[Samba] Guest access broken for Win7 between 3.3.8 and 3.5.4?

R. B. Letsinger rbletsinger at gmail.com
Wed May 4 14:50:59 MDT 2011 

I've been running samba on RHEL5 for the past couple of years with XP
clients. Late last year, in order to support new Win7 clients, I upgraded
from samba-3.0.33 packages to samba3x-3.3.8 (from the Red Hat-managed
configuration tree) and after some struggles got everything working. But now
after upgrading to samba3x-3.5.4 I am only able to connect as a known user
and not as a guest.

Relevant configuration details from smb.conf:

[global]
security=user
encrypt passwords = yes
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
guest account = gstuser
server signing = auto
map to guest = Bad User
log level = 2
wide links = no
follow symlinks = no
client ntlmv2 auth = yes
client signing = mandatory
...

[guest_share]
guest only = yes
path = <path with sufficient permissions>
read only = no

When I attempt to map this share on the Win7 side I get an error dialog
stating "The specified network drive is no longer available".
If I try to connect a similar already-mapped share on the Win7 side I get an
error dialog stating "The local device name is already in use."
I haven't been able to figure out how to get any further detail on the
Windows side.

On the Linux side, things appear to progress as expected: the original user
is unrecognized, is then mapped to guest, but then I get a getpeername
failed error:

...
2011/05/04 20:21:22.054326,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2011/05/04 20:21:22.054791,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [CLIENTUSER] -> [CLIENTUSER]
FAILED with error NT_STATUS_NO_SUCH_USER
[2011/05/04 20:21:22.057474,  1] smbd/service.c:1070(make_connection_snum)
  CLIENTMACHINENAME (nnn.nnn.nnn.nnn) connect to service guest_share
initially as user gstuser (uid=nnn, gid=nnnn) (pid 31025)
[2011/05/04 20:21:22.057875,  0] lib/util_sock.c:474(read_fd_with_timeout)
[2011/05/04 20:21:22.058225,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
[2011/05/04 20:21:22.058376,  1] smbd/service.c:1251(close_cnum)
  CLIENTMACHINENAME (nnn.nnn.nnn.nnn) closed connection to service
guest_share
[2011/05/04 20:21:42.040820,  1] smbd/server.c:240(cleanup_timeout_fn)
  Cleaning up brl and lock database after unclean shutdown
...


As I say, all works fine with the same Win7 client machine when the server
is running samba3x-3.3.8, but gives the above behavior when I upgrade to
samba3x-3.5.4. (Staying at 3.3.8 is not optimal because I am in an
environment where I need to keep up-to-date with CVEs.) If I
authenticate via the guest uname/pwd, I am also able to connect -- just not
as an unknown user.

Of possible relevance is that I'm not running nbmd, which I haven't need
to-date.

The change log for the latest samba3x package mentions that SPNEGO parsing
was fixed between the two releases and I'm wondering if that could be
implicated.

Any thoughts?

More information about the samba mailing list