[Samba] Guest account access with User mode security? - Samba

This is a discussion on [Samba] Guest account access with User mode security? - Samba ; Hi, I have a Samba server that I have just transitioned from Samba v2 to v3 and at the same time I have changed from share mode security to user mode security. I having problems allowing guest access to some ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [Samba] Guest account access with User mode security?

  1. [Samba] Guest account access with User mode security?

    Hi,

    I have a Samba server that I have just transitioned from Samba v2 to v3
    and at the same time I have changed from share mode security to user
    mode security.

    I having problems allowing guest access to some of my shares on the
    server. I have some shares (such as apps and cdrom etc) that I would
    like to allow anyone to access - even if they do not have an login
    account on the Samba server. This worked fine in share mode security but
    does not seem to work in user mode security.

    If a user (who does not have a login account on the Samba server) tries
    to map a guest share, the user gets presented with a login dialog asking
    for a password for the Guest account - how can I just allow access
    without the user being asked for a password?

    Here is my smb.conf including a guest only share for the cdrom.

    Any help gratefully received

    Regards

    Gary


    [global]

    workgroup = DFGSRV
    server string = dfgsrv Samba Server %v
    printcap name = /etc/printcap
    load printers = yes
    printing = cups
    cups options = raw
    log file = /var/log/samba/%m.log
    max log size = 200
    security = user
    password level = 8
    username level = 8
    socket options = SO_KEEPALIVE SO_BROADCAST TCP_NODELAY IPTOS_THROUGHPUT
    dns proxy = no
    log level = 9
    deadtime = 30
    oplocks = false
    level2 oplocks = false
    encrypt passwords = no
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    template shell = /bin/false
    winbind use default domain = no
    map to guest = Bad User


    [homes]
    comment = Home Directories
    browseable = yes
    writable = yes
    create mode = 0664
    directory mode = 0775

    [cdrom]
    path = /media/cdrom
    writeable = no
    browseable = yes
    guest ok = yes
    comment = dfgsrv CDROM Drive
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.If you have received this e-mail in error please notify the sender immediately and delete this e-mail from your system.Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Ricardo (save for reports and other documentation formally approved and signed for release to the intended recipient).Only Directors are authorised to enter into legally binding obligations on behalf of Ricardo. Ricardo may monitor outgoing and incoming e-mails and other telecommunications systems.
    By replying to this e-mail you give consent to such monitoring.The recipient should check e-mail and any attachments for the presence of viruses. Ricardo accepts no liability for any damage caused by any virus transmitted by this e-mail. "Ricardo" means Ricardo plc and its subsidiary companies.
    Ricardo plc is a public limited company registered in England with registered number 00222915.
    The registered office of Ricardo plc is Shoreham Technical Centre, Shoreham-by Sea, West Sussex, BN43 5FG.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Guest account access with User mode security?

    I'm getting that same problem since upgrading my Debian server from
    Sarge to Etch. I've got the "map to guest = bad user" thing in my
    config, but it's like it doesn't work now.
    In the end, since 99.9% of the access I needed was as guest anyway, I
    switched those shares over to share security. Of course that breaks
    having the ability to have separate RO/RW access for different people.

    Unfortunately no one on the list could help with the actual problem, and
    I haven't had much time to really try and fix it.
    I hope you can get a solution, because I really want to know too :-)

    TB

    Mansell, Gary wrote:
    > Hi,
    >
    > I have a Samba server that I have just transitioned from Samba v2 to v3
    > and at the same time I have changed from share mode security to user
    > mode security.
    >
    > I having problems allowing guest access to some of my shares on the
    > server. I have some shares (such as apps and cdrom etc) that I would
    > like to allow anyone to access - even if they do not have an login
    > account on the Samba server. This worked fine in share mode security but
    > does not seem to work in user mode security.
    >
    > If a user (who does not have a login account on the Samba server) tries
    > to map a guest share, the user gets presented with a login dialog asking
    > for a password for the Guest account - how can I just allow access
    > without the user being asked for a password?
    >
    > Here is my smb.conf including a guest only share for the cdrom.
    >
    > Any help gratefully received
    >
    > Regards
    >
    > Gary
    >
    >
    > [global]
    >
    > workgroup = DFGSRV
    > server string = dfgsrv Samba Server %v
    > printcap name = /etc/printcap
    > load printers = yes
    > printing = cups
    > cups options = raw
    > log file = /var/log/samba/%m.log
    > max log size = 200
    > security = user
    > password level = 8
    > username level = 8
    > socket options = SO_KEEPALIVE SO_BROADCAST TCP_NODELAY IPTOS_THROUGHPUT
    > dns proxy = no
    > log level = 9
    > deadtime = 30
    > oplocks = false
    > level2 oplocks = false
    > encrypt passwords = no
    > idmap uid = 16777216-33554431
    > idmap gid = 16777216-33554431
    > template shell = /bin/false
    > winbind use default domain = no
    > map to guest = Bad User
    >
    >
    > [homes]
    > comment = Home Directories
    > browseable = yes
    > writable = yes
    > create mode = 0664
    > directory mode = 0775
    >
    > [cdrom]
    > path = /media/cdrom
    > writeable = no
    > browseable = yes
    > guest ok = yes
    > comment = dfgsrv CDROM Drive
    > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    > This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.If you have received this e-mail in error please notify the sender immediately and delete this e-mail from your system.Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Ricardo (save for reports and other documentation formally approved and signed for release to the intended recipient).Only Directors are authorised to enter into legally binding obligations on behalf of Ricardo. Ricardo may monitor outgoing and incoming e-mails and other telecommunications systems.
    > By replying to this e-mail you give consent to such monitoring.The recipient should check e-mail and any attachments for the presence of viruses. Ricardo accepts no liability for any damage caused by any virus transmitted by this e-mail. "Ricardo" means Ricardo plc and its subsidiary companies.
    > Ricardo plc is a public limited company registered in England with registered number 00222915.
    > The registered office of Ricardo plc is Shoreham Technical Centre, Shoreham-by Sea, West Sussex, BN43 5FG.
    > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] Guest account access with User mode security?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Mansell, Gary wrote:

