[Samba] [EXTERNAL] Could not access a share as a guest

Neelakantan Kannappa (nkannapp) Neelakantan.Kannappa at quest.com
Mon Jun 8 18:31:59 UTC 2020 

Hi Ashok,

That solved this issue and moved ahead of that IPC$ share access issue. Thanks for that.

Now, I am seeing the below error. 

Please note I am new to samba world. Pardon me if I am asking for more.

Meanwhile I too will check smb.conf online doc and my smb.conf for any conflicting configurations. 

[2020/06/08 12:23:08.982042,  5, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute)
  get_ea_dos_attribute: Cannot get attribute from EA on file 1d972c9a-6afe-4c46-ba77-7fdf8c24af5a#b079d2d8-0000-0000-0000-000000000000#3-snapshot.vhdx: Error = No data available
[2020/06/08 12:23:08.982063, 10, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:3185(open_file_ntcreate)


Thanks,
Neelakantan K.


-----Original Message-----
From: Ashok Ramakrishnan <aramakrishnan at nasuni.com> 
Sent: Monday, June 8, 2020 7:24 PM
To: Neelakantan Kannappa (nkannapp) <Neelakantan.Kannappa at quest.com>
Subject: RE: [EXTERNAL] [Samba] Could not access a share as a guest

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


The "restrict anonymous = 2" setting in smb.conf is what (most likely) causes the mapping to IPC$ to fail as guest.

As an experiment, u may want to set it to 1 (restrict anonymous = 1) and try. What that means in terms of security, you can find in smb.conf man page.

Hope this helps.

-Ashok


-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Neelakantan Kannappa (nkannapp) via samba
Sent: Sunday, June 7, 2020 3:10 PM
To: samba at lists.samba.org
Subject: [EXTERNAL] [Samba] Could not access a share as a guest

Hi Group,

I have mentioned the details of the Samba and the Smb.conf.

When I access the the configured share from a windows server 2019 server machine.

I am getting the following error on the samba server side. Your help will be greatly appreciated.


[2020/06/07 12:45:28.833238,  1] ../../source3/smbd/service.c:348(create_connection_session_info)
  create_connection_session_info: guest user (from session setup) not permitted to access this share (IPC$)
[2020/06/07 12:45:28.833257,  1] ../../source3/smbd/service.c:531(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED


Samba Version 4.11.6.

Smb.conf/testparam -s

# Global parameters
[global]
        add share command = /hidden-path/cifs_add_share.sh
        async smb echo handler = Yes
        deadtime = 120
        delete share command = /hidden-path/cifs_delete_share.sh
        disable spoolss = Yes
        domain master = No
        getwd cache = No
        hostname lookups = Yes
        kerberos method = system keytab
        load printers = No
        local master = No
        log file = /var/log/hidden-path/%m.log
        machine password timeout = 0
        map to guest = Bad User
        max log size = 10240
        max smbd processes = 132
        preferred master = No
        printcap name = /dev/null
        restrict anonymous = 2
        security = USER
        server min protocol = SMB2
        server string = XXX.
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=4194304 SO_SNDBUF=1048576
        template homedir = /home/%U
        template shell = /sbin/nologin
        unix extensions = No
        username map = /hidden-path/etc/samba/smbusers
        workgroup = MYGROUP
        idmap config * : backend = tdb
        block size = 4096
        cups options = raw
        smb encrypt = No


[OrBackupDevice]
        follow symlinks = No
        force unknown acl user = Yes
        guest ok = Yes
        guest only = Yes
        hosts allow = 169.254.183.198 10.230.135.160 10.230.135.111 127.0.0.1
        include = /hidden-path/OrbBackupDevice.inc
        level2 oplocks = No
        mangled names = no
        oplocks = No
        path = /containers/OrbBackupDevice/OrbBackupRoot/
        read only = No
        strict locking = No
        vfs objects = streams_depot acl_xattr customvfs
        acl_xattr:ignore hashes = yes


--

$ cat /hidden-path/ etc/samba/smbusers
nobody = guest
$
$ /samba/usr/bin/pdbedit -L
administrator:1004: xxx administrator
$
$ cat /etc/passwd
..
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin ...
$

--

NOTE: Tried with "force user (S) & force group(S_ to be that of the administrator" . That too did not help resolve the issue.


Thanks,
Neelakantan K.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=02%7C01%7CNeelakantan.Kannappa%40quest.com%7C0463aab8cde843e21f7d08d80bb3670c%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637272212459229654&sdata=vgGa3qu3k%2FF4QVJ6lPon3UvjwNw%2Fs%2Bc3XKjsZLdnP9E%3D&reserved=0
This e-mail message and all attachments transmitted with it may contain privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message, all attachments and all copies and backups thereof.

More information about the samba mailing list