Web lists-archives.com

Re: [Samba] [4.5.12] "guest account" doesn't work




It looks like "service samba reload" and/or not disconnecting from Windows explains the problem I had.

After…

1. Using this, with no need for "force user" at the share level:

[global]
map to guest = Bad User
guest account = www-data

2. Running "/etc/init.d/samba restart"

… I can a) connect, and b) write files as www-data, as expected.

The reason I use the init.d script is because of this:

~# service samba reload
[ ok ] Reloading smbd configuration (via systemctl): smbd.service.
~# service samba restart
Failed to restart samba.service: Unit samba.service is masked.

Thank you.

On 09/05/2018 15:29, Rowland Penny via samba wrote:
On Wed, 9 May 2018 14:07:12 +0200
Gilles via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

Until now, I let Samba use nobody:nogroup to access shares from
Windows with no account in Samba.

I wanted to try the "guest account" option to tell it to use a
specific Unix account… but it fails with "Access denied". The
solution is to either give up on the "guest account" directive, or
add "force user" to the share. Why is that?
The default Samba 'guest account' is 'nobody' and this seems to be
hard coded into Samba and when an unknown user connects and 'map to
guest' is set to 'Bad User', the unknown user is silently mapped to
'nobody'.
Without checking the source, I think this would happen even if 'nobody'
tried to connect.

Bad User:
Means user logins with an invalid password are rejected, unless the
username does not exist, in which case it is treated as a guest login
and mapped into the guest account.

Taking the above into account, the problem with 'www-date' is that it
does exist, so it will not be allowed access.
You could try to prove this by changing 'Bad User' to 'Bad Password',
but I wouldn't leave it like this.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba