[Samba] In mac guest user is not working when AD connected - samba 4.9.3
VigneshDhanraj G
vigneshdhanraj.g at gmail.com
Wed Sep 25 10:54:17 UTC 2019
Hi Team,
I have configured server signing as mandatory in smb.conf. After
configured, guest user is not working when AD is connected.
In mac while connecting to samba if i give register user as vignesh/guest,
guest user is working. But if I click Guest radio button, guest user is not
working.
Please find the below configuration and log for reference.
[Global]
available= yes
restrict anonymous= 0
server string= Test
Workgroup= GNANA
netbios name= px4-400d
realm= GNANA.COM <http://VIGNESH.COM>
password server= 192.168.1.14, *
idmap backend= tdb
idmap uid= 5000-9999999
idmap gid= 5000-9999999
idmap config GNANA : backend= rid
idmap config GNANA : range= 10000000-19999999
security= ADS
name resolve order= wins host bcast lmhosts
client use spnego= yes
dns proxy= no
winbind use default domain= no
winbind nested groups= yes
inherit acls= yes
winbind enum users= yes
winbind enum groups= yes
winbind separator= \\
winbind cache time= 300
winbind offline logon= true
template shell= /bin/sh
kerberos method= secrets and keytab
map to guest= Bad User
host msdfs= yes
strict allocate= no
encrypt passwords= yes
passdb backend= smbpasswd
printcap name= lpstat
printable= no
load printers= yes
ntlm auth= Yes
server signing= mandatory
log
==
[2019/09/25 15:01:46.694089, 4]
../auth/auth_log.c:580(log_successful_authz_event_human_readable)
Successful AuthZ: [SMB2,NTLMSSP] user [vignesh]\[Guest] at [Wed, 25 Sep
2019 15:01:46.694013 PDT] Remote host [ipv4:192.168.1.14:60396] local host
[ipv4:192.168.1.14:445]
[2019/09/25 15:01:46.694437, 5]
../source3/lib/username.c:181(Get_Pwnam_alloc)
Finding user vignesh\guest
[2019/09/25 15:01:46.694541, 5]
../source3/lib/username.c:120(Get_Pwnam_internals)
Trying _Get_Pwnam(), username as lowercase is vignesh\guest
[2019/09/25 15:01:46.694639, 5]
../source3/lib/username.c:159(Get_Pwnam_internals)
Get_Pwnam_internals did find user [vignesh\guest]!
[2019/09/25 15:01:46.694715, 3]
../source3/smbd/password.c:133(register_homes_share)
Adding homes service for user 'vignesh\guest' using home directory:
'/home/vignesh/guest'
[2019/09/25 15:01:46.695056, 5]
../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock)
dbwrap_lock_order_lock: check lock order 1 for
/tmp/samba/smbXsrv_session_global.tdb
[2019/09/25 15:01:46.695371, 5]
../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock)
dbwrap_lock_order_unlock: release lock order 1 for
/tmp/samba/smbXsrv_session_global.tdb
[2019/09/25 15:01:46.695622, 5]
../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu)
signed SMB2 message
[2019/09/25 15:01:47.845994, 0]
../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
Bad SMB2 signature for message
[2019/09/25 15:01:47.846405, 0] ../lib/util/util.c:514(dump_data)
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
........
[2019/09/25 15:01:47.846921, 0] ../lib/util/util.c:514(dump_data)
[2019/09/25 15:01:47.847455, 3]
../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2476
[2019/09/25 15:01:47.847807, 5]
../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu)
signed SMB2 message
[2019/09/25 15:01:47.850773, 0]
../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
Bad SMB2 signature for message
[2019/09/25 15:01:47.850999, 0] ../lib/util/util.c:514(dump_data)
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
........
[2019/09/25 15:01:47.851345, 0] ../lib/util/util.c:514(dump_data)
[2019/09/25 15:01:47.851726, 3]
../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2476
Kindly do the needful.
Thanks,
Vignesh.
More information about the samba
mailing list