[Samba] [EXTERNAL] Could not access a share as a guest
Neelakantan Kannappa (nkannapp)
Neelakantan.Kannappa at quest.com
Mon Jun 8 18:31:59 UTC 2020
Hi Ashok,
That solved this issue and moved ahead of that IPC$ share access issue. Thanks for that.
Now, I am seeing the below error.
Please note I am new to samba world. Pardon me if I am asking for more.
Meanwhile I too will check smb.conf online doc and my smb.conf for any conflicting configurations.
[2020/06/08 12:23:08.982042, 5, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute)
get_ea_dos_attribute: Cannot get attribute from EA on file 1d972c9a-6afe-4c46-ba77-7fdf8c24af5a#b079d2d8-0000-0000-0000-000000000000#3-snapshot.vhdx: Error = No data available
[2020/06/08 12:23:08.982063, 10, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:3185(open_file_ntcreate)
Thanks,
Neelakantan K.
-----Original Message-----
From: Ashok Ramakrishnan <aramakrishnan at nasuni.com>
Sent: Monday, June 8, 2020 7:24 PM
To: Neelakantan Kannappa (nkannapp) <Neelakantan.Kannappa at quest.com>
Subject: RE: [EXTERNAL] [Samba] Could not access a share as a guest
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
The "restrict anonymous = 2" setting in smb.conf is what (most likely) causes the mapping to IPC$ to fail as guest.
As an experiment, u may want to set it to 1 (restrict anonymous = 1) and try. What that means in terms of security, you can find in smb.conf man page.
Hope this helps.
-Ashok
-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Neelakantan Kannappa (nkannapp) via samba
Sent: Sunday, June 7, 2020 3:10 PM
To: samba at lists.samba.org
Subject: [EXTERNAL] [Samba] Could not access a share as a guest
Hi Group,
I have mentioned the details of the Samba and the Smb.conf.
When I access the the configured share from a windows server 2019 server machine.
I am getting the following error on the samba server side. Your help will be greatly appreciated.
[2020/06/07 12:45:28.833238, 1] ../../source3/smbd/service.c:348(create_connection_session_info)
create_connection_session_info: guest user (from session setup) not permitted to access this share (IPC$)
[2020/06/07 12:45:28.833257, 1] ../../source3/smbd/service.c:531(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
Samba Version 4.11.6.
Smb.conf/testparam -s
# Global parameters
[global]
add share command = /hidden-path/cifs_add_share.sh
async smb echo handler = Yes
deadtime = 120
delete share command = /hidden-path/cifs_delete_share.sh
disable spoolss = Yes
domain master = No
getwd cache = No
hostname lookups = Yes
kerberos method = system keytab
load printers = No
local master = No
log file = /var/log/hidden-path/%m.log
machine password timeout = 0
map to guest = Bad User
max log size = 10240
max smbd processes = 132
preferred master = No
printcap name = /dev/null
restrict anonymous = 2
security = USER
server min protocol = SMB2
server string = XXX.
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=4194304 SO_SNDBUF=1048576
template homedir = /home/%U
template shell = /sbin/nologin
unix extensions = No
username map = /hidden-path/etc/samba/smbusers
workgroup = MYGROUP
idmap config * : backend = tdb
block size = 4096
cups options = raw
smb encrypt = No
[OrBackupDevice]
follow symlinks = No
force unknown acl user = Yes
guest ok = Yes
guest only = Yes
hosts allow = 169.254.183.198 10.230.135.160 10.230.135.111 127.0.0.1
include = /hidden-path/OrbBackupDevice.inc
level2 oplocks = No
mangled names = no
oplocks = No
path = /containers/OrbBackupDevice/OrbBackupRoot/
read only = No
strict locking = No
vfs objects = streams_depot acl_xattr customvfs
acl_xattr:ignore hashes = yes
--
$ cat /hidden-path/ etc/samba/smbusers
nobody = guest
$
$ /samba/usr/bin/pdbedit -L
administrator:1004: xxx administrator
$
$ cat /etc/passwd
..
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin ...
$
--
NOTE: Tried with "force user (S) & force group(S_ to be that of the administrator" . That too did not help resolve the issue.
Thanks,
Neelakantan K.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=02%7C01%7CNeelakantan.Kannappa%40quest.com%7C0463aab8cde843e21f7d08d80bb3670c%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637272212459229654&sdata=vgGa3qu3k%2FF4QVJ6lPon3UvjwNw%2Fs%2Bc3XKjsZLdnP9E%3D&reserved=0
This e-mail message and all attachments transmitted with it may contain privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message, all attachments and all copies and backups thereof.
More information about the samba
mailing list