[Samba] DM: samba 4.5 -> 4.8, guest access and machine account access troubles.

Marco Gaiarin gaio at sv.lnf.it
Mon Sep 24 12:48:15 UTC 2018 

Mandi! Rowland Penny via samba
  In chel di` si favelave...

> > clearly, i've on [globals] 'map to guest = Bad User'.
> That is how it is supposed to work, if a known user tries to use a
> wrong password, the user is rejected. If the user is unknown, it is
> mapped to the guest user (usually 'nobody') and allowed access to
> shares where 'guest ok = yes' is set.

Exactly. I restate, roughly the same config file on samba 4.5 permit
correctly guest access from local Administrator user...


> Not sure about this, perhaps it is the same reason as above, but we
> need more info, what is in the [global] section of the smb.conf ?

Domain member:

# Global parameters
[global]
	load printers = Yes
	log file = /var/log/samba/log.%M
	log level = 0
	map to guest = Bad User
	max log size = 5000
	netbios aliases = CUPSSV FILESV HOMESV
	panic action = /usr/share/samba/panic-action %d
	printcap name = cups
	realm = AD.FVG.LNF.IT
	security = ADS
	username map = /etc/samba/user.map
	winbind offline logon = Yes
	winbind use default domain = Yes
	workgroup = LNFFVG
	spoolss: architecture = Windows x64
	rpc_daemon:spoolssd = fork
	rpc_server:spoolss = external
	idmap config lnffvg : unix_nss_info = yes
	idmap config lnffvg : schema_mode = rfc2307
	idmap config lnffvg : range = 10000-49999
	idmap config lnffvg : backend = ad
	idmap config * : range = 5000-9999
	idmap config * : backend = tdb
	printing = cups

 root at vdmsv1:/etc/samba# cat /etc/samba/user.map
 !root = LNFFVG\Administrator LNFFVG\administrator Administrator administrator


domain controller (still samba 4.5):

[global]
	netbios name = VDCSV1
	realm = AD.FVG.LNF.IT
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	workgroup = LNFFVG
	log level = 0
	server role = active directory domain controller
	template homedir = /home/%U
	template shell = /bin/bash
	idmap_ldb:use rfc2307 = yes

Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list