[Samba] In mac guest user is not working when AD connected - samba 4.9.3

VigneshDhanraj G vigneshdhanraj.g at gmail.com
Wed Sep 25 10:54:17 UTC 2019 

Hi Team,

I have configured server signing as mandatory in smb.conf. After
configured, guest user is not working when AD is connected.

In mac while connecting to samba if i give register user as vignesh/guest,
guest user is working. But if I click Guest radio button, guest user is not
working.

Please find the below configuration and log for reference.

[Global]
available= yes
restrict anonymous= 0
server string= Test
Workgroup= GNANA
netbios name= px4-400d
realm= GNANA.COM <http://VIGNESH.COM>
password server= 192.168.1.14, *
idmap backend= tdb
idmap uid= 5000-9999999
idmap gid= 5000-9999999
idmap config GNANA : backend= rid
idmap config GNANA : range= 10000000-19999999
security= ADS
name resolve order= wins host bcast lmhosts
client use spnego= yes
dns proxy= no
winbind use default domain= no
winbind nested groups= yes
inherit acls= yes
winbind enum users= yes
winbind enum groups= yes
winbind separator= \\
winbind cache time= 300
winbind offline logon= true
template shell= /bin/sh
kerberos method= secrets and keytab
map to guest= Bad User
host msdfs= yes
strict allocate= no
encrypt passwords= yes
passdb backend= smbpasswd
printcap name= lpstat
printable= no
load printers= yes
ntlm auth= Yes
server signing= mandatory

log
==
[2019/09/25 15:01:46.694089,  4]
../auth/auth_log.c:580(log_successful_authz_event_human_readable)
  Successful AuthZ: [SMB2,NTLMSSP] user [vignesh]\[Guest]  at [Wed, 25 Sep
2019 15:01:46.694013 PDT] Remote host [ipv4:192.168.1.14:60396] local host
[ipv4:192.168.1.14:445]
[2019/09/25 15:01:46.694437,  5]
../source3/lib/username.c:181(Get_Pwnam_alloc)
  Finding user vignesh\guest
[2019/09/25 15:01:46.694541,  5]
../source3/lib/username.c:120(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is vignesh\guest
[2019/09/25 15:01:46.694639,  5]
../source3/lib/username.c:159(Get_Pwnam_internals)
  Get_Pwnam_internals did find user [vignesh\guest]!
[2019/09/25 15:01:46.694715,  3]
../source3/smbd/password.c:133(register_homes_share)
  Adding homes service for user 'vignesh\guest' using home directory:
'/home/vignesh/guest'
[2019/09/25 15:01:46.695056,  5]
../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock)
  dbwrap_lock_order_lock: check lock order 1 for
/tmp/samba/smbXsrv_session_global.tdb
[2019/09/25 15:01:46.695371,  5]
../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock)
  dbwrap_lock_order_unlock: release lock order 1 for
/tmp/samba/smbXsrv_session_global.tdb
[2019/09/25 15:01:46.695622,  5]
../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu)
  signed SMB2 message
[2019/09/25 15:01:47.845994,  0]
../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
  Bad SMB2 signature for message
[2019/09/25 15:01:47.846405,  0] ../lib/util/util.c:514(dump_data)
  [0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........
........
[2019/09/25 15:01:47.846921,  0] ../lib/util/util.c:514(dump_data)
[2019/09/25 15:01:47.847455,  3]
../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2476
[2019/09/25 15:01:47.847807,  5]
../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu)
  signed SMB2 message
[2019/09/25 15:01:47.850773,  0]
../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
  Bad SMB2 signature for message
[2019/09/25 15:01:47.850999,  0] ../lib/util/util.c:514(dump_data)
  [0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........
........
[2019/09/25 15:01:47.851345,  0] ../lib/util/util.c:514(dump_data)
[2019/09/25 15:01:47.851726,  3]
../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2476

Kindly do the needful.

Thanks,
Vignesh.

More information about the samba mailing list