowed it in SELinux.
I can successfully access anonymous share on root filesystem but cannot access directories on mounted NTFS partition. In Win10 I get

you do not have permission to access 192.16.1.119soft

Here is how I mount NTFS shares in fstab

UUID=3636E6FC36E6BC4D /media/SYSTEM ntfs rw,auto,users,exec,nls=utf8,umask=003,gid=1000,uid=1000    0   0

Here is my smb.conf

[global]



workgroup = WORKGROUP

server string = Centy Samba %v

netbios name = centos

security = user

map to guest = bad user

dns proxy = no

log level = 3

log file = /var/log/smblog

#============================ Share Definitions ==============================



[Anonymous]

path = /samba/anonymous

browsable = yes

writable = yes

guest ok = yes

read only = no



[soft]

path = /media/SYSTEM/soft

read only = no

guest ok = yes

writable = yes

browsable = yes

Here is the log:

 ../source3/nmbd/nmbd_elections.c:41(send_election_dgram)

  send_election_dgram: Sending election packet for workgroup WORKGROUP on subnet 192.168.122.1

 ../source3/nmbd/nmbd_elections.c:41(send_election_dgram)

  send_election_dgram: Sending election packet for workgroup WORKGROUP on subnet 192.168.122.1

 ../source3/nmbd/nmbd_elections.c:41(send_election_dgram)

  send_election_dgram: Sending election packet for workgroup WORKGROUP on subnet 192.168.122.1

 ../source3/nmbd/nmbd_elections.c:201(run_elections)

  run_elections: >>> Won election for workgroup WORKGROUP on subnet 192.168.122.1 <<<

 ../source3/nmbd/nmbd_become_lmb.c:538(become_local_master_browser)

  become_local_master_browser: Starting to become a master browser for workgroup WORKGROUP on subnet 192.168.122.1

 ../source3/nmbd/nmbd_become_lmb.c:540(become_local_master_browser)

  become_local_master_browser: first stage - attempt to register ^1^2__MSBROWSE__^2^1

 ../source3/nmbd/nmbd_serverlistdb.c:411(write_browse_list)

  write_browse_list: Wrote browse list into file /var/lib/samba/browse.dat

 ../source3/nmbd/nmbd_incomingrequests.c:323(process_node_status_request)

  process_node_status_request: status request for name *<00> from IP 192.168.1.1 on subnet UNICAST_SUBNET.

 ../source3/nmbd/nmbd_namelistdb.c:263(add_name_to_subnet)

  add_name_to_subnet: Added netbios name __MSBROWSE__<01> with first IP 192.168.122.1 ttl=0 nb_flags=80 to subnet 192.168.122.1

 ../source3/nmbd/nmbd_become_lmb.c:453(become_local_master_stage1)

  become_local_master_stage1: go to stage 2: register the WORKGROUP<1d> name.

 ../source3/nmbd/nmbd_namelistdb.c:263(add_name_to_subnet)

  add_name_to_subnet: Added netbios name __MSBROWSE__<01> with first IP 192.168.122.1 ttl=0 nb_flags=80 to subnet UNICAST_SUBNET

 ../source3/nmbd/nmbd_namelistdb.c:263(add_name_to_subnet)

  add_name_to_subnet: Added netbios name WORKGROUP<1d> with first IP 192.168.122.1 ttl=0 nb_flags= 0 to subnet 192.168.122.1

 ../source3/nmbd/nmbd_become_lmb.c:354(become_local_master_stage2)

  become_local_master_stage2: registered as master browser for workgroup WORKGROUP on subnet 192.168.122.1

 ../source3/nmbd/nmbd_sendannounce.c:70(broadcast_announce_request)

  broadcast_announce_request: sending announce request for workgroup WORKGROUP to subnet 192.168.122.1

 ../source3/nmbd/nmbd_namelistdb.c:263(add_name_to_subnet)

  add_name_to_subnet: Added netbios name WORKGROUP<1d> with first IP 192.168.122.1 ttl=0 nb_flags= 0 to subnet UNICAST_SUBNET

 ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)

  *****



  Samba name server CENTOS is now a local master browser for workgroup WORKGROUP on subnet 192.168.122.1



