Web lists-archives.com

Re: [Samba] DM: samba 4.5 -> 4.8, guest access and machine account access troubles.




 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Marco Gaiarin via samba
> Verzonden: dinsdag 25 september 2018 10:16
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] DM: samba 4.5 -> 4.8, guest access and 
> machine account access troubles.
> 
> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> > > Before upgrading my domain members to samba 4.8 (from 4.5) i can
> > > access a 'guest' share using DOMINIQUE\Administrator user without
> > > trouble. Probably (and correctly, for my point of view) 
> domain member
> > > does not find 'DOMINIQUE\Administrator' user, and so map 
> it to guest.
> > > Bingo.
> > The above would be true except for this line you have in smb.conf:
> > 	winbind use default domain = Yes

This is true AND false!!! 
Linux <=> linux TRUE
Linux <=> Windows FALSE   
Windows <=> Window TRUE

Windows sends is always user@DOMAIN (or DOM\user(@REALM)..) 

Linux ( Samba ) make a linux system think its DOM+user or DOM\\user or \\USER or user
Based on (if you use:)  winbind use default domain (G) and possbile other settings.

Now remove the : map to guest =  
Setting from your smb.conf, because you wil never get this right if you keep useing that. 
Check/test without the setting and post the logs so we can see the result of that. 

My guess here is..  And please correct me if im wrong. 
You used this as example.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server 
[guest]
        # This share allows anonymous (guest) access
        # without authentication!
        path = /srv/samba/guest/
        read only = no
        guest ok = yes

But your server is a domain member.
Now with the setting : map to guest =  Bad User 
Means user logins with an invalid password are rejected, unless the username does not exist. 
How Wait ! unless the username does not exist ... But the user Does exist, Adminstrator root, they exist. 
If the user does not exist, THEN it maps to guest. 

Bad Password - Means user logins with an invalid password are treated as a guest login and mapped into the guest account.
Is an option, but you get the risk of ... Everybody is mapped to guest...  

Bad Uid, not discussing here.

Are you setting up a  "Guest" share services OR a GUEST SERVER access in total, also 2 different things. 
For example, you setup and have the following result. 
\\server   ( access denied ) 
\\server\guestshare ( access granted ) 

Again i hope this helps you, but please try to forget the "guest" account mapping.
If you setup as i've told you, you would be finish already..  

And if you want the behaivior back as you had in 4.5, that is possible, but only by reverting back. 
Windows and Samba have has so many security fixed which resulted in your problem now with 4.8.
A setup with isnt compatible to current standards. 


Greetz, 

Louis









-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba