[Samba] guest not permitted to access share
Wayne Johnson
wjohnson at mqsoftware.com
Thu Sep 27 15:11:44 GMT 2007
I'm having a similar problem. We're both using security=ads. I tried security=domain, same issue. I'm properly joined to the domain. It's a domain user that's having the issue. If I set up a Unix account for them, it works. I'd rather not have to set up 300 unix accounts just for guest access.
Could this be the same issue as having to prefix domain users in write list with their domain?
> -----Original Message-----
> From: samba-bounces+wjohnson=mqsoftware.com at lists.samba.org
> [mailto:samba-bounces+wjohnson=mqsoftware.com at lists.samba.org]
> On Behalf
> Of Jacek Kowalski
> Sent: Thursday, September 27, 2007 12:47 AM
> To: Lukasz Szybalski
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] guest not permitted to access share
>
>
> I have already done it before and nothig :( This same error.
>
> Jacek
>
>
> Lukasz Szybalski napisał(a):
> > try changing
> > guest account = guest
> > to
> > guest account = nobody
> >
> > Lukasz
> >
> > On 9/26/07, Jacek Kowalski <jacek at hapay.pl> wrote:
> >
> >> Hi!
> >>
> >> I have got the problem with my guest account. I can`t
> access to the share.
> >>
> >>
> >> The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP
> >> Version of krb5 is 1.5-29
> >>
> >> This is my smb.conf:
> >>
> >> [global]
> >> # server string is the equivalent of the NT Description field
> >> netbios name = SERVER
> >>
> >> # workgroup = NT-Domain-Name or Workgroup-Name
> >> workgroup = DOMAIN
> >> realm = DOMAIN.NET
> >> security = ADS
> >> password server = server.domain.net
> >> winbind separator = +
> >> allow trusted domains = No
> >> # auth methods = guest sam winbind
> >> idmap backend = idmap_rid:INFORNET=1000-65000
> >> idmap uid = 1000-65000
> >> idmap gid = 1000-65000
> >> template shell = /bin/bash
> >> # template homedir = /home/ad/%D/%U
> >> winbind use default domain = Yes
> >> winbind enum users = No
> >> winbind enum groups = No
> >> winbind nested groups = Yes
> >> #client use spnego = no
> >> #server signing = auto
> >> # this tells Samba to use a separate log file for each machine
> >> # that connects
> >> log file = /var/log/samba/%I.log
> >> log level = 3
> >> # Put a capping on the size of the log files (in Kb).
> >> max log size = 500
> >> smb ports = 139
> >> guest account = guest
> >> encrypt passwords = yes
> >> username map = /etc/samba/smbusers
> >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >> dns proxy = no
> >>
> >> [homes]
> >> comment = Home Directories
> >> browseable = no
> >> writable = yes
> >> create mask = 664
> >> directory mask = 0775
> >>
> >>
> >> [source1]
> >> path = /home/source1
> >> public = yes
> >> valid users = @DOMAIN+group1
> >> read list = @DOMAIN+group1
> >> write list = @DOMAIN+group1
> >> force group = group1
> >> writable = yes
> >> printable = no
> >> browseable = yes
> >> create mask = 0665
> >> # valid users = @group1
> >> force directory mode = 0775
> >> guest ok = yes
> >> # hosts deny = 192.168.6.194
> >>
> >>
> >>
> >> Logs for Samba says:
> >> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357)
> >> using SPNEGO
> >> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580)
> >> Selected protocol NT LM 0.12
> >> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
> >> Transaction 2 of length 256
> >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
> >> switch message SMBsesssetupX (pid 12283) conn 0x0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X(849)
> >> wct=12 flg2=0xc807
> >> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> >> setup_new_vc_session: New VC == 0, if NT4.x compatible we
> would close
> >> all old resources.
> >> [2007/09/26 08:01:48, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
> >> Doing spnego session setup
> >> [2007/09/26 08:01:48, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
> >> NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
> >> NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
> >> [2007/09/26 08:01:48, 3]
> smbd/sesssetup.c:reply_spnego_negotiate(551)
> >> Got OID 1 3 6 1 4 1 311 2 2 10
> >> [2007/09/26 08:01:48, 3]
> smbd/sesssetup.c:reply_spnego_negotiate(554)
> >> Got secblob of size 40
> >> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
> >> Got NTLMSSP neg_flags=0xe2088297
> >> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
> >> Transaction 3 of length 366
> >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
> >> switch message SMBsesssetupX (pid 12283) conn 0x0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X(849)
> >> wct=12 flg2=0xc807
> >> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> >> setup_new_vc_session: New VC == 0, if NT4.x compatible we
> would close
> >> all old resources.
> >> [2007/09/26 08:01:48, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
> >> Doing spnego session setup
> >> [2007/09/26 08:01:48, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
> >> NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
> >> NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
> >> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
> >> Got user=[guest] domain=[DOMAIN] workstation=[1-123]
> len1=24 len2=24
> >> [2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155)
> >> Mapped user guest to nobody
> >> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221)
> >> check_ntlm_password: Checking password for unmapped user
> >> [DOMAIN]\[guest]@[1-123] with the new password interface
> >> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224)
> >> check_ntlm_password: mapped user is: [DOMAIN]\[nobody]@[1-123]
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> >> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
> >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3]
> passdb/lookup_sid.c:fetch_gid_from_cache(1015)
> >> fetch gid from cache 1514 ->
> S-1-5-21-1185377677-3652869139-2531771690-514
> >> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(270)
> >> check_ntlm_password: winbind authentication for user
> [guest] succeeded
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> >> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
> >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 2] auth/auth.c:check_ntlm_password(309)
> >> check_ntlm_password: authentication for user [guest] ->
> [nobody] ->
> >> [DOMAIN+guest] succeeded
> >> [2007/09/26 08:01:48, 3]
> passdb/lookup_sid.c:store_gid_sid_cache(1059)
> >> store_gid_sid_cache: gid 1513 in cache ->
> >> S-1-5-21-1185377677-3652869139-2531771690-513
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> >> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
> >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> >> [2007/09/26 08:01:48, 3]
> groupdb/mapping.c:pdb_create_builtin_alias(1364)
> >> pdb_create_builtin_alias: Could not get a gid out of winbind
> >> [2007/09/26 08:01:48, 0]
> >> auth/auth_util.c:create_builtin_administrators(785)
> >> create_builtin_administrators: Failed to create Administrators
> >> [2007/09/26 08:01:48, 2]
> auth/auth_util.c:create_local_nt_token(899)
> >> create_local_nt_token: Failed to create
> BUILTIN\Administrators group!
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> >> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
> >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> >> [2007/09/26 08:01:48, 3]
> groupdb/mapping.c:pdb_create_builtin_alias(1364)
> >> pdb_create_builtin_alias: Could not get a gid out of winbind
> >> [2007/09/26 08:01:48, 0] auth/auth_util.c:create_builtin_users(751)
> >> create_builtin_users: Failed to create Users
> >> [2007/09/26 08:01:48, 2]
> auth/auth_util.c:create_local_nt_token(926)
> >> create_local_nt_token: Failed to create BUILTIN\Users group!
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
> >> get_privileges: No privileges assigned to SID
> >> [S-1-5-21-1185377677-3652869139-2531771690-501]
> >> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
> >> get_privileges: No privileges assigned to SID
> >> [S-1-5-21-1185377677-3652869139-2531771690-513]
> >> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
> >> get_privileges: No privileges assigned to SID [S-1-5-2]
> >> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
> >> get_privileges: No privileges assigned to SID [S-1-5-11]
> >> [2007/09/26 08:01:48, 3]
> passdb/lookup_sid.c:fetch_gid_from_cache(1015)
> >> fetch gid from cache 1513 ->
> S-1-5-21-1185377677-3652869139-2531771690-513
> >> [2007/09/26 08:01:48, 3]
> libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
> >> NTLMSSP Sign/Seal - Initialising with flags:
> >> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
> >> Got NTLMSSP neg_flags=0xe2088215
> >> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(280)
> >> User name: DOMAIN+guest Real name:
> >> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(301)
> >> UNIX uid 1501 is UNIX user DOMAIN+guest, and will be vuid 101
> >> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(332)
> >> Adding homes service for user 'DOMAIN+guest' using home directory:
> >> '/home/DOMAIN/guest'
> >> [2007/09/26 08:01:48, 3] param/loadparm.c:lp_add_home(2588)
> >> adding home's share [guest] for user 'DOMAIN+guest' at
> >> '/home/DOMAIN/guest'
> >> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
> >> Transaction 4 of length 100
> >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
> >> switch message SMBtconX (pid 12283) conn 0x0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] lib/util_sid.c:string_to_sid(223)
> >> string_to_sid: Sid @DOMAIN+hs does not start with 'S-'.
> >> [2007/09/26 08:01:48, 2] smbd/service.c:make_connection_snum(580)
> >> user 'DOMAIN+guest' (from session setup) not permitted to
> access this
> >> share (service)
> >> [2007/09/26 08:01:48, 3] smbd/error.c:error_packet(146)
> >> error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> >> NT_STATUS_ACCESS_DENIED
> >> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
> >> Transaction 5 of length 43
> >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
> >> switch message SMBulogoffX (pid 12283) conn 0x0
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] smbd/reply.c:reply_ulogoffX(1618)
> >> ulogoffX vuid=101
> >> [2007/09/26 08:01:48, 3] smbd/process.c:timeout_processing(1359)
> >> timeout_processing: End of file from client (client has
> disconnected).
> >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2007/09/26 08:01:48, 3] smbd/connection.c:yield_connection(69)
> >> Yielding connection to
> >> [2007/09/26 08:01:48, 3] smbd/server.c:exit_server_common(675)
> >> Server exit (normal exit)
> >>
> >>
> >> Regards
> >> Jacek Kowalski
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/listinfo/samba
> >>
> >>
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list