[Samba] In Mac SMB guest access is not working

Rowland Penny rpenny at samba.org
Thu Jan 3 14:24:50 UTC 2019 

On Thu, 3 Jan 2019 19:15:48 +0530
VigneshDhanraj G via samba <samba at lists.samba.org> wrote:

> Hi team,
> 
> Upgraded samba from 4.7.x to 4.9.3, when i tried to connect my public
> share using smb://ip/ through guest login in MAC my shares are not
> listed if i am connected to AD.
> 
> 2019/01/03 18:56:31.351985,  3, pid=1114, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:192(auth_check_ntlm_password)
>   check_ntlm_password:  mapped user is: []\[GUEST]@[HS-MBP-3]
> [2019/01/03 18:56:31.352027, 10, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth.c:202(auth_check_ntlm_password)
>   check_ntlm_password: auth_context challenge created by random
> [2019/01/03 18:56:31.352069, 10, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth.c:204(auth_check_ntlm_password)
>   challenge is:
> [2019/01/03 18:56:31.352109,  5, pid=1114, effective(0, 0), real(0,
> 0)] ../lib/util/util.c:514(dump_data)
>   [0000] C2 91 43 77 80 4A 47 1B                             ..Cw.JG.
> [2019/01/03 18:56:31.352182, 10, pid=1114, effective(0, 0), real(0,
> 0),
> class=auth] ../source3/auth/auth_builtin.c:41(check_anonymous_security)
> Check auth for: [GUEST] [2019/01/03 18:56:31.352223, 10, pid=1114,
> effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
> auth_check_ntlm_password: anonymous had nothing to say [2019/01/03
> 18:56:31.352265, 10, pid=1114, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth) Check
> auth for: [GUEST] [2019/01/03 18:56:31.352311,  8, pid=1114,
> effective(0, 0), real(0, 0)] ../source3/lib/util.c:1125(is_myname)
>   is_myname("") returns 0
> [2019/01/03 18:56:31.352353,  6, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth_sam.c:88(auth_samstrict_auth)
>   check_samstrict_security:  is not one of my local names
> (ROLE_DOMAIN_MEMBER)
> [2019/01/03 18:56:31.352396, 10, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
>   auth_check_ntlm_password: sam had nothing to say
> [2019/01/03 18:56:31.352439, 10, pid=1114, effective(0, 0), real(0,
> 0),
> class=auth] ../source3/auth/auth_winbind.c:50(check_winbind_security)
> Check auth for: [GUEST] [2019/01/03 18:56:31.352485,  4, pid=1114,
> effective(0, 0), real(0,
> 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) :
> sec_ctx_stack_ndx = 2 [2019/01/03 18:56:31.352530,  4, pid=1114,
> effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:527(push_conn_ctx)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> [2019/01/03 18:56:31.352572,  4, pid=1114, effective(0, 0), real(0,
> 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2019/01/03 18:56:31.352614,  5, pid=1114, effective(0, 0), real(0,
> 0)] ../libcli/security/security_token.c:53(security_token_debug)
>   Security token: (NULL)
> [2019/01/03 18:56:31.352655,  5, pid=1114, effective(0, 0), real(0,
> 0)] ../source3/auth/token_util.c:850(debug_unix_user_token)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2019/01/03 18:56:31.583661,  4, pid=1114, effective(0, 0), real(0,
> 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2019/01/03 18:56:31.583734, 10, pid=1114, effective(0, 0), real(0,
> 0),
> class=auth] ../source3/auth/auth_winbind.c:105(check_winbind_security)
> check_winbind_security: wbcAuthenticateUserEx failed:
> WBC_ERR_AUTH_ERROR [2019/01/03 18:56:31.583805,  5, pid=1114,
> effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
> auth_check_ntlm_password: winbind authentication for user [GUEST]
> FAILED with error NT_STATUS_ACCOUNT_DISABLED, authoritative=1
> [2019/01/03 18:56:31.583868,  2, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth.c:334(auth_check_ntlm_password)
> check_ntlm_password:  Authentication for user [GUEST] -> [GUEST]
> FAILED with error NT_STATUS_ACCOUNT_DISABLED, authoritative=1
> 
> Regards,
> VigneshDhanraj G

The 'GUEST' user isn't a Samba user, it is a Windows user and is
disabled by default and it should stay that way. It is insecure to
enable it.

You should also stop posting the same questions here and to the
samba-technical mailing list, this is the place to post your type of
questions. The samba-technical list is meant for development questions.

Rowland

More information about the samba mailing list