[Samba] Guest Account causing lod.winbindd messages

Bret Hughes bhughes at elevating.com
Thu Feb 27 00:13:59 GMT 2003 

RedHAt 8,0 samba 2.2.7-2 from redhat rpms.  This box is a file server
for approximately 45 XP clients and is fairly active.  Windbind is used
to authenticate users from the pdc for the domain DOMAIN and works
swimmingly. Beats the pants off the NT4 box tht it replaced two weeks
ago.  

More of an irritation than anything, but the winbindd log is filling
with messages like this:

[2003/02/26 14:42:41, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
  user 'nobody' does not exist
[2003/02/26 14:45:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
  user 'nobody' does not exist

"Hmmm" says I.  "I wonder why nobody is trying to access this sever"

so I did some looking through the docs and archives and found that the
guest account defaults to nobody so I changed it to the guest account on
the domain to see if that changed anything.

Now the log is filling up with messages like this:

[2003/02/26 17:38:28, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
  user 'DOMAIN+GUEST' does not exist
[2003/02/26 17:38:29, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
  user 'DOMAIN+GUEST' does not exist

Well this is progress since now we know it is indeed caused by guest
logins.  THe only reverence to guest in the smb.conf is what I added to
day:

The NT Administrator tells me that as a matter of policy guest has no
rights on corporate shares, or did he tell me that it was disabled? 
Something like that. So we purposely left it out of smb.conf file.

BTW getent finds guest ok

[root at solin samba]# getent passwd|grep guest
DOMAIN+Guest:x:10051:10003::/home/winnt/DOMAIN/guest:/bin/bash


IIUC the default samba behavior is to disallow guest access anyway, so
what is the deal?

any ideas?  the following is my smb.conf.

# Samba config file created using SWAT
# Modified 2003/02/13 
# Date: 2003/02/04 08:56:20

# Global parameters
[global]
	log file = /var/log/samba/%m.log
	passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	obey pam restrictions = Yes
	wins server = 10.0.0.229
	domain master = No
	encrypt passwords = Yes
	winbind uid = 10000-20000
	passwd program = /usr/bin/passwd %u
	template shell = /bin/bash
	dns proxy = No
	netbios name = SOLIN
	printing = lprng
	
	#added by BAH 20030226
	guest  account = DOMAIN+GUEST
	
	server string = SOLIN
	password server = SOCOMM
	winbind gid = 10000-20000
	unix password sync = Yes
	template homedir = /home/winnt/%D/%U
	local master = No
	workgroup = DOMAIN
	security = domain
	preferred master = no
	winbind separator = +
	pam password change = Yes
	log level = 1

[homes]
	comment = Home Directories
	valid users = %S
	read only = No
	create mask = 0664
	directory mask = 0775
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

[ADMIN]
	path = /admin
	read only = No
	browseable = No
	#valid users = @DOMAIN+Domain\ Users
[APPS]
	path = /apps
	read only = No
	force create mode = 0774
	force directory mode = 0774
[TEMP]
	path = /tmp
	read only = No


Thanks

Bret

More information about the samba mailing list