[Samba] guest not permitted to access share - Samba

This is a discussion on [Samba] guest not permitted to access share - Samba ; Hi! I have got the problem with my guest account. I can`t access to the share. The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP Version of krb5 is 1.5-29 This is my smb.conf: [global] # server string is the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] guest not permitted to access share

  1. [Samba] guest not permitted to access share

    Hi!

    I have got the problem with my guest account. I can`t access to the share.


    The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP
    Version of krb5 is 1.5-29

    This is my smb.conf:

    [global]
    # server string is the equivalent of the NT Description field
    netbios name = SERVER

    # workgroup = NT-Domain-Name or Workgroup-Name
    workgroup = DOMAIN
    realm = DOMAIN.NET
    security = ADS
    password server = server.domain.net
    winbind separator = +
    allow trusted domains = No
    # auth methods = guest sam winbind
    idmap backend = idmap_rid:INFORNET=1000-65000
    idmap uid = 1000-65000
    idmap gid = 1000-65000
    template shell = /bin/bash
    # template homedir = /home/ad/%D/%U
    winbind use default domain = Yes
    winbind enum users = No
    winbind enum groups = No
    winbind nested groups = Yes
    #client use spnego = no
    #server signing = auto
    # this tells Samba to use a separate log file for each machine
    # that connects
    log file = /var/log/samba/%I.log
    log level = 3
    # Put a capping on the size of the log files (in Kb).
    max log size = 500
    smb ports = 139
    guest account = guest
    encrypt passwords = yes
    username map = /etc/samba/smbusers
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    dns proxy = no

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    create mask = 664
    directory mask = 0775


    [source1]
    path = /home/source1
    public = yes
    valid users = @DOMAIN+group1
    read list = @DOMAIN+group1
    write list = @DOMAIN+group1
    force group = group1
    writable = yes
    printable = no
    browseable = yes
    create mask = 0665
    # valid users = @group1
    force directory mode = 0775
    guest ok = yes
    # hosts deny = 192.168.6.194



    Logs for Samba says:
    [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357)
    using SPNEGO
    [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580)
    Selected protocol NT LM 0.12
    [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    Transaction 2 of length 256
    [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    switch message SMBsesssetupX (pid 12283) conn 0x0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
    wct=12 flg2=0xc807
    [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
    setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
    all old resources.
    [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
    Doing spnego session setup
    [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
    NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
    NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
    [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
    Got OID 1 3 6 1 4 1 311 2 2 10
    [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
    Got secblob of size 40
    [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
    Got NTLMSSP neg_flags=0xe2088297
    [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    Transaction 3 of length 366
    [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    switch message SMBsesssetupX (pid 12283) conn 0x0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
    wct=12 flg2=0xc807
    [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
    setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
    all old resources.
    [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
    Doing spnego session setup
    [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
    NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
    NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
    [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
    Got user=[guest] domain=[DOMAIN] workstation=[1-123] len1=24 len2=24
    [2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155)
    Mapped user guest to nobody
    [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221)
    check_ntlm_password: Checking password for unmapped user
    [DOMAIN]\[guest]@[1-123] with the new password interface
    [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224)
    check_ntlm_password: mapped user is: [DOMAIN]\[nobody]@[1-123]
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
    fetch gid from cache 1514 -> S-1-5-21-1185377677-3652869139-2531771690-514
    [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(270)
    check_ntlm_password: winbind authentication for user [guest] succeeded
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 2] auth/auth.c:check_ntlm_password(309)
    check_ntlm_password: authentication for user [guest] -> [nobody] ->
    [DOMAIN+guest] succeeded
    [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:store_gid_sid_cache(1059)
    store_gid_sid_cache: gid 1513 in cache ->
    S-1-5-21-1185377677-3652869139-2531771690-513
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    [2007/09/26 08:01:48, 3] groupdb/mapping.cdb_create_builtin_alias(1364)
    pdb_create_builtin_alias: Could not get a gid out of winbind
    [2007/09/26 08:01:48, 0]
    auth/auth_util.c:create_builtin_administrators(785)
    create_builtin_administrators: Failed to create Administrators
    [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(899)
    create_local_nt_token: Failed to create BUILTIN\Administrators group!
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    [2007/09/26 08:01:48, 3] groupdb/mapping.cdb_create_builtin_alias(1364)
    pdb_create_builtin_alias: Could not get a gid out of winbind
    [2007/09/26 08:01:48, 0] auth/auth_util.c:create_builtin_users(751)
    create_builtin_users: Failed to create Users
    [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(926)
    create_local_nt_token: Failed to create BUILTIN\Users group!
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    get_privileges: No privileges assigned to SID
    [S-1-5-21-1185377677-3652869139-2531771690-501]
    [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    get_privileges: No privileges assigned to SID
    [S-1-5-21-1185377677-3652869139-2531771690-513]
    [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    get_privileges: No privileges assigned to SID [S-1-5-2]
    [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    get_privileges: No privileges assigned to SID [S-1-5-11]
    [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
    fetch gid from cache 1513 -> S-1-5-21-1185377677-3652869139-2531771690-513
    [2007/09/26 08:01:48, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
    NTLMSSP Sign/Seal - Initialising with flags:
    [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
    Got NTLMSSP neg_flags=0xe2088215
    [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(280)
    User name: DOMAIN+guest Real name:
    [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(301)
    UNIX uid 1501 is UNIX user DOMAIN+guest, and will be vuid 101
    [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(332)
    Adding homes service for user 'DOMAIN+guest' using home directory:
    '/home/DOMAIN/guest'
    [2007/09/26 08:01:48, 3] param/loadparm.c:lp_add_home(2588)
    adding home's share [guest] for user 'DOMAIN+guest' at
    '/home/DOMAIN/guest'
    [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    Transaction 4 of length 100
    [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    switch message SMBtconX (pid 12283) conn 0x0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] lib/util_sid.c:string_to_sid(223)
    string_to_sid: Sid @DOMAIN+hs does not start with 'S-'.
    [2007/09/26 08:01:48, 2] smbd/service.c:make_connection_snum(580)
    user 'DOMAIN+guest' (from session setup) not permitted to access this
    share (service)
    [2007/09/26 08:01:48, 3] smbd/error.c:error_packet(146)
    error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
    NT_STATUS_ACCESS_DENIED
    [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    Transaction 5 of length 43
    [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    switch message SMBulogoffX (pid 12283) conn 0x0
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/reply.c:reply_ulogoffX(1618)
    ulogoffX vuid=101
    [2007/09/26 08:01:48, 3] smbd/process.c:timeout_processing(1359)
    timeout_processing: End of file from client (client has disconnected).
    [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2007/09/26 08:01:48, 3] smbd/connection.c:yield_connection(69)
    Yielding connection to
    [2007/09/26 08:01:48, 3] smbd/server.c:exit_server_common(675)
    Server exit (normal exit)


    Regards
    Jacek Kowalski
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] guest not permitted to access share

    try changing
    guest account = guest
    to
    guest account = nobody

    Lukasz

    On 9/26/07, Jacek Kowalski wrote:
    > Hi!
    >
    > I have got the problem with my guest account. I can`t access to the share.
    >
    >
    > The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP
    > Version of krb5 is 1.5-29
    >
    > This is my smb.conf:
    >
    > [global]
    > # server string is the equivalent of the NT Description field
    > netbios name = SERVER
    >
    > # workgroup = NT-Domain-Name or Workgroup-Name
    > workgroup = DOMAIN
    > realm = DOMAIN.NET
    > security = ADS
    > password server = server.domain.net
    > winbind separator = +
    > allow trusted domains = No
    > # auth methods = guest sam winbind
    > idmap backend = idmap_rid:INFORNET=1000-65000
    > idmap uid = 1000-65000
    > idmap gid = 1000-65000
    > template shell = /bin/bash
    > # template homedir = /home/ad/%D/%U
    > winbind use default domain = Yes
    > winbind enum users = No
    > winbind enum groups = No
    > winbind nested groups = Yes
    > #client use spnego = no
    > #server signing = auto
    > # this tells Samba to use a separate log file for each machine
    > # that connects
    > log file = /var/log/samba/%I.log
    > log level = 3
    > # Put a capping on the size of the log files (in Kb).
    > max log size = 500
    > smb ports = 139
    > guest account = guest
    > encrypt passwords = yes
    > username map = /etc/samba/smbusers
    > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    > dns proxy = no
    >
    > [homes]
    > comment = Home Directories
    > browseable = no
    > writable = yes
    > create mask = 664
    > directory mask = 0775
    >
    >
    > [source1]
    > path = /home/source1
    > public = yes
    > valid users = @DOMAIN+group1
    > read list = @DOMAIN+group1
    > write list = @DOMAIN+group1
    > force group = group1
    > writable = yes
    > printable = no
    > browseable = yes
    > create mask = 0665
    > # valid users = @group1
    > force directory mode = 0775
    > guest ok = yes
    > # hosts deny = 192.168.6.194
    >
    >
    >
    > Logs for Samba says:
    > [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357)
    > using SPNEGO
    > [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580)
    > Selected protocol NT LM 0.12
    > [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    > Transaction 2 of length 256
    > [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    > switch message SMBsesssetupX (pid 12283) conn 0x0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
    > wct=12 flg2=0xc807
    > [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
    > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
    > all old resources.
    > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
    > Doing spnego session setup
    > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
    > NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
    > NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
    > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
    > Got OID 1 3 6 1 4 1 311 2 2 10
    > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
    > Got secblob of size 40
    > [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
    > Got NTLMSSP neg_flags=0xe2088297
    > [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    > Transaction 3 of length 366
    > [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    > switch message SMBsesssetupX (pid 12283) conn 0x0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
    > wct=12 flg2=0xc807
    > [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
    > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
    > all old resources.
    > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
    > Doing spnego session setup
    > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
    > NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
    > NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
    > [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
    > Got user=[guest] domain=[DOMAIN] workstation=[1-123] len1=24 len2=24
    > [2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155)
    > Mapped user guest to nobody
    > [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221)
    > check_ntlm_password: Checking password for unmapped user
    > [DOMAIN]\[guest]@[1-123] with the new password interface
    > [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224)
    > check_ntlm_password: mapped user is: [DOMAIN]\[nobody]@[1-123]
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    > [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    > push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
    > fetch gid from cache 1514 -> S-1-5-21-1185377677-3652869139-2531771690-514
    > [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(270)
    > check_ntlm_password: winbind authentication for user [guest] succeeded
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    > [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    > push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 2] auth/auth.c:check_ntlm_password(309)
    > check_ntlm_password: authentication for user [guest] -> [nobody] ->
    > [DOMAIN+guest] succeeded
    > [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:store_gid_sid_cache(1059)
    > store_gid_sid_cache: gid 1513 in cache ->
    > S-1-5-21-1185377677-3652869139-2531771690-513
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    > [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    > push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    > [2007/09/26 08:01:48, 3] groupdb/mapping.cdb_create_builtin_alias(1364)
    > pdb_create_builtin_alias: Could not get a gid out of winbind
    > [2007/09/26 08:01:48, 0]
    > auth/auth_util.c:create_builtin_administrators(785)
    > create_builtin_administrators: Failed to create Administrators
    > [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(899)
    > create_local_nt_token: Failed to create BUILTIN\Administrators group!
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    > [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    > push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    > [2007/09/26 08:01:48, 3] groupdb/mapping.cdb_create_builtin_alias(1364)
    > pdb_create_builtin_alias: Could not get a gid out of winbind
    > [2007/09/26 08:01:48, 0] auth/auth_util.c:create_builtin_users(751)
    > create_builtin_users: Failed to create Users
    > [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(926)
    > create_local_nt_token: Failed to create BUILTIN\Users group!
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    > get_privileges: No privileges assigned to SID
    > [S-1-5-21-1185377677-3652869139-2531771690-501]
    > [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    > get_privileges: No privileges assigned to SID
    > [S-1-5-21-1185377677-3652869139-2531771690-513]
    > [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    > get_privileges: No privileges assigned to SID [S-1-5-2]
    > [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    > get_privileges: No privileges assigned to SID [S-1-5-11]
    > [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
    > fetch gid from cache 1513 -> S-1-5-21-1185377677-3652869139-2531771690-513
    > [2007/09/26 08:01:48, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
    > NTLMSSP Sign/Seal - Initialising with flags:
    > [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
    > Got NTLMSSP neg_flags=0xe2088215
    > [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(280)
    > User name: DOMAIN+guest Real name:
    > [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(301)
    > UNIX uid 1501 is UNIX user DOMAIN+guest, and will be vuid 101
    > [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(332)
    > Adding homes service for user 'DOMAIN+guest' using home directory:
    > '/home/DOMAIN/guest'
    > [2007/09/26 08:01:48, 3] param/loadparm.c:lp_add_home(2588)
    > adding home's share [guest] for user 'DOMAIN+guest' at
    > '/home/DOMAIN/guest'
    > [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    > Transaction 4 of length 100
    > [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    > switch message SMBtconX (pid 12283) conn 0x0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] lib/util_sid.c:string_to_sid(223)
    > string_to_sid: Sid @DOMAIN+hs does not start with 'S-'.
    > [2007/09/26 08:01:48, 2] smbd/service.c:make_connection_snum(580)
    > user 'DOMAIN+guest' (from session setup) not permitted to access this
    > share (service)
    > [2007/09/26 08:01:48, 3] smbd/error.c:error_packet(146)
    > error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
    > NT_STATUS_ACCESS_DENIED
    > [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    > Transaction 5 of length 43
    > [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    > switch message SMBulogoffX (pid 12283) conn 0x0
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/reply.c:reply_ulogoffX(1618)
    > ulogoffX vuid=101
    > [2007/09/26 08:01:48, 3] smbd/process.c:timeout_processing(1359)
    > timeout_processing: End of file from client (client has disconnected).
    > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    > [2007/09/26 08:01:48, 3] smbd/connection.c:yield_connection(69)
    > Yielding connection to
    > [2007/09/26 08:01:48, 3] smbd/server.c:exit_server_common(675)
    > Server exit (normal exit)
    >
    >
    > Regards
    > Jacek Kowalski
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba
    >



