[Samba] Different behavior when client uses "sec=none" and when provides bad user (mapped to guest)

Carlos Alberto Balseiro Mayi balseiro at balseiro.org.es
Mon Jan 20 17:19:21 UTC 2025



After some additional testing, I have found that, whatever it is 
happening here with the slightly different behavior between "sec=none" 
and bad user, it is  not the cause of the different behavior. The cause 
is again the Kernel Oplocks configuration. To make it more clear I have 
made the following table:

+------------------------+----------+----------+
|     Kernel Oplocks     | sec=none | bad user |
+------------------------+----------+----------+
| No                     | OK       | OK       |
| Yes (Share)            | NO OK    | NO OK    |
| Yes (Global)           | OK       | OK       |
| Yes (Global and Share) | NO OK    | OK       |
+------------------------+----------+----------+

Should I provide this information in bug 12783?

El 2025-01-18 12:40, Carlos Alberto Balseiro Mayi via samba escribió:

> Thanks a lot for your analysis. I just wanted to add that I think we 
> are not using at all? The client is an embedded Linux/FPGA machine and 
> it doesn't have mount.cifs . I think it is using 
> https://wiki.samba.org/index.php/LinuxCIFSKernel . It comes default 
> with kernel 5.15 but I tried with a 6.10 and same problem happens.
> 
> Best Regards,
> 
> Carlos A. Balseiro
> 
> El 2025-01-18 11:32, Rowland Penny via samba escribió:
> 
> On Sat, 18 Jan 2025 11:04:21 +0100
> Carlos Alberto Balseiro Mayi via samba <samba at lists.samba.org> wrote:
> 
> mount -t cifs //192.168.1.4/descargas/MiSTer /media/fat/cifs -o
> username=badusertest
> When you run the above command (by the way, mount.cifs has nothing to
> do with Samba), the mount command sends the user 'badusertest' and as
> that user does not exist, Samba maps it the 'guest' user and allows
> access to the 'descargas' share because you have 'map to guest = Bad
> User' in global and 'guest ok = Yes' in the share.
> 
> mount -t cifs //192.168.1.4/descargas/MiSTer /media/fat/cifs -o
> sec=none
> When you send 'sec=none', no username is sent, now I do not know what
> is doing it (it could be the mount program, Samba or something Truenas
> has added), but something is using the username 'nobody' and that name
> does exist and so it isn't getting mapped to the guest user (even
> though it is the 'guest' user) and is denied access.
> 
> I do not know how long this has been going on (I personally have never
> used 'sec=none') and, if it is a bug, I have no idea what needs fixing,
> Samba, cifs-utils or Truenas.
> 
> Rowland


More information about the samba mailing list