[Samba] Hoping someone can shed some light on this issue

Andrew Walker walker.aj325 at gmail.com
Tue May 11 01:04:45 UTC 2021 

On Mon, May 10, 2021 at 9:01 PM Andrew Walker <walker.aj325 at gmail.com>
wrote:

>
>
> On Mon, May 10, 2021 at 7:34 PM Andrew Bartlett via samba <
> samba at lists.samba.org> wrote:
>
>> On Mon, 2021-05-10 at 19:17 +0100, Rowland penny via samba wrote:
>> > On 10/05/2021 19:10, Rowland penny via samba wrote:
>> > > On 10/05/2021 19:00, Todd Ruffing wrote:
>> > > > It's a no-go on the configuration changes.  I backed up the
>> > > > original
>> > > > config file and modified the old config file to resemble what
>> > > > you
>> > > > had.  I restarted the server (I know I could have forced samba
>> > > > to
>> > > > pick up the config changes, just thought it would be best to
>> > > > restart
>> > > > it.).  I tried the mapping from windows 2016 to samba, and got
>> > > > the
>> > > > same result.  Windows 2008 still works after the changes.  Why
>> > > > doesn't windows 2016 work.  Did Microsoft change something in
>> > > > 2016 to
>> > > > prevent it from working?
>> > >
>> > > Who are you connecting as ? A Windows user that is unknown to the
>> > > Samba standalone server, or a user that is known to the standalone
>> > > server ? If the latter, are you using the correct password ?
>> > >
>> > > Rowland
>> > >
>> > >
>> > >
>> > No, don't bother, its Microsoft trying to stop you doing something
>> > that
>> > has been a part of Samba since Adam was a lad 😂
>> >
>> > see here:
>> >
>> https://techjourney.net/cannot-connect-to-cifs-smb-samba-network-shares-shared-folders-in-windows-10/
>>
>> I'm really glad they did that, but I'm surprised we haven't heard more
>> about it.  We need to update our documentation to make it clear that
>> 'guest ok' and 'map to guest = bad user' isn't a practical option any
>> more.
>>
>
> We have had quite a few users report this issue and have had to document
> around it in FreeNAS.  IIRC the change happened in Windows 10 version 1709
> and Windows Server version 1903.  MacOS these days also gets unhappy if it
> requests an authenticated session, but gets a guest one (can't remember
> version there). The world moved on in terms of what is acceptable in terms
> of security (and with good reason). Now if only we could get rid of those
> NT domains :))
>
> Andrew
>

I believe this is the relevant MS doc about it:
https://docs.microsoft.com/en-US/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default

More information about the samba mailing list