[Samba] Different behavior when client uses "sec=none" and when provides bad user (mapped to guest)
Carlos Alberto Balseiro Mayi
balseiro at balseiro.org.es
Mon Jan 20 17:19:21 UTC 2025
After some additional testing, I have found that, whatever it is
happening here with the slightly different behavior between "sec=none"
and bad user, it is not the cause of the different behavior. The cause
is again the Kernel Oplocks configuration. To make it more clear I have
made the following table:
+------------------------+----------+----------+
| Kernel Oplocks | sec=none | bad user |
+------------------------+----------+----------+
| No | OK | OK |
| Yes (Share) | NO OK | NO OK |
| Yes (Global) | OK | OK |
| Yes (Global and Share) | NO OK | OK |
+------------------------+----------+----------+
Should I provide this information in bug 12783?
El 2025-01-18 12:40, Carlos Alberto Balseiro Mayi via samba escribió:
> Thanks a lot for your analysis. I just wanted to add that I think we
> are not using at all? The client is an embedded Linux/FPGA machine and
> it doesn't have mount.cifs . I think it is using
> https://wiki.samba.org/index.php/LinuxCIFSKernel . It comes default
> with kernel 5.15 but I tried with a 6.10 and same problem happens.
>
> Best Regards,
>
> Carlos A. Balseiro
>
> El 2025-01-18 11:32, Rowland Penny via samba escribió:
>
> On Sat, 18 Jan 2025 11:04:21 +0100
> Carlos Alberto Balseiro Mayi via samba <samba at lists.samba.org> wrote:
>
> mount -t cifs //192.168.1.4/descargas/MiSTer /media/fat/cifs -o
> username=badusertest
> When you run the above command (by the way, mount.cifs has nothing to
> do with Samba), the mount command sends the user 'badusertest' and as
> that user does not exist, Samba maps it the 'guest' user and allows
> access to the 'descargas' share because you have 'map to guest = Bad
> User' in global and 'guest ok = Yes' in the share.
>
> mount -t cifs //192.168.1.4/descargas/MiSTer /media/fat/cifs -o
> sec=none
> When you send 'sec=none', no username is sent, now I do not know what
> is doing it (it could be the mount program, Samba or something Truenas
> has added), but something is using the username 'nobody' and that name
> does exist and so it isn't getting mapped to the guest user (even
> though it is the 'guest' user) and is denied access.
>
> I do not know how long this has been going on (I personally have never
> used 'sec=none') and, if it is a bug, I have no idea what needs fixing,
> Samba, cifs-utils or Truenas.
>
> Rowland
More information about the samba
mailing list