[Samba] guest not permitted to access share
Jacek Kowalski
jacek at hapay.pl
Thu Sep 27 05:47:29 GMT 2007
I have already done it before and nothig :( This same error.
Jacek
Lukasz Szybalski napisał(a):
> try changing
> guest account = guest
> to
> guest account = nobody
>
> Lukasz
>
> On 9/26/07, Jacek Kowalski <jacek at hapay.pl> wrote:
>
>> Hi!
>>
>> I have got the problem with my guest account. I can`t access to the share.
>>
>>
>> The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP
>> Version of krb5 is 1.5-29
>>
>> This is my smb.conf:
>>
>> [global]
>> # server string is the equivalent of the NT Description field
>> netbios name = SERVER
>>
>> # workgroup = NT-Domain-Name or Workgroup-Name
>> workgroup = DOMAIN
>> realm = DOMAIN.NET
>> security = ADS
>> password server = server.domain.net
>> winbind separator = +
>> allow trusted domains = No
>> # auth methods = guest sam winbind
>> idmap backend = idmap_rid:INFORNET=1000-65000
>> idmap uid = 1000-65000
>> idmap gid = 1000-65000
>> template shell = /bin/bash
>> # template homedir = /home/ad/%D/%U
>> winbind use default domain = Yes
>> winbind enum users = No
>> winbind enum groups = No
>> winbind nested groups = Yes
>> #client use spnego = no
>> #server signing = auto
>> # this tells Samba to use a separate log file for each machine
>> # that connects
>> log file = /var/log/samba/%I.log
>> log level = 3
>> # Put a capping on the size of the log files (in Kb).
>> max log size = 500
>> smb ports = 139
>> guest account = guest
>> encrypt passwords = yes
>> username map = /etc/samba/smbusers
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> dns proxy = no
>>
>> [homes]
>> comment = Home Directories
>> browseable = no
>> writable = yes
>> create mask = 664
>> directory mask = 0775
>>
>>
>> [source1]
>> path = /home/source1
>> public = yes
>> valid users = @DOMAIN+group1
>> read list = @DOMAIN+group1
>> write list = @DOMAIN+group1
>> force group = group1
>> writable = yes
>> printable = no
>> browseable = yes
>> create mask = 0665
>> # valid users = @group1
>> force directory mode = 0775
>> guest ok = yes
>> # hosts deny = 192.168.6.194
>>
>>
>>
>> Logs for Samba says:
>> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357)
>> using SPNEGO
>> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580)
>> Selected protocol NT LM 0.12
>> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
>> Transaction 2 of length 256
>> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
>> switch message SMBsesssetupX (pid 12283) conn 0x0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
>> wct=12 flg2=0xc807
>> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all old resources.
>> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
>> Doing spnego session setup
>> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
>> NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
>> NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
>> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
>> Got OID 1 3 6 1 4 1 311 2 2 10
>> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
>> Got secblob of size 40
>> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>> Got NTLMSSP neg_flags=0xe2088297
>> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
>> Transaction 3 of length 366
>> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
>> switch message SMBsesssetupX (pid 12283) conn 0x0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
>> wct=12 flg2=0xc807
>> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all old resources.
>> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
>> Doing spnego session setup
>> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
>> NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
>> NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
>> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
>> Got user=[guest] domain=[DOMAIN] workstation=[1-123] len1=24 len2=24
>> [2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155)
>> Mapped user guest to nobody
>> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221)
>> check_ntlm_password: Checking password for unmapped user
>> [DOMAIN]\[guest]@[1-123] with the new password interface
>> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224)
>> check_ntlm_password: mapped user is: [DOMAIN]\[nobody]@[1-123]
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
>> fetch gid from cache 1514 -> S-1-5-21-1185377677-3652869139-2531771690-514
>> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(270)
>> check_ntlm_password: winbind authentication for user [guest] succeeded
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 2] auth/auth.c:check_ntlm_password(309)
>> check_ntlm_password: authentication for user [guest] -> [nobody] ->
>> [DOMAIN+guest] succeeded
>> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:store_gid_sid_cache(1059)
>> store_gid_sid_cache: gid 1513 in cache ->
>> S-1-5-21-1185377677-3652869139-2531771690-513
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2007/09/26 08:01:48, 3] groupdb/mapping.c:pdb_create_builtin_alias(1364)
>> pdb_create_builtin_alias: Could not get a gid out of winbind
>> [2007/09/26 08:01:48, 0]
>> auth/auth_util.c:create_builtin_administrators(785)
>> create_builtin_administrators: Failed to create Administrators
>> [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(899)
>> create_local_nt_token: Failed to create BUILTIN\Administrators group!
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2007/09/26 08:01:48, 3] groupdb/mapping.c:pdb_create_builtin_alias(1364)
>> pdb_create_builtin_alias: Could not get a gid out of winbind
>> [2007/09/26 08:01:48, 0] auth/auth_util.c:create_builtin_users(751)
>> create_builtin_users: Failed to create Users
>> [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(926)
>> create_local_nt_token: Failed to create BUILTIN\Users group!
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
>> get_privileges: No privileges assigned to SID
>> [S-1-5-21-1185377677-3652869139-2531771690-501]
>> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
>> get_privileges: No privileges assigned to SID
>> [S-1-5-21-1185377677-3652869139-2531771690-513]
>> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
>> get_privileges: No privileges assigned to SID [S-1-5-2]
>> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
>> get_privileges: No privileges assigned to SID [S-1-5-11]
>> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
>> fetch gid from cache 1513 -> S-1-5-21-1185377677-3652869139-2531771690-513
>> [2007/09/26 08:01:48, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
>> NTLMSSP Sign/Seal - Initialising with flags:
>> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>> Got NTLMSSP neg_flags=0xe2088215
>> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(280)
>> User name: DOMAIN+guest Real name:
>> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(301)
>> UNIX uid 1501 is UNIX user DOMAIN+guest, and will be vuid 101
>> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(332)
>> Adding homes service for user 'DOMAIN+guest' using home directory:
>> '/home/DOMAIN/guest'
>> [2007/09/26 08:01:48, 3] param/loadparm.c:lp_add_home(2588)
>> adding home's share [guest] for user 'DOMAIN+guest' at
>> '/home/DOMAIN/guest'
>> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
>> Transaction 4 of length 100
>> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
>> switch message SMBtconX (pid 12283) conn 0x0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] lib/util_sid.c:string_to_sid(223)
>> string_to_sid: Sid @DOMAIN+hs does not start with 'S-'.
>> [2007/09/26 08:01:48, 2] smbd/service.c:make_connection_snum(580)
>> user 'DOMAIN+guest' (from session setup) not permitted to access this
>> share (service)
>> [2007/09/26 08:01:48, 3] smbd/error.c:error_packet(146)
>> error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
>> NT_STATUS_ACCESS_DENIED
>> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
>> Transaction 5 of length 43
>> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
>> switch message SMBulogoffX (pid 12283) conn 0x0
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/reply.c:reply_ulogoffX(1618)
>> ulogoffX vuid=101
>> [2007/09/26 08:01:48, 3] smbd/process.c:timeout_processing(1359)
>> timeout_processing: End of file from client (client has disconnected).
>> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/09/26 08:01:48, 3] smbd/connection.c:yield_connection(69)
>> Yielding connection to
>> [2007/09/26 08:01:48, 3] smbd/server.c:exit_server_common(675)
>> Server exit (normal exit)
>>
>>
>> Regards
>> Jacek Kowalski
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>>
>
>
>
More information about the samba
mailing list