Web lists-archives.com

Re: [Samba] [4.5.12] "guest account" doesn't work




What you want to know is.. 


## For a standalone server/Member server. 
systemctl stop samba-ad-dc samba
systemctl disable samba-ad-dc samba
systemctl mask samba-ad-dc samba

systemctl unmask smbd winbind nmbd
systemctl enable smbd winbind nmbd
systemctl start smbd winbind nmbd

## For an AD-DC setup. 
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl mask smbd nmbd winbind

systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc
systemctl start samba-ad-dc

This works as of Debian Jessie en up.
Same for Ubuntu as of 16.04 but adviced as of 17.x and up. 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Gilles via samba
> Verzonden: woensdag 9 mei 2018 16:19
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] [4.5.12] "guest account" doesn't work
> 
> It looks like "service samba reload" and/or not disconnecting from 
> Windows explains the problem I had.
> 
> After…
> 
> 1. Using this, with no need for "force user" at the share level:
> 
> [global]
> map to guest = Bad User
> guest account = www-data
> 
> 2. Running "/etc/init.d/samba restart"
> 
> … I can a) connect, and b) write files as www-data, as expected.
> 
> The reason I use the init.d script is because of this:
> 
> ~# service samba reload
> [ ok ] Reloading smbd configuration (via systemctl): smbd.service.
> ~# service samba restart
> Failed to restart samba.service: Unit samba.service is masked.
> 
> Thank you.
> 
> On 09/05/2018 15:29, Rowland Penny via samba wrote:
> > On Wed, 9 May 2018 14:07:12 +0200
> > Gilles via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >
> >> Hello,
> >>
> >> Until now, I let Samba use nobody:nogroup to access shares from
> >> Windows with no account in Samba.
> >>
> >> I wanted to try the "guest account" option to tell it to use a
> >> specific Unix account… but it fails with "Access denied". The
> >> solution is to either give up on the "guest account" directive, or
> >> add "force user" to the share. Why is that?
> > The default Samba 'guest account' is 'nobody' and this seems to be
> > hard coded into Samba and when an unknown user connects and 'map to
> > guest' is set to 'Bad User', the unknown user is silently mapped to
> > 'nobody'.
> > Without checking the source, I think this would happen even 
> if 'nobody'
> > tried to connect.
> >
> > Bad User:
> > Means user logins with an invalid password are rejected, unless the
> > username does not exist, in which case it is treated as a 
> guest login
> > and mapped into the guest account.
> >
> > Taking the above into account, the problem with 'www-date' 
> is that it
> > does exist, so it will not be allowed access.
> > You could try to prove this by changing 'Bad User' to 'Bad 
> Password',
> > but I wouldn't leave it like this.
> >
> > Rowland
> >   
> >
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba