Web lists-archives.com

Re: [Samba] [4.5.12] "guest account" doesn't work




Thanks much.

On 09/05/2018 16:32, L.P.H. van Belle via samba wrote:
What you want to know is..


## For a standalone server/Member server.
systemctl stop samba-ad-dc samba
systemctl disable samba-ad-dc samba
systemctl mask samba-ad-dc samba

systemctl unmask smbd winbind nmbd
systemctl enable smbd winbind nmbd
systemctl start smbd winbind nmbd

## For an AD-DC setup.
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl mask smbd nmbd winbind

systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc
systemctl start samba-ad-dc

This works as of Debian Jessie en up.
Same for Ubuntu as of 16.04 but adviced as of 17.x and up.


Greetz,

Louis

-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Gilles via samba
Verzonden: woensdag 9 mei 2018 16:19
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] [4.5.12] "guest account" doesn't work

It looks like "service samba reload" and/or not disconnecting from
Windows explains the problem I had.

After…

1. Using this, with no need for "force user" at the share level:

[global]
map to guest = Bad User
guest account = www-data

2. Running "/etc/init.d/samba restart"

… I can a) connect, and b) write files as www-data, as expected.

The reason I use the init.d script is because of this:

~# service samba reload
[ ok ] Reloading smbd configuration (via systemctl): smbd.service.
~# service samba restart
Failed to restart samba.service: Unit samba.service is masked.

Thank you.

On 09/05/2018 15:29, Rowland Penny via samba wrote:
On Wed, 9 May 2018 14:07:12 +0200
Gilles via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

Until now, I let Samba use nobody:nogroup to access shares from
Windows with no account in Samba.

I wanted to try the "guest account" option to tell it to use a
specific Unix account… but it fails with "Access denied". The
solution is to either give up on the "guest account" directive, or
add "force user" to the share. Why is that?
The default Samba 'guest account' is 'nobody' and this seems to be
hard coded into Samba and when an unknown user connects and 'map to
guest' is set to 'Bad User', the unknown user is silently mapped to
'nobody'.
Without checking the source, I think this would happen even
if 'nobody'
tried to connect.

Bad User:
Means user logins with an invalid password are rejected, unless the
username does not exist, in which case it is treated as a
guest login
and mapped into the guest account.

Taking the above into account, the problem with 'www-date'
is that it
does exist, so it will not be allowed access.
You could try to prove this by changing 'Bad User' to 'Bad
Password',
but I wouldn't leave it like this.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba