Re: [Samba] [4.5.12] "guest account" doesn't work
- Date: Wed, 9 May 2018 16:32:09 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] [4.5.12] "guest account" doesn't work
What you want to know is..
## For a standalone server/Member server.
systemctl stop samba-ad-dc samba
systemctl disable samba-ad-dc samba
systemctl mask samba-ad-dc samba
systemctl unmask smbd winbind nmbd
systemctl enable smbd winbind nmbd
systemctl start smbd winbind nmbd
## For an AD-DC setup.
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl mask smbd nmbd winbind
systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc
systemctl start samba-ad-dc
This works as of Debian Jessie en up.
Same for Ubuntu as of 16.04 but adviced as of 17.x and up.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Gilles via samba
> Verzonden: woensdag 9 mei 2018 16:19
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] [4.5.12] "guest account" doesn't work
> It looks like "service samba reload" and/or not disconnecting from
> Windows explains the problem I had.
> 1. Using this, with no need for "force user" at the share level:
> map to guest = Bad User
> guest account = www-data
> 2. Running "/etc/init.d/samba restart"
> … I can a) connect, and b) write files as www-data, as expected.
> The reason I use the init.d script is because of this:
> ~# service samba reload
> [ ok ] Reloading smbd configuration (via systemctl): smbd.service.
> ~# service samba restart
> Failed to restart samba.service: Unit samba.service is masked.
> Thank you.
> On 09/05/2018 15:29, Rowland Penny via samba wrote:
> > On Wed, 9 May 2018 14:07:12 +0200
> > Gilles via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >> Hello,
> >> Until now, I let Samba use nobody:nogroup to access shares from
> >> Windows with no account in Samba.
> >> I wanted to try the "guest account" option to tell it to use a
> >> specific Unix account… but it fails with "Access denied". The
> >> solution is to either give up on the "guest account" directive, or
> >> add "force user" to the share. Why is that?
> > The default Samba 'guest account' is 'nobody' and this seems to be
> > hard coded into Samba and when an unknown user connects and 'map to
> > guest' is set to 'Bad User', the unknown user is silently mapped to
> > 'nobody'.
> > Without checking the source, I think this would happen even
> if 'nobody'
> > tried to connect.
> > Bad User:
> > Means user logins with an invalid password are rejected, unless the
> > username does not exist, in which case it is treated as a
> guest login
> > and mapped into the guest account.
> > Taking the above into account, the problem with 'www-date'
> is that it
> > does exist, so it will not be allowed access.
> > You could try to prove this by changing 'Bad User' to 'Bad
> > but I wouldn't leave it like this.
> > Rowland
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the