    > If a user (who does not have a login account on the
    > Samba server) tries to map a guest share, the user gets
    > presented with a login dialog asking for a password
    > for the Guest account - how can I just allow access
    > without the user being asked for a password?


    Gary, Please send me a level 10 debug log from smbd
    with the failed login and failed guest access.
    Thanks.




    cheers, jerry
    ================================================== ===================
    Samba ------- http://www.samba.org
    Centeris ----------- http://www.centeris.com
    "What man is a man who does not make the world better?" --Balian
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFGZ/jlIR7qMdg1EfYRAulhAJ40LsFB8YRKrTtAUtpQEa/Td1xnDACfToPB
    HGWbpxOjOrgJ9NhST8C9bkg=
    =1Waw
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] Guest account access with User mode security?

    Hi,

    I have finally had time to put up the test server and perform the
    actions that you asked for with logging set to 10.

    I would expect that a Windows machine should be able to access a public
    share on the Samba server without the clear text password hack being
    applied (it always worked fine with Samba 2.x and share mode security)
    so the tar file No-Encrypted_PWD.tar has the logs for this instance.
    >From the client machine I tried to map the share \\172.30.50.247\nt

    (which is public) and the error that I got back on the laptop was the
    one that you would get to indicate that you need to apply the encrypted
    password hack to the machine. This should not happen, the machine should
    be able to map the drive without the encrypted password hack or
    supplying a username/password.

    For completeness, I then installed the encrypted password hack on the
    Windows client and performed the same connection with a fresh set of
    logfiles. This time it came straight back with a password dialog box
    (wrong behaviour) so I entered in guest as the username with no password
    and it came back with the password dialog box again

    It seems that others on the Internet have mentioned that guest access
    does not work for user mode authentications so it seems not to be just
    me although it surprises me that such a fundamental feature seems to be
    flawed???

    Any advice that you can offer would be gladly received.

    Regards

    Gary Mansell





    On Thu, 2007-06-07 at 07:24 -0500, Gerald (Jerry) Carter wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Mansell, Gary wrote:
    >
    > > If a user (who does not have a login account on the
    > > Samba server) tries to map a guest share, the user gets
    > > presented with a login dialog asking for a password
    > > for the Guest account - how can I just allow access
    > > without the user being asked for a password?

    >
    > Gary, Please send me a level 10 debug log from smbd
    > with the failed login and failed guest access.
    > Thanks.
    >
    >
    >
    >
    > cheers, jerry
    > ================================================== ===================
    > Samba ------- http://www.samba.org
    > Centeris ----------- http://www.centeris.com
    > "What man is a man who does not make the world better?" --Balian
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.6 (GNU/Linux)
    > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    >
    > iD8DBQFGZ/jlIR7qMdg1EfYRAulhAJ40LsFB8YRKrTtAUtpQEa/Td1xnDACfToPB
    > HGWbpxOjOrgJ9NhST8C9bkg=
    > =1Waw
    > -----END PGP SIGNATURE-----

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.If you have received this e-mail in error please notify the sender immediately and delete this e-mail from your system.Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Ricardo (save for reports and other documentation formally approved and signed for release to the intended recipient).Only Directors are authorised to enter into legally binding obligations on behalf of Ricardo. Ricardo may monitor outgoing and incoming e-mails and other telecommunications systems.
    By replying to this e-mail you give consent to such monitoring.The recipient should check e-mail and any attachments for the presence of viruses. Ricardo accepts no liability for any damage caused by any virus transmitted by this e-mail. "Ricardo" means Ricardo plc and its subsidiary companies.
    Ricardo plc is a public limited company registered in England with registered number 00222915.
    The registered office of Ricardo plc is Shoreham Technical Centre, Shoreham-by Sea, West Sussex, BN43 5FG.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread