R: R: [Samba] enabling "null session" on a share

Nick Pappin npappin at latahfcu.org
Wed Jul 1 17:00:22 GMT 2009


The thing that I am wondering about is what is your network topology like.
Are you running this as a stand alone file server or are you joining it to a
active directory domain controller (ex. Win2k, Win2k3, Win 2k8 domain). If
you are then you need to set up winbind as well. If not you are using the
wrong security descriptor and you should be using user and not ads.

--
W. Nick Pappin


On Wed, Jul 1, 2009 at 12:21 AM, Alessandro Tinivelli <
alessandro.tinivelli at monrif.net> wrote:

>  yes, i'm in security = ADS.
>
>
>
> The client computer interested in the problem is out of the domain, logged
> with local administrator account.
>
> It's able to connect to che "onanon" share with a >net use *
> \\10.10.40.3\onanon
>
> without givine user/pass.
>
> But a service running on it produces the error "make_connection:
> connection to onanon denied due to security
> descriptor."
>
>
>
> *Da:* Nick Pappin [mailto:npappin at latahfcu.org]
> *Inviato:* martedì 30 giugno 2009 19.18
> *A:* Alessandro Tinivelli
> *Oggetto:* Re: R: [Samba] enabling "null session" on a share
>
>
>
> Are you tying this into a active directory structure.
>
> --
> W. Nick Pappin
>
>  On Fri, Jun 26, 2009 at 1:52 AM, Alessandro Tinivelli <
> alessandro.tinivelli at monrif.net> wrote:
>
> Bad news... i have been able to set up an anonymous share and any
> windows client (inside and outside the domain) can connect without been
> asked for any password.
>
>
>
> But on a machine (win2003,present in hosts allow) runs a service
> (running as local system account) which is not able to connect to the
> share. In samba log i see the following error
>
>
>
> "make_connection: connection to onanon denied due to security
> descriptor."
>
>
>
> is it possible to solve my issue? Or, maybe, i can try to make the
> service run as another user? (i don't know if this is good for the
> application using this process).
>
>
>
> below my current samba.conf
>
>
>
> -------------------------------------------------------------
>
> [global]
>
>        workgroup = POL
>
>        realm = POL.DOM
>
>        server string = NAS03 (Samba %v)
>
>        security = ADS
>
>
>        map to guest = Bad Password
>
>        log file = /var/log/samba/%m.log
>
>        max log size = 50
>
>        socket options = TCP_NODELAY IPTOS_LOWDELAY
>
>        idmap uid = 10000-20000
>
>        idmap gid = 10000-20000
>
>        winbind cache time = 10
>
>        winbind use default domain = Yes
>
>        winbind nss info = rfc2307
>
>
>
> [onanon]
>
>        comment = Condivisione  anonima
>
>        path = /storage/samba/GCP/on
>
>        force group = gcp
>
>        read only = No
>
>        hosts allow = 10.101.37.23, 10.101.37.22, 10.101.37.24
>
>        guest ok = Yes
>
>        browseable = No
>
> ---------------------------------------------------------------
>
>
>
>
> ith the security risks involved with null sessions.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>


More information about the samba mailing list