[Samba] 转发: 转发: 答复: ??????: Is the "\\x.x.x.x" type tree connect request a client related feature?

Thu Feb 9 02:21:18 UTC 2017

Well, I have changed the line "map to guest = bad password" to "map to guest = bad user"
However the problem still exists:
1) I can pass the authentication and see the shared folder, but when I try to open the folder , it fails with a windows error message like "cannot find the route to the network". It may recover to normal later (means I can open that folder)
2) I have collected the wireshark record and find that windows 7 keeps sending unacceptable format("\\server", lack "\share") tree connect request until it recovers to normal:
  > Tree connect request Tree\\aaa.bb.com\IPC$
  >  Tree connect response : SUCCESS
  > Tree connect request Tree \\aaa.bb.com
  >  Tree connect response : NT_STATUS_BAD_NETWORK_NAME
  > Tree connect request Tree \\aaa.bb.com
     Tree connect response : NT_STATUS_BAD_NETWORK_NAME
  ...
  ...
3) Louis once mentioned that it may due to the check after applying the MS "bad lock" patch. I am confused about this and doubt why windows 7 will send the unacceptable "\\server" format tree connect request to check.
4) The "\\server" format tree connect request may not meet the smb2 protocol request:(lack "\share")
  "The SMB2 TREE_CONNECT Request MUST be initialized as follows:
   The target share path, including server name, in the format "\\server\share", is copied into the Buffer field of the request. PathOffset and PathLength MUST be set to describe the location and length of the target share path in the request."
  --- extracted from "[MS-SMB2]:Server Message Block (SMB) Protocol Versions 2 and 3"
  Is this reasonable?

-----邮件原件-----
发件人: samba [mailto:samba-bounces at lists.samba.org] 代表 Rowland Penny via samba
发送时间: 2017年2月8日 21:23
收件人: samba at lists.samba.org
主题: Re: [Samba] 转发: 答复: ??????: Is the "\\x.x.x.x" type tree connect request a client related feature?

On Wed, 8 Feb 2017 12:10:00 +0000
Chenyehua via samba <samba at lists.samba.org> wrote:

> Thanks for your response, Rowland.
> Sorry for the late reply.
> Here is my smb.conf:
>
> [global]
>    workgroup = grouptest1
>
>    server string = %h server (Samba NAS)
>
>    dns proxy = no
>
>    log file = /var/log/samba/log.%m
>
>    max log size = 10000
>
>    syslog = 0
>
>    panic action = /usr/share/samba/panic-action %d
>
>    server role = standalone server
>
>    obey pam restrictions = yes
>
>    unix password sync = yes
>
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>
>    pam password change = yes
>    map to guest = bad password
>
>    usershare allow guests = yes
>    max protocol = SMB3
>    large readwrite = yes
>    use sendfile = yes
>    aio read size = 1024
>    oplocks = no
>    deadtime = 10
>    aio write behind = true
>    load printers = no
>    clustering = yes
>    idmap config *:backend = tdb2
>    store dos attributes = yes
>    vfs objects = acl_xattr
>    idmap config *:range = 1000000-1999999
>    acl_xattr:ignore system acls = yes
>    socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
>    netbios name = netaaa1
>    ctdbd socket = /var/run/ctdb/ctdbd.socket
>    log level = 2
>    security = user
>

Ok, this is a standalone server, so I suggest you remove these lines:

   idmap config *:backend = tdb2
   idmap config *:range = 1000000-1999999
   socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072

But I think your problem is being caused by this line (and possibly fat
fingers):

    map to guest = bad password

If you read 'man smb.conf' you will find this:

           ·   Bad Password - Means user logins with an invalid password are
               treated as a guest login and mapped into the guest account.
               Note that this can cause problems as it means that any user
               incorrectly typing their password will be silently logged on as
               "guest" - and will not know the reason they cannot access files
               they think they should - there will have been no message given
               to them that they got their password wrong. Helpdesk services
               will hate you if you set the map to guest parameter this way
               :-).

This means if the users windows password isn't the same as the one on the Samba server, they will get logged in, but as the 'Guest' user.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-------------------------------------------------------------------------------------------------------------------------------------
本邮件及其附件含有杭州华三通信技术有限公司的保密信息，仅限于发送给上面地址中列出
的个人或群组。禁止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、
或散发）本邮件中的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本
邮件！
This e-mail and its attachments contain confidential information from H3C, which is
intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender
by phone or email immediately and delete it!