[Samba] [4.5.12] "guest account" doesn't work

[Gilles]

It looks like "service samba reload" and/or not disconnecting from 
Windows explains the problem I had.

After…

1. Using this, with no need for "force user" at the share level:

[global]
map to guest = Bad User
guest account = www-data

2. Running "/etc/init.d/samba restart"

… I can a) connect, and b) write files as www-data, as expected.

The reason I use the init.d script is because of this:

~# service samba reload
[ ok ] Reloading smbd configuration (via systemctl): smbd.service.
~# service samba restart
Failed to restart samba.service: Unit samba.service is masked.

Thank you.

On 09/05/2018 15:29, Rowland Penny via samba wrote:
> On Wed, 9 May 2018 14:07:12 +0200
> Gilles via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> Until now, I let Samba use nobody:nogroup to access shares from
>> Windows with no account in Samba.
>>
>> I wanted to try the "guest account" option to tell it to use a
>> specific Unix account… but it fails with "Access denied". The
>> solution is to either give up on the "guest account" directive, or
>> add "force user" to the share. Why is that?
> The default Samba 'guest account' is 'nobody' and this seems to be
> hard coded into Samba and when an unknown user connects and 'map to
> guest' is set to 'Bad User', the unknown user is silently mapped to
> 'nobody'.
> Without checking the source, I think this would happen even if 'nobody'
> tried to connect.
>
> Bad User:
> Means user logins with an invalid password are rejected, unless the
> username does not exist, in which case it is treated as a guest login
> and mapped into the guest account.
>
> Taking the above into account, the problem with 'www-date' is that it
> does exist, so it will not be allowed access.
> You could try to prove this by changing 'Bad User' to 'Bad Password',
> but I wouldn't leave it like this.
>
> Rowland
>   
>