  *****

 ../source3/nmbd/nmbd_sendannounce.c:170(send_local_master_announcement)

  send_local_master_announcement: type 849a03 for name CENTOS on subnet 192.168.122.1 for workgroup WORKGROUP

 ../source3/nmbd/nmbd_sendannounce.c:189(send_workgroup_announcement)

  send_workgroup_announcement: on subnet 192.168.122.1 for workgroup WORKGROUP

 ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)

  process_name_query_request: Name query from 192.168.1.100 on subnet 192.168.1.105 for name MEZCAL<20>

 ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)

  process_name_query_request: Name query from 192.168.1.100 on subnet 192.168.1.105 for name MEZCAL<20>

 ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)

  process_name_query_request: Name query from 192.168.1.100 on subnet 192.168.1.105 for name WORKGROUP<1b>

 ../source3/nmbd/nmbd_serverlistdb.c:411(write_browse_list)

  write_browse_list: Wrote browse list into file /var/lib/samba/browse.dat

 ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)

  process_name_query_request: Name query from 192.168.1.100 on subnet 192.168.1.105 for name WORKGROUP<1b>

 ../source3/nmbd/nmbd_incomingrequests.c:323(process_node_status_request)

  process_node_status_request: status request for name *<00> from IP 192.168.1.1 on subnet UNICAST_SUBNET.

 ../lib/util/access.c:361(allow_access)

  Allowed connection from 192.168.1.100 (192.168.1.100)

 ../source3/smbd/oplock.c:1329(init_oplocks)

  init_oplocks: initializing messages.

 ../source3/smbd/process.c:1959(process_smb)

  Transaction 0 of length 178 (0 toread)

 ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)

  Selected protocol SMB3_11

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'gssapi_spnego' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'gssapi_krb5' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'gssapi_krb5_sasl' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'spnego' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'schannel' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'naclrpc_as_system' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'sasl-EXTERNAL' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'ntlmssp' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'ntlmssp_resume_ccache' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'http_basic' registered

 ../auth/gensec/gensec_start.c:977(gensec_register)

  GENSEC backend 'http_ntlm' registered

 ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)

  Got NTLMSSP neg_flags=0xe2088297

 ../auth/ntlmssp/ntlmssp_server.c:454(ntlmssp_server_preauth)

  Got user=[pepe] domain=[ISIDA] workstation=[ISIDA] len1=24 len2=244

 ../source3/param/loadparm.c:3847(lp_load_ex)

  lp_load_ex: refreshing parameters

 ../source3/param/loadparm.c:543(init_globals)

  Initialising global parameters

 ../source3/param/loadparm.c:2761(lp_do_section)

  Processing section "[global]"

 ../source3/param/loadparm.c:2778(lp_do_section)

  Processing section "[Anonymous]"

 ../source3/param/loadparm.c:2778(lp_do_section)

  Processing section "[soft]"

 ../source3/param/loadparm.c:1596(lp_add_ipc)

  adding IPC service

 ../source3/auth/auth.c:189(auth_check_ntlm_password)

  check_ntlm_password:  Checking password for unmapped user [ISIDA][pepe]@[ISIDA] with the new password interface

 ../source3/auth/auth.c:192(auth_check_ntlm_password)

  check_ntlm_password:  mapped user is: [ISIDA][pepe]@[ISIDA]

 ../source3/auth/check_samsec.c:399(check_sam_security)

  check_sam_security: Couldn't find user 'pepe' in passdb.

 ../source3/auth/auth.c:332(auth_check_ntlm_password)

  check_ntlm_password:  Authentication for user [pepe] -> [pepe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1

 ../auth/auth_log.c:760(log_authentication_event_human_readable)

  Auth: [SMB2,(null)] user [ISIDA][pepe] at [Sat, 09 Jun 2018 02:58:47.401161 EDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [ISIDA] remote host [ipv4:192.168.1.100:9520] mapped to [ISIDA][pepe]. local host [ipv4:192.168.1.105:445] 

 ../auth/auth_log.c:591(log_no_json)

  log_no_json: JSON auth logs not available unless compiled with jansson

 ../source3/auth/auth_util.c:1626(do_map_to_guest_server_info)

