Web lists-archives.com

Re: [Samba] Fwd: NT_STATUS_ACCESS_DENIED for guest account to public share




On Fri, 25 May 2018 13:11:44 -0400
Raymond Page <pagerc@xxxxxxxxx> wrote:

> Rowland,
> 
> The 'guest' user exists in /etc/passwd, and there are no users
> defined in tdb backend.
> 
> 1. /etc/passwd: guest:x:405:100:guest:/dev/null:/sbin/nologin
> 2. pdbedit -L -v: ^$ EOL
> 3. smb.conf updated as suggested - smbclient -U% //share/public -c
> 'put test1.txt foobar'
> NT_STATUS_ACCESS_DENIED opening remote file \foobar
> 
> 
> Modifying the settings as suggested made no impact, functionally we
> just disabled the global defaults and doubly defined the local share
> settings. The person saying using 'read only = no' AND 'writable =
> yes' is probably the same person suggesting 'guest ok = yes' AND
> 'public = yes'. I like my redundant configuration settings to
> reinforce what I'm stating so that if I'm thinking about denying vs
> enabling access, I have an option to clearly latch onto.
> 
> Output from testparam:
> [global]
>         dns proxy = No
>         guest account = guest
>         log file = /var/log/samba/%m.log
>         map to guest = Bad User
>         netbios name = SHARE
>         security = USER
>         idmap config * : backend = tdb
> 
> 
> [printers]
>         browseable = No
>         comment = All Printers
>         path = /usr/spool/samba
>         printable = Yes
> 
> 
> [homes]
>         comment = User Home Directories
>         read only = No
> 
> 
> [public]
>         comment = Public Share
>         create mask = 0644
>         guest ok = Yes
>         guest only = Yes
>         path = /mnt/share
>         read only = No
> 

So you have no users, this means anybody that connects, gets mapped to
guest (by the way, is there some reason not to use the default guest
user 'nobody' ?). You have allowed the guest user to connect to the
share [public] and then made it that only the guest user can connect, so
anybody should be able to connect, but then there is this: 'path
= /mnt/share'. This looks to me like you have mounted something on
'/mnt/share', if so what and what are the permissions on this ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba