[Samba] Fwd: NT_STATUS_ACCESS_DENIED for guest account to public share
Raymond Page
pagerc at gmail.com
Fri May 25 17:11:44 UTC 2018
Rowland,
The 'guest' user exists in /etc/passwd, and there are no users defined in
tdb backend.
1. /etc/passwd: guest:x:405:100:guest:/dev/null:/sbin/nologin
2. pdbedit -L -v: ^$ EOL
3. smb.conf updated as suggested - smbclient -U% //share/public -c 'put
test1.txt foobar'
NT_STATUS_ACCESS_DENIED opening remote file \foobar
Modifying the settings as suggested made no impact, functionally we just
disabled the global defaults and doubly defined the local share settings.
The person saying using 'read only = no' AND 'writable = yes' is probably
the same person suggesting 'guest ok = yes' AND 'public = yes'. I like my
redundant configuration settings to reinforce what I'm stating so that if
I'm thinking about denying vs enabling access, I have an option to clearly
latch onto.
Output from testparam:
[global]
dns proxy = No
guest account = guest
log file = /var/log/samba/%m.log
map to guest = Bad User
netbios name = SHARE
security = USER
idmap config * : backend = tdb
[printers]
browseable = No
comment = All Printers
path = /usr/spool/samba
printable = Yes
[homes]
comment = User Home Directories
read only = No
[public]
comment = Public Share
create mask = 0644
guest ok = Yes
guest only = Yes
path = /mnt/share
read only = No
--
Raymond Page
On Fri, May 25, 2018 at 12:42 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 25 May 2018 12:13:44 -0400
> Raymond Page via samba <samba at lists.samba.org> wrote:
>
> > Hi list,
> >
> > I'm using samba-4.7.6-r0 and attempting to establish a public samba
> > share where any anonymous user can write to the share.
> >
> > I have an issue where the 'guest' (uid 405) account is unable to
> > write to a directory owned by that uid. If the gid or world writable
> > bits are set, I can write to my share, but not as the guest uid. I
> > need assistance troubleshooting why I cannot write as the guest
> > account to my share.
> >
> > My problem:
> > # touch test.txt
> > # smbclient -U% //easystore/public -c 'put test.txt test1.txt'
> > NT_STATUS_ACCESS_DENIED opening remote file \test1.txt
> >
> > My local filesystem:
> > # ls -lad /mnt/share
> > drwxr-xr-x 5 guest users 4096 May 25 15:18 /mnt/share
> >
> > My user details:
> > # getent passwd guest
> > guest:x:405:100:guest:/dev/null:/sbin/nologin
> > # pdbedit -L -v
> > ^$ EOL
> >
> > My smbstatus (ran windows 10 client to hold open the share path
> > locks): # smbstatus
> >
> > Samba version 4.7.6
> > PID Username Group Machine
> > Protocol Version Encryption Signing
> >
> ----------------------------------------------------------------------------------------------------------------------------------------
> > 24844 guest users 192.168.50.131
> > (ipv4:192.168.X.X :54932) SMB3_11 - -
> > 24852 guest users 192.168.50.185
> > (ipv4:192.168.X.X :57840) SMB3_11 - -
> > 24851 guest users 192.168.50.185
> > (ipv4:192.168.X.X :57839) SMB3_11 - -
> >
> > Service pid Machine Connected at
> > Encryption Signing
> >
> ---------------------------------------------------------------------------------------------
> > public 24852 192.168.X.X Fri May 25 15:44:07 2018 UTC -
> > -
> > public 24844 192.168.X.X Fri May 25 15:43:41 2018 UTC -
> > -
> > IPC$ 24852 192.168.X.X Fri May 25 15:44:07 2018 UTC -
> > -
> > IPC$ 24851 192.168.X.X Fri May 25 15:44:06 2018 UTC -
> > -
> > public 24851 192.168.X.X Fri May 25 15:44:06 2018 UTC -
> > -
> >
> > Locked files:
> > Pid Uid DenyMode Access R/W Oplock
> > SharePath Name Time
> >
> --------------------------------------------------------------------------------------------------
> > 24851 405 DENY_NONE 0x100081 RDONLY NONE
> > /mnt/share . Fri May 25 15:44:06 2018
> > 24851 405 DENY_NONE 0x100081 RDONLY NONE
> > /mnt/share . Fri May 25 15:44:06 2018
> > 24851 405 DENY_NONE 0x100081 RDONLY NONE
> > /mnt/share . Fri May 25 15:44:07 2018
> > 24852 405 DENY_NONE 0x100080 RDONLY NONE
> > /mnt/share . Fri May 25 15:44:07 2018
> > 24851 405 DENY_NONE 0x100081 RDONLY NONE
> > /mnt/share . Fri May 25 15:44:08 2018
> > 24851 405 DENY_ALL 0x100080 RDONLY NONE
> > /mnt/share . Fri May 25 15:44:12 2018
> >
> > My smb.conf:
> > [global]
> > syslog = 7
> > netbios name = SHARE
> > workgroup = WORKGROUP
> > security = user
> > map to guest = Bad User
> > guest account = guest
> > #username map = /etc/samba/smbusers
> > dns proxy = no
> > #log level = all
> > log file = /var/log/samba/%m.log
> > browsable = yes
> > #read only = yes
> > guest ok = no
> > writable = no
> > printable = no
> >
> > [printers]
> > comment = All Printers
> > path = /usr/spool/samba
> > browseable = yes
> > printable = yes
> >
> > [homes]
> > comment = User Home Directories
> > browsable = yes
> > writable = yes
> >
> > [public]
> > comment = Public Share
> > path = /mnt/share
> > public = yes
> > guest only = yes
> > read only = no
> > writable = yes
> > printable = no
> > #force user = guest
> > create mask = 0644
> > directory mask = 0755
> >
> > --
> > Raymond Page
>
> Three things, does 'guest' exist in /etc/passwd and Samba ?
> Remove 'guest ok = no' from [global] and add 'guest ok = yes' to the
> shares.
> Finally, just who is it that is telling people to add 'read
> only' AND 'writable = yes' ? They are the same setting (goes off
> muttering to himself)
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list