[Samba] Guest Account causing lod.winbindd messages
Bret Hughes
bhughes at elevating.com
Thu Feb 27 00:13:59 GMT 2003
RedHAt 8,0 samba 2.2.7-2 from redhat rpms. This box is a file server
for approximately 45 XP clients and is fairly active. Windbind is used
to authenticate users from the pdc for the domain DOMAIN and works
swimmingly. Beats the pants off the NT4 box tht it replaced two weeks
ago.
More of an irritation than anything, but the winbindd log is filling
with messages like this:
[2003/02/26 14:42:41, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
user 'nobody' does not exist
[2003/02/26 14:45:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
user 'nobody' does not exist
"Hmmm" says I. "I wonder why nobody is trying to access this sever"
so I did some looking through the docs and archives and found that the
guest account defaults to nobody so I changed it to the guest account on
the domain to see if that changed anything.
Now the log is filling up with messages like this:
[2003/02/26 17:38:28, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
user 'DOMAIN+GUEST' does not exist
[2003/02/26 17:38:29, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
user 'DOMAIN+GUEST' does not exist
Well this is progress since now we know it is indeed caused by guest
logins. THe only reverence to guest in the smb.conf is what I added to
day:
The NT Administrator tells me that as a matter of policy guest has no
rights on corporate shares, or did he tell me that it was disabled?
Something like that. So we purposely left it out of smb.conf file.
BTW getent finds guest ok
[root at solin samba]# getent passwd|grep guest
DOMAIN+Guest:x:10051:10003::/home/winnt/DOMAIN/guest:/bin/bash
IIUC the default samba behavior is to disallow guest access anyway, so
what is the deal?
any ideas? the following is my smb.conf.
# Samba config file created using SWAT
# Modified 2003/02/13
# Date: 2003/02/04 08:56:20
# Global parameters
[global]
log file = /var/log/samba/%m.log
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
obey pam restrictions = Yes
wins server = 10.0.0.229
domain master = No
encrypt passwords = Yes
winbind uid = 10000-20000
passwd program = /usr/bin/passwd %u
template shell = /bin/bash
dns proxy = No
netbios name = SOLIN
printing = lprng
#added by BAH 20030226
guest account = DOMAIN+GUEST
server string = SOLIN
password server = SOCOMM
winbind gid = 10000-20000
unix password sync = Yes
template homedir = /home/winnt/%D/%U
local master = No
workgroup = DOMAIN
security = domain
preferred master = no
winbind separator = +
pam password change = Yes
log level = 1
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[ADMIN]
path = /admin
read only = No
browseable = No
#valid users = @DOMAIN+Domain\ Users
[APPS]
path = /apps
read only = No
force create mode = 0774
force directory mode = 0774
[TEMP]
path = /tmp
read only = No
Thanks
Bret
More information about the samba
mailing list