  No such user pepe [ISIDA] - using guest account

 ../lib/util/access.c:361(allow_access)

  Allowed connection from 192.168.1.100 (192.168.1.100)

 ../source3/smbd/service.c:595(make_connection_snum)

  Connect path is '/media/BACKUP/soft' for service [soft]

 ../source3/smbd/vfs.c:113(vfs_init_default)

  Initialising default vfs hooks

 ../source3/smbd/vfs.c:139(vfs_init_custom)

  Initialising custom vfs hooks from [/[Default VFS]/]

 ../source3/smbd/service.c:841(make_connection_snum)

  isida (ipv4:192.168.1.100:9520) connect to service soft initially as user nobody (uid=99, gid=99) (pid 1876)

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../lib/util/access.c:361(allow_access)

  Allowed connection from 192.168.1.100 (192.168.1.100)

 ../source3/smbd/service.c:595(make_connection_snum)

  Connect path is '/samba/anonymous' for service [Anonymous]

 ../source3/smbd/vfs.c:113(vfs_init_default)

  Initialising default vfs hooks

 ../source3/smbd/vfs.c:139(vfs_init_custom)

  Initialising custom vfs hooks from [/[Default VFS]/]

 ../source3/smbd/service.c:841(make_connection_snum)

  isida (ipv4:192.168.1.100:9520) connect to service Anonymous initially as user nobody (uid=99, gid=99) (pid 1876)

 ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req)

  api_pipe_bind_req: srvsvc -> srvsvc rpc service

 ../source3/rpc_server/srv_pipe.c:356(check_bind_req)

  check_bind_req for srvsvc context_id=0

 ../source3/rpc_server/srv_pipe.c:399(check_bind_req)

  check_bind_req: srvsvc -> srvsvc rpc service

 ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP)

  api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_FS_DRIVER_REQUIRED] || at ../source3/smbd/smb2_ioctl.c:309

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at ../source3/smbd/smb2_create.c:293

 ../source3/smbd/dir.c:657(dptr_create)

  creating new dirptr 0 for path ., expect_close = 0

 ../source3/smbd/dir.c:1228(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found . fname=. (.)

 ../source3/smbd/dir.c:1228(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found .. fname=.. (..)

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[9] status[STATUS_NO_MORE_FILES] || at ../source3/smbd/smb2_query_directory.c:155

 ../source3/smbd/smb2_notify.c:250(smbd_smb2_notify_send)

  smbd_smb2_notify_send: notify change called on ., filter = DIR_NAME, recursive = 0

 ../source3/smbd/smb2_notify.c:250(smbd_smb2_notify_send)

  smbd_smb2_notify_send: notify change called on ., filter = FILE_NAME|ATTRIBUTES|LAST_WRITE, recursive = 0

 ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req)

  api_pipe_bind_req: srvsvc -> srvsvc rpc service

 ../source3/rpc_server/srv_pipe.c:356(check_bind_req)

  check_bind_req for srvsvc context_id=0

 ../source3/rpc_server/srv_pipe.c:399(check_bind_req)

  check_bind_req: srvsvc -> srvsvc rpc service

 ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP)

  api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_CANCELLED] || at ../source3/smbd/smb2_notify.c:123

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_CANCELLED] || at ../source3/smbd/smb2_notify.c:123

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_FS_DRIVER_REQUIRED] || at ../source3/smbd/smb2_ioctl.c:309

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_FS_DRIVER_REQUIRED] || at ../source3/smbd/smb2_ioctl.c:309

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

 ../source3/nmbd/nmbd_incomingrequests.c:323(process_node_status_request)

  process_node_status_request: status request for name *<00> from IP 192.168.1.1 on subnet UNICAST_SUBNET.

 ../source3/smbd/service.c:1120(close_cnum)

  isida (ipv4:192.168.1.100:9520) closed connection to service IPC$

 ../source3/nmbd/nmbd_incomingrequests.c:323(process_node_status_request)

  process_node_status_request: status request for name *<00> from IP 192.168.1.1 on subnet UNICAST_SUBNET.

