[Samba] Guest Account causing lod.winbindd messages

Bret Hughes bhughes at elevating.com
Thu Feb 27 19:30:44 GMT 2003 

Does anyone have a clue to what might be causing this and how to stop
it?

On Wed, 2003-02-26 at 18:13, Bret Hughes wrote:
> RedHAt 8,0 samba 2.2.7-2 from redhat rpms.  This box is a file server
> for approximately 45 XP clients and is fairly active.  Windbind is used
> to authenticate users from the pdc for the domain DOMAIN and works
> swimmingly. Beats the pants off the NT4 box tht it replaced two weeks
> ago.  
> 
> More of an irritation than anything, but the winbindd log is filling
> with messages like this:
> 
> [2003/02/26 14:42:41, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
>   user 'nobody' does not exist
> [2003/02/26 14:45:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
>   user 'nobody' does not exist
> 
> "Hmmm" says I.  "I wonder why nobody is trying to access this sever"
> 
> so I did some looking through the docs and archives and found that the
> guest account defaults to nobody so I changed it to the guest account on
> the domain to see if that changed anything.
> 
> Now the log is filling up with messages like this:
> 
> [2003/02/26 17:38:28, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
>   user 'DOMAIN+GUEST' does not exist
> [2003/02/26 17:38:29, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(121)
>   user 'DOMAIN+GUEST' does not exist
> 
> Well this is progress since now we know it is indeed caused by guest
> logins.  THe only reverence to guest in the smb.conf is what I added to
> day:
> 
> The NT Administrator tells me that as a matter of policy guest has no
> rights on corporate shares, or did he tell me that it was disabled? 
> Something like that. So we purposely left it out of smb.conf file.
> 
> BTW getent finds guest ok
> 
> [root at solin samba]# getent passwd|grep guest
> DOMAIN+Guest:x:10051:10003::/home/winnt/DOMAIN/guest:/bin/bash
> 
> 
> IIUC the default samba behavior is to disallow guest access anyway, so
> what is the deal?
> 
> any ideas?  the following is my smb.conf.
> 
> # Samba config file created using SWAT
> # Modified 2003/02/13 
> # Date: 2003/02/04 08:56:20
> 
> # Global parameters
> [global]
> 	log file = /var/log/samba/%m.log
> 	passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> 	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 	obey pam restrictions = Yes
> 	wins server = 10.0.0.229
> 	domain master = No
> 	encrypt passwords = Yes
> 	winbind uid = 10000-20000
> 	passwd program = /usr/bin/passwd %u
> 	template shell = /bin/bash
> 	dns proxy = No
> 	netbios name = SOLIN
> 	printing = lprng
> 	
> 	#added by BAH 20030226
> 	guest  account = DOMAIN+GUEST
> 	
> 	server string = SOLIN
> 	password server = SOCOMM
> 	winbind gid = 10000-20000
> 	unix password sync = Yes
> 	template homedir = /home/winnt/%D/%U
> 	local master = No
> 	workgroup = DOMAIN
> 	security = domain
> 	preferred master = no
> 	winbind separator = +
> 	pam password change = Yes
> 	log level = 1
> 
> [homes]
> 	comment = Home Directories
> 	valid users = %S
> 	read only = No
> 	create mask = 0664
> 	directory mask = 0775
> 	browseable = No
> 
> [printers]
> 	comment = All Printers
> 	path = /var/spool/samba
> 	printable = Yes
> 	browseable = No
> 
> [ADMIN]
> 	path = /admin
> 	read only = No
> 	browseable = No
> 	#valid users = @DOMAIN+Domain\ Users
> [APPS]
> 	path = /apps
> 	read only = No
> 	force create mode = 0774
> 	force directory mode = 0774
> [TEMP]
> 	path = /tmp
> 	read only = No
> 
> 
> Thanks
> 
> Bret
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list