[Samba] Fwd: NT_STATUS_ACCESS_DENIED for guest account to public share
Rowland Penny
rpenny at samba.org
Fri May 25 16:41:59 UTC 2018
On Fri, 25 May 2018 12:13:44 -0400
Raymond Page via samba <samba at lists.samba.org> wrote:
> Hi list,
>
> I'm using samba-4.7.6-r0 and attempting to establish a public samba
> share where any anonymous user can write to the share.
>
> I have an issue where the 'guest' (uid 405) account is unable to
> write to a directory owned by that uid. If the gid or world writable
> bits are set, I can write to my share, but not as the guest uid. I
> need assistance troubleshooting why I cannot write as the guest
> account to my share.
>
> My problem:
> # touch test.txt
> # smbclient -U% //easystore/public -c 'put test.txt test1.txt'
> NT_STATUS_ACCESS_DENIED opening remote file \test1.txt
>
> My local filesystem:
> # ls -lad /mnt/share
> drwxr-xr-x 5 guest users 4096 May 25 15:18 /mnt/share
>
> My user details:
> # getent passwd guest
> guest:x:405:100:guest:/dev/null:/sbin/nologin
> # pdbedit -L -v
> ^$ EOL
>
> My smbstatus (ran windows 10 client to hold open the share path
> locks): # smbstatus
>
> Samba version 4.7.6
> PID Username Group Machine
> Protocol Version Encryption Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 24844 guest users 192.168.50.131
> (ipv4:192.168.X.X :54932) SMB3_11 - -
> 24852 guest users 192.168.50.185
> (ipv4:192.168.X.X :57840) SMB3_11 - -
> 24851 guest users 192.168.50.185
> (ipv4:192.168.X.X :57839) SMB3_11 - -
>
> Service pid Machine Connected at
> Encryption Signing
> ---------------------------------------------------------------------------------------------
> public 24852 192.168.X.X Fri May 25 15:44:07 2018 UTC -
> -
> public 24844 192.168.X.X Fri May 25 15:43:41 2018 UTC -
> -
> IPC$ 24852 192.168.X.X Fri May 25 15:44:07 2018 UTC -
> -
> IPC$ 24851 192.168.X.X Fri May 25 15:44:06 2018 UTC -
> -
> public 24851 192.168.X.X Fri May 25 15:44:06 2018 UTC -
> -
>
> Locked files:
> Pid Uid DenyMode Access R/W Oplock
> SharePath Name Time
> --------------------------------------------------------------------------------------------------
> 24851 405 DENY_NONE 0x100081 RDONLY NONE
> /mnt/share . Fri May 25 15:44:06 2018
> 24851 405 DENY_NONE 0x100081 RDONLY NONE
> /mnt/share . Fri May 25 15:44:06 2018
> 24851 405 DENY_NONE 0x100081 RDONLY NONE
> /mnt/share . Fri May 25 15:44:07 2018
> 24852 405 DENY_NONE 0x100080 RDONLY NONE
> /mnt/share . Fri May 25 15:44:07 2018
> 24851 405 DENY_NONE 0x100081 RDONLY NONE
> /mnt/share . Fri May 25 15:44:08 2018
> 24851 405 DENY_ALL 0x100080 RDONLY NONE
> /mnt/share . Fri May 25 15:44:12 2018
>
> My smb.conf:
> [global]
> syslog = 7
> netbios name = SHARE
> workgroup = WORKGROUP
> security = user
> map to guest = Bad User
> guest account = guest
> #username map = /etc/samba/smbusers
> dns proxy = no
> #log level = all
> log file = /var/log/samba/%m.log
> browsable = yes
> #read only = yes
> guest ok = no
> writable = no
> printable = no
>
> [printers]
> comment = All Printers
> path = /usr/spool/samba
> browseable = yes
> printable = yes
>
> [homes]
> comment = User Home Directories
> browsable = yes
> writable = yes
>
> [public]
> comment = Public Share
> path = /mnt/share
> public = yes
> guest only = yes
> read only = no
> writable = yes
> printable = no
> #force user = guest
> create mask = 0644
> directory mask = 0755
>
> --
> Raymond Page
Three things, does 'guest' exist in /etc/passwd and Samba ?
Remove 'guest ok = no' from [global] and add 'guest ok = yes' to the
shares.
Finally, just who is it that is telling people to add 'read
only' AND 'writable = yes' ? They are the same setting (goes off
muttering to himself)
Rowland
More information about the samba
mailing list