[Samba] guest account beyond my grasp

Craig White craigwhite at azapple.com
Wed Mar 15 23:42:44 GMT 2006 

On Wed, 2006-03-15 at 16:33 -0700, Craig White wrote:
> On Wed, 2006-03-15 at 18:28 -0500, Peter wrote:
> > --- Craig White <craigwhite at azapple.com> wrote:
> > 
> > > On Wed, 2006-03-15 at 18:09 -0500, Peter wrote:
> > > > --- Craig White <craigwhite at azapple.com> wrote:
> > > > 
> > > > > On Wed, 2006-03-15 at 17:45 -0500, Peter wrote:
> > > > > > Hi, I'm using 3.0.21b and I cannot get the guest account to
> > > work.
> > > > > > 
> > > > > > some of smb.conf:
> > > > > > 
> > > > > > ------------------------------
> > > > > >    security = user
> > > > > >    hosts allow = 192.168.2. 127.
> > > > > >    guest account = visiteur
> > > > > >    log level = 2
> > > > > >    log file = /var/log/samba/samba.%m
> > > > > >    max log size = 1024
> > > > > >    socket options = TCP_NODELAY
> > > > > > 
> > > > > > [publique]
> > > > > >    path = /vol2/samba/publique
> > > > > >    browseable = yes
> > > > > >    guest ok = yes
> > > > > > ------------------------------
> > > > > > 
> > > > > > # grep visiteur /etc/passwd 
> > > > > > visiteur:*:1009:1013:Samba guest user:/home/visiteur:/bin/sh
> > > > > > 
> > > > > > When on Win2k when I click the server icon the pop-up box
> > > appears
> > > > > and I
> > > > > > put in "visiteur" for user and a blank for password the
> > > server's
> > > > > log
> > > > > > says:
> > > > > > 
> > > > > > ------------------------------
> > > > > > [2006/03/14 21:19:33, 2]
> > > smbd/sesssetup.c:setup_new_vc_session(772)
> > > > > >   setup_new_vc_session: New VC == 0, if NT4.x compatible we
> > > would
> > > > > close
> > > > > > all old resources.
> > > > > > [2006/03/14 21:19:33, 2]
> > > smbd/sesssetup.c:setup_new_vc_session(772)
> > > > > >   setup_new_vc_session: New VC == 0, if NT4.x compatible we
> > > would
> > > > > close
> > > > > > all old resources.
> > > > > > [2006/03/14 21:19:33, 2] auth/auth.c:check_ntlm_password(317)
> > > > > >   check_ntlm_password:  Authentication for user [My Name] ->
> > > [My
> > > > > Name]
> > > > > > FAILED with error NT_STATUS_NO_SUCH_USER
> > > > > > [2006/03/14 21:19:33, 2]
> > > smbd/sesssetup.c:setup_new_vc_session(772)
> > > > > >   setup_new_vc_session: New VC == 0, if NT4.x compatible we
> > > would
> > > > > close
> > > > > > all old resources.
> > > > > > [2006/03/14 21:19:33, 2]
> > > smbd/sesssetup.c:setup_new_vc_session(772)
> > > > > >   setup_new_vc_session: New VC == 0, if NT4.x compatible we
> > > would
> > > > > close
> > > > > > all old resources.
> > > > > > [2006/03/14 21:19:33, 2] auth/auth.c:check_ntlm_password(317)
> > > > > >   check_ntlm_password:  Authentication for user [My Name] ->
> > > [My
> > > > > Name]
> > > > > > FAILED with error NT_STATUS_NO_SUCH_USER
> > > > > > [2006/03/14 21:19:37, 2]
> > > smbd/sesssetup.c:setup_new_vc_session(772)
> > > > > >   setup_new_vc_session: New VC == 0, if NT4.x compatible we
> > > would
> > > > > close
> > > > > > all old resources.
> > > > > > [2006/03/14 21:19:37, 2]
> > > smbd/sesssetup.c:setup_new_vc_session(772)
> > > > > >   setup_new_vc_session: New VC == 0, if NT4.x compatible we
> > > would
> > > > > close
> > > > > > all old resources.
> > > > > > [2006/03/14 21:19:37, 2] auth/auth.c:check_ntlm_password(317)
> > > > > >   check_ntlm_password:  Authentication for user [visiteur] ->
> > > > > > [visiteur] FAILED with error NT_STATUS_WRONG_PASSWORD
> > > > > > ------------------------------
> > > > > > 
> > > > > > "My Name" is the logon name to this windows box that comes up
> > > > > > automatically when the system is booted.
> > > > > > 
> > > > > > But I am successful when I try from the command line on the
> > > server
> > > > > > itself:
> > > > > > 
> > > > > > # smbclient \\\\nemex\\publique
> > > > > > Password: 
> > > > > > Anonymous login successful
> > > > > > Domain=[PLATEAU] OS=[Unix] Server=[Samba 3.0.21b]
> > > > > > smb: \> exit
> > > > > > 
> > > > > > ------------------------------
> > > > > > # tail -15 /var/log/samba/nemex
> > > > > > 
> > > > > > [2006/03/15 17:42:53, 2] auth/auth.c:check_ntlm_password(317)
> > > > > >   check_ntlm_password:  Authentication for user [super] ->
> > > [super]
> > > > > > FAILED with error NT_STATUS_NO_SUCH_USER
> > > > > > [2006/03/15 17:42:53, 2] lib/access.c:check_access(324)
> > > > > >   Allowed connection from  (192.168.2.213)
> > > > > > [2006/03/15 17:42:53, 1]
> > > smbd/service.c:make_connection_snum(693)
> > > > > >   nemex (192.168.2.213) connect to service publique initially
> > > as
> > > > > user
> > > > > > visiteur (uid=1009, gid=1013) (pid 667)
> > > > > > [2006/03/15 17:42:54, 1] smbd/service.c:close_cnum(885)
> > > > > >   nemex (192.168.2.213) closed connection to service publique
> > > > > > [2006/03/15 17:42:54, 2] smbd/server.c:exit_server(614)
> > > > > >   Closing connections
> > > > > > ------------------------------
> > > > > > 
> > > > > > How can I get access to the guest account from the windows box?
> > > > > ----
> > > > > man smb.conf
> > > > > 
> > > > > /map to guest
> > > > > 
> > > > > map to guest = Bad User
> > > > 
> > > > Thanks but why should I need to use this hack?
> > > ----
> > > why do I bother directing people to information that they don't seem
> > > to
> > > want to read?
> > 
> > I read your material.  And I used your suggestion.  You know what
> > happens?  Now the user becomes the guest user when the system reboots
> > and no longer has access to the other shares.
> ----
> that is a separate issue and you need to take that one up with Microsoft
> as it is Microsoft's networking protocols that apparently does not allow
> a user to connect to the same server with different user
> accounts...UNLESS, you use security = share, which provides a Windows 98
> type experience where each share is separately authenticated but that is
> such an ugly thing to do, and I never do that.
----
and I will point out that in all you messages, there was no way to
figure out that any user had any interest in any other share that was on
that server as you only showed us your 'publique' share. Question asked,
answer given, it actually solved the problem, of course with unknown and
unconsidered consequences.

All of the considerations for security = share/user/domain/ads/server
are in the excellent documentation and you might find what you are
looking for either in the man pages which discuss this in some limited
detail or in the Official Samba How-To which goes into much greater
detail located at http://www.samba.org/samba/docs

Craig

More information about the samba mailing list