[Samba] [4.5.12] "guest account" doesn't work
codecomplete at free.fr
Wed May 9 15:23:40 UTC 2018
On 09/05/2018 16:32, L.P.H. van Belle via samba wrote:
> What you want to know is..
> ## For a standalone server/Member server.
> systemctl stop samba-ad-dc samba
> systemctl disable samba-ad-dc samba
> systemctl mask samba-ad-dc samba
> systemctl unmask smbd winbind nmbd
> systemctl enable smbd winbind nmbd
> systemctl start smbd winbind nmbd
> ## For an AD-DC setup.
> systemctl stop smbd nmbd winbind
> systemctl disable smbd nmbd winbind
> systemctl mask smbd nmbd winbind
> systemctl unmask samba-ad-dc
> systemctl enable samba-ad-dc
> systemctl start samba-ad-dc
> This works as of Debian Jessie en up.
> Same for Ubuntu as of 16.04 but adviced as of 17.x and up.
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Gilles via samba
>> Verzonden: woensdag 9 mei 2018 16:19
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] [4.5.12] "guest account" doesn't work
>> It looks like "service samba reload" and/or not disconnecting from
>> Windows explains the problem I had.
>> 1. Using this, with no need for "force user" at the share level:
>> map to guest = Bad User
>> guest account = www-data
>> 2. Running "/etc/init.d/samba restart"
>> … I can a) connect, and b) write files as www-data, as expected.
>> The reason I use the init.d script is because of this:
>> ~# service samba reload
>> [ ok ] Reloading smbd configuration (via systemctl): smbd.service.
>> ~# service samba restart
>> Failed to restart samba.service: Unit samba.service is masked.
>> Thank you.
>> On 09/05/2018 15:29, Rowland Penny via samba wrote:
>>> On Wed, 9 May 2018 14:07:12 +0200
>>> Gilles via samba <samba at lists.samba.org> wrote:
>>>> Until now, I let Samba use nobody:nogroup to access shares from
>>>> Windows with no account in Samba.
>>>> I wanted to try the "guest account" option to tell it to use a
>>>> specific Unix account… but it fails with "Access denied". The
>>>> solution is to either give up on the "guest account" directive, or
>>>> add "force user" to the share. Why is that?
>>> The default Samba 'guest account' is 'nobody' and this seems to be
>>> hard coded into Samba and when an unknown user connects and 'map to
>>> guest' is set to 'Bad User', the unknown user is silently mapped to
>>> Without checking the source, I think this would happen even
>> if 'nobody'
>>> tried to connect.
>>> Bad User:
>>> Means user logins with an invalid password are rejected, unless the
>>> username does not exist, in which case it is treated as a
>> guest login
>>> and mapped into the guest account.
>>> Taking the above into account, the problem with 'www-date'
>> is that it
>>> does exist, so it will not be allowed access.
>>> You could try to prove this by changing 'Bad User' to 'Bad
>>> but I wouldn't leave it like this.
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba