[Samba] Different behavior when client uses "sec=none" and when provides bad user (mapped to guest)

Carlos Alberto Balseiro Mayi balseiro at balseiro.org.es
Fri Jan 17 21:55:59 UTC 2025 


testparm -s output:

> Load smb config files from /etc/smb4.conf
> Loaded services file OK.
> Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility 
> fallback)
> 
> Server role: ROLE_STANDALONE
> 
> # Global parameters
> [global]
> bind interfaces only = Yes
> disable spoolss = Yes
> dns proxy = No
> load printers = No
> logging = file
> map to guest = Bad User
> max log size = 5120
> passdb backend = tdbsam:/var/run/samba-cache/private/passdb.tdb
> printcap name = /dev/null
> registry shares = Yes
> server multi channel support = No
> server string = TrueNAS Server
> winbind request timeout = 2
> workgroup = CORUSCANT
> idmap config * : range = 90000001 - 100000000
> fruit:zero_file_id = False
> fruit:nfs_aces = False
> idmap config * : backend = tdb
> create mask = 0664
> directory mask = 0775
> kernel oplocks = Yes
> 
> (REMOVED INFO FROM SHARES NOT INVOLVED IN THIS)
> 
> [descargas]
> ea support = No
> guest ok = Yes
> path = /mnt/NAS/descargas
> read only = No
> smbd max xattr size = 2097152
> vfs objects = streams_xattr shadow_copy_zfs ixnas zfs_core io_uring
> tn:vuid =
> fruit:time machine max size = 0
> fruit:time machine = False
> nfs4:chown = True
> tn:home = False
> tn:path_suffix =
> tn:purpose = MULTI_PROTOCOL_NFS

Audit bad user:

> Logon ID: '0'
> Logon Type: 3
> Local Address: ipv4:192.168.1.4:445
> Remote Address: ipv4:192.168.1.100:55186
> Service Description: SMB2
> Auth Description: Null
> Client Domain: ''
> Client Account: badusertest
> Workstation: ''
> Became Account: Null
> Became Domain: Null
> Became Sid: Null
> Mapped Account: badusertest
> Mapped Domain: ''
> Netlogon Computer: Null
> Netlogon Trust Account: Null
> Netlogon Negotiate Flags: '0x00000000'
> Netlogon Secure Channel Type: 0
> Netlogon Trust Account Sid: Null
> Password Type: NTLMv2
> Client Policy Access Check: Null
> Server Policy Access Check: Null
> Vers:
> Major: 0
> Minor: 1
> Result:
> Type: NTSTATUS
> Value Raw: 3221225572
> Value Parsed: NT_STATUS_NO_SUCH_USER

smbstatus bad user:

> Samba version 4.20.5-truenas
> PID     Username     Group        Machine                               
>     Protocol Version  Encryption           Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 193273  nobody       nogroup      192.168.1.100 
> (ipv4:192.168.1.100:55188)  SMB3_11           -                    -
> 102411  nobody       nogroup      192.168.1.10 
> (ipv4:192.168.1.10:47964)    SMB3_11           -                    -
> 
> Service      pid     Machine       Connected at                     
> Encryption   Signing
> ---------------------------------------------------------------------------------------------
> IPC$         102411  192.168.1.10  Fri Jan 17 18:53:13 2025 CET     -   
>          -
> descargas    193273  192.168.1.100 Fri Jan 17 21:56:27 2025 CET     -   
>          -
> Carpetas Personales 102411  192.168.1.10  Fri Jan 17 18:53:13 2025 CET  
>    -            -
> IPC$         193273  192.168.1.100 Fri Jan 17 21:56:27 2025 CET     -   
>          -
> 
> Locked files:
> Pid          User(ID)   DenyMode   Access      R/W        Oplock        
>    SharePath   Name   Time
> --------------------------------------------------------------------------------------------------
> 193273       65534      DENY_NONE  0x12019f    RDWR       BATCH         
>    /mnt/NAS/descargas   MiSTer/games/AO486/media/another world/another 
> world.vhd   Fri Jan 17 21:58:04 2025

Audit sec=none :

> Logon ID: '0'
> Logon Type: 3
> Local Address: ipv4:192.168.1.4:445
> Remote Address: ipv4:192.168.1.100:43240
> Service Description: SMB2
> Auth Description: Null
> Client Domain: ''
> Client Account: ''
> Workstation: ''
> Became Account: nobody
> Became Domain: TRUENAS
> Became Sid: S-1-5-21-2028966449-1147323095-3560797536-501
> Mapped Account: ''
> Mapped Domain: ''
> Netlogon Computer: Null
> Netlogon Trust Account: Null
> Netlogon Negotiate Flags: '0x00000000'
> Netlogon Secure Channel Type: 0
> Netlogon Trust Account Sid: Null
> Password Type: No-Password
> Client Policy Access Check: Null
> Server Policy Access Check: Null
> Vers:
> Major: 0
> Minor: 1
> Result:
> Type: NTSTATUS
> Value Raw: 0
> Value Parsed: SUCCESS

smbstatus sec=none:

> Samba version 4.20.5-truenas
> PID     Username     Group        Machine                               
>     Protocol Version  Encryption           Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 102411  nobody       nogroup      192.168.1.10 
> (ipv4:192.168.1.10:47964)    SMB3_11           -                    -
> 187450  nobody       nogroup      192.168.1.100 
> (ipv4:192.168.1.100:43240)  SMB3_11           -                    -
> 
> Service      pid     Machine       Connected at                     
> Encryption   Signing
> ---------------------------------------------------------------------------------------------
> IPC$         102411  192.168.1.10  Fri Jan 17 18:53:13 2025 CET     -   
>          -
> IPC$         187450  192.168.1.100 Fri Jan 17 21:44:41 2025 CET     -   
>          -
> Carpetas Personales 102411  192.168.1.10  Fri Jan 17 18:53:13 2025 CET  
>    -            -
> descargas    187450  192.168.1.100 Fri Jan 17 21:44:41 2025 CET     -   
>          -
> 
> No locked files

Best Regards,

Carlos A. Balseiro

More information about the samba mailing list