[Samba] 转发: 转发: 答复: ??????: Is the "\\x.x.x.x" type tree connect request a client related feature?
chen.yehua at h3c.com
Thu Feb 9 02:21:18 UTC 2017
Well, I have changed the line "map to guest = bad password" to "map to guest = bad user"
However the problem still exists:
1) I can pass the authentication and see the shared folder, but when I try to open the folder , it fails with a windows error message like "cannot find the route to the network". It may recover to normal later (means I can open that folder)
2) I have collected the wireshark record and find that windows 7 keeps sending unacceptable format("\\server", lack "\share") tree connect request until it recovers to normal:
> Tree connect request Tree\\aaa.bb.com\IPC$
> Tree connect response : SUCCESS
> Tree connect request Tree \\aaa.bb.com
> Tree connect response : NT_STATUS_BAD_NETWORK_NAME
> Tree connect request Tree \\aaa.bb.com
Tree connect response : NT_STATUS_BAD_NETWORK_NAME
3) Louis once mentioned that it may due to the check after applying the MS "bad lock" patch. I am confused about this and doubt why windows 7 will send the unacceptable "\\server" format tree connect request to check.
4) The "\\server" format tree connect request may not meet the smb2 protocol request:(lack "\share")
"The SMB2 TREE_CONNECT Request MUST be initialized as follows:
The target share path, including server name, in the format "\\server\share", is copied into the Buffer field of the request. PathOffset and PathLength MUST be set to describe the location and length of the target share path in the request."
--- extracted from "[MS-SMB2]:Server Message Block (SMB) Protocol Versions 2 and 3"
Is this reasonable?
发件人: samba [mailto:samba-bounces at lists.samba.org] 代表 Rowland Penny via samba
发送时间: 2017年2月8日 21:23
收件人: samba at lists.samba.org
主题: Re: [Samba] 转发: 答复: ??????: Is the "\\x.x.x.x" type tree connect request a client related feature?
On Wed, 8 Feb 2017 12:10:00 +0000
Chenyehua via samba <samba at lists.samba.org> wrote:
> Thanks for your response, Rowland.
> Sorry for the late reply.
> Here is my smb.conf:
> workgroup = grouptest1
> server string = %h server (Samba NAS)
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 10000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> server role = standalone server
> obey pam restrictions = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
> map to guest = bad password
> usershare allow guests = yes
> max protocol = SMB3
> large readwrite = yes
> use sendfile = yes
> aio read size = 1024
> oplocks = no
> deadtime = 10
> aio write behind = true
> load printers = no
> clustering = yes
> idmap config *:backend = tdb2
> store dos attributes = yes
> vfs objects = acl_xattr
> idmap config *:range = 1000000-1999999
> acl_xattr:ignore system acls = yes
> socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
> netbios name = netaaa1
> ctdbd socket = /var/run/ctdb/ctdbd.socket
> log level = 2
> security = user
Ok, this is a standalone server, so I suggest you remove these lines:
idmap config *:backend = tdb2
idmap config *:range = 1000000-1999999
socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
But I think your problem is being caused by this line (and possibly fat
map to guest = bad password
If you read 'man smb.conf' you will find this:
· Bad Password - Means user logins with an invalid password are
treated as a guest login and mapped into the guest account.
Note that this can cause problems as it means that any user
incorrectly typing their password will be silently logged on as
"guest" - and will not know the reason they cannot access files
they think they should - there will have been no message given
to them that they got their password wrong. Helpdesk services
will hate you if you set the map to guest parameter this way
This means if the users windows password isn't the same as the one on the Samba server, they will get logged in, but as the 'Guest' user.
To unsubscribe from this list go to the following URL and read the
This e-mail and its attachments contain confidential information from H3C, which is
intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender
by phone or email immediately and delete it!
More information about the samba