 ../source3/nmbd/nmbd_sendannounce.c:212(send_host_announcement)

  send_host_announcement: type 819a03 for host CENTOS on subnet 192.168.1.105 for workgroup WORKGROUP

 ../source3/nmbd/nmbd_incomingrequests.c:323(process_node_status_request)

  process_node_status_request: status request for name *<00> from IP 192.168.1.1 on subnet UNICAST_SUBNET.

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../lib/util/access.c:361(allow_access)

  Allowed connection from 192.168.1.100 (192.168.1.100)

 ../source3/smbd/service.c:595(make_connection_snum)

  Connect path is '/tmp' for service [IPC$]

 ../source3/smbd/vfs.c:113(vfs_init_default)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../lib/util/access.c:361(allow_access)

  Allowed connection from 192.168.1.100 (192.168.1.100)

 ../source3/smbd/service.c:595(make_connection_snum)

  Connect path is '/tmp' for service [IPC$]

 ../source3/smbd/vfs.c:113(vfs_init_default)

  Initialising default vfs hooks

 ../source3/smbd/vfs.c:139(vfs_init_custom)

  Initialising custom vfs hooks from [/[Default VFS]/]

 ../source3/smbd/service.c:841(make_connection_snum)

  isida (ipv4:192.168.1.100:9520) connect to service IPC$ initially as user nobody (uid=99, gid=99) (pid 1876)

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req)

  api_pipe_bind_req: srvsvc -> srvsvc rpc service

 ../source3/rpc_server/srv_pipe.c:356(check_bind_req)

  check_bind_req for srvsvc context_id=0

 ../source3/rpc_server/srv_pipe.c:399(check_bind_req)

  check_bind_req: srvsvc -> srvsvc rpc service

 ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP)

  api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_FS_DRIVER_REQUIRED] || at ../source3/smbd/smb2_ioctl.c:309

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/smbd/service.c:120(set_current_service)

  chdir (/media/BACKUP/soft) failed, reason: Permission denied

 ../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2472

 ../source3/nmbd/nmbd_incomingrequests.c:323(process_node_status_request)

  process_node_status_request: status request for name *<00> from IP 192.168.1.1 on subnet UNICAST_SUBNET.

 ../source3/smbd/service.c:1120(close_cnum)

Is it some NTFS mount limitation?

UPDATE: Here is the new log after tukan modifications

You're using an unknown account:

check_ntlm_password:  Authentication for user [pepe] -> [pepe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1

so your access to soft is as guest. You've allowed guest access in Samba but the permissions in the filesystem don't appear to be set up to honour that.

By default the guest user is nobody so you need to set your filesystem permissions to allow it access. Or change how you're trying to access the share.

Following through information added via comments it seems that we need a more detailed solution. At the moment you mount the NTFS filesystem with an explicit owner - essentially treating its ownerships like a vFAT filesystem. But that owner doesn't match the account you have defined through Samba to access the filesystem, so Samba accounts cannot access the filesystem. Either these must match or you need to use the NTFS filesystem permissions and remove the forced mount ownership.

Let's take the route that requires fewer changes to your system. It's a home-user approach rather than a many-user ("enterprisey") approach.

1. Leave the NTFS mount unchanged, so that you continue to force owner=1000, group=1000.



2. 
   

   Tell Samba that authenticated users must be treated as owner=1000, group=1000 when accessing the corresponding share, by including the force user directive:

   
   
   

   [global]
   
   ...
   
   security = user
   
   map to guest = bad user     # Use "guest" account for unknown users
   
   ; guest account = nobody    # Implicit default unless you override it
   
   
   
   [soft]
   
   path = /media/SYSTEM/soft
   
   read only = no
   
   writable = yes
   
   browsable = yes
   
   guest ok = yes              # Allow unknown users to access this share
   
   force user = 1000           # Samba authenticates, but filesystem access is as uid=1000
   
   

   
   

Note that a valid user with an invalid password will be refused access, but an invalid user (with any password) will be allowed access. This is what you have defined here with your map to guest = bad user and guest ok = yes. I would strongly recommend you change one of these to read either map to guest = never or guest ok = no.

In your /etc/fstab I would suggest you consider removing the uid, gid, and umask settings for the NTFS filesystem, as you can then remove the force user and force group settings in Samba. But you may have good reason for these values so I haven't changed them in my answer.