[Samba] Samba on Debian: Sarge -> Etch = broken guest shares

Tim Bates tin at new-life.org.au
Sun May 13 23:34:28 GMT 2007 

OK, I have now used tdbtool to remove the entries for "nobody" from 
passwd.tdb, and I checked for anything relating to the share or the 
guest user in all the other tdb files. It still doesn't work.
I have just entered "security=share" for that share, and removed write 
access and the other security options. That makes it work, but I don't 
really want to leave it in that state. I'm led to believe there's 
something up with my valid users list or something... Could someone 
check the "unattended" and "wpkg" shares I have listed in my config (in 
the quoted messages below) and tell me if there's something completely 
wrong with what I have? It used to work, but I guess something's changed.

TB

Dale Schroeder wrote:
> Tim,
>
> Going from Sarge to Etch, I am assuming you went from Samba 3.0.14 to 
> 3.0.24.  Major changes occurred, starting with 3.0.23.  I suspect your 
> problem lies within these changes.  If I had to guess, I would say the 
> Samba ldap schema changes are the culprit, but since I don't use ldap, 
> it's just a guess.  See 
> http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html 
> for details.  The user and group changes would be the other likely 
> possibility.
>
> [BTW, [printers] has conflicting directives - "public = yes" and 
> "guest ok = no".]
>
> Good luck,
>
> Dale
>
> Tim Bates wrote:
>> I upgraded a server from Debian Sarge to Etch the other day. Today I 
>> discovered a fairly major issue... All the shares I had set up for 
>> guest access have stopped working. The shares are meant to be 
>> writable by me and a few others, and read only for guest, but it's 
>> flat out refusing to authenticate anyone using guest (or unknown 
>> users which should be mapping to guest).
>> SMB.conf is below (with a pile of unrelated shares stripped out for 
>> space).
>>
>> [global]
>>   workgroup = wwhs
>>   server string = WWHS Main Data Server
>>   dns proxy = no
>>   map to guest = Bad User
>>   guest account = nobody
>>   log file = /var/log/samba/log.%m
>>   log level = 2
>>   max log size = 1000
>>   syslog = 0
>>   panic action = /usr/share/samba/panic-action %d
>>   security = user
>>   encrypt passwords = true
>>   passdb backend = ldapsam:ldap://127.0.0.1/
>>   ldap suffix = dc=wwhs
>>   ldap machine suffix = ou=machines
>>   ldap user suffix = ou=users
>>   ldap group suffix = ou=groups
>>   ldap admin dn = "cn=admin,dc=wwhs"
>>   ldap delete dn = no
>>   obey pam restrictions = yes
>>   ldap password sync = yes
>>   pam password change = yes
>>   add machine script = /usr/sbin/smbldap-useradd -w "%u"
>>   printing = cups
>>   printcap name = cups
>>   socket options = TCP_NODELAY
>>   domain master = yes
>>   prefered master = yes
>>   domain logons = yes
>>   logon path = \\%L\Profiles\%U
>>   logon script = %G.bat
>> # The next line includes homes based on groups. Some groups need 
>> different options.
>> include = /etc/samba/homes-%G.conf
>> [netlogon]
>>   comment = Network Logon Service
>>   path = /samba/netlogon
>>   writable = yes
>>   share modes = no
>>   write list = @it-admin, root
>>   guest ok = no
>> [printers]
>>   comment = All Printers
>>   browseable = no
>>   path = /tmp
>>   printable = yes
>>   public = yes
>>   writable = no
>>   create mode = 0700
>>   guest ok = no
>> [print$]
>>   comment = Printer Drivers
>>   path = /samba/print$
>>   browseable = yes
>>   guest ok = no
>>   writable = yes
>>   write list = root, @it-admin
>> [profiles]
>>   comment = Account Profile Data
>>   path = /samba/profiles
>>   browsable = no
>>   read only = no
>>   guest ok = no
>>   create mode = 0750
>>   hide files = 
>> /desktop.ini/ntuser.ini/NTUSER.*/nethood/target.lnk/prf???.tmp/prf??.tmp/ 
>>
>> [unattended]
>>    comment = Files for scripted Windows reinstalls
>>    path = /samba/unattended
>>    browsable = no
>>    writeable = yes
>>    write list = @it-admin
>>    create mode = 0664
>>    directory mode = 0775
>>    force group = it-admin
>>    valid users = @it-admin, guest, nobody
>>    guest ok = yes
>> [wpkg]
>>    comment = WPKG files
>>    path = /samba/wpkg
>>    browsable = no
>>    writeable = yes
>>    write list = @it-admin
>>    create mode = 0664
>>    directory mode = 0775
>>    force group = it-admin
>>    valid users = @it-admin, nobody
>>    guest ok = yes
>>
>>
>> **********************************************************************
>> This message is intended for the addressee named and may contain
>> privileged information or confidential information or both. If you
>> are not the intended recipient please delete it and notify the sender.
>> **********************************************************************
>


**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************

More information about the samba mailing list