    --
    --
    http://lucasmanual.com/mywiki/SambaDomainController
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] guest not permitted to access share

    I have already done it before and nothig This same error.

    Jacek


    Lukasz Szybalski napisaƂ(a):
    > try changing
    > guest account = guest
    > to
    > guest account = nobody
    >
    > Lukasz
    >
    > On 9/26/07, Jacek Kowalski wrote:
    >
    >> Hi!
    >>
    >> I have got the problem with my guest account. I can`t access to the share.
    >>
    >>
    >> The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP
    >> Version of krb5 is 1.5-29
    >>
    >> This is my smb.conf:
    >>
    >> [global]
    >> # server string is the equivalent of the NT Description field
    >> netbios name = SERVER
    >>
    >> # workgroup = NT-Domain-Name or Workgroup-Name
    >> workgroup = DOMAIN
    >> realm = DOMAIN.NET
    >> security = ADS
    >> password server = server.domain.net
    >> winbind separator = +
    >> allow trusted domains = No
    >> # auth methods = guest sam winbind
    >> idmap backend = idmap_rid:INFORNET=1000-65000
    >> idmap uid = 1000-65000
    >> idmap gid = 1000-65000
    >> template shell = /bin/bash
    >> # template homedir = /home/ad/%D/%U
    >> winbind use default domain = Yes
    >> winbind enum users = No
    >> winbind enum groups = No
    >> winbind nested groups = Yes
    >> #client use spnego = no
    >> #server signing = auto
    >> # this tells Samba to use a separate log file for each machine
    >> # that connects
    >> log file = /var/log/samba/%I.log
    >> log level = 3
    >> # Put a capping on the size of the log files (in Kb).
    >> max log size = 500
    >> smb ports = 139
    >> guest account = guest
    >> encrypt passwords = yes
    >> username map = /etc/samba/smbusers
    >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    >> dns proxy = no
    >>
    >> [homes]
    >> comment = Home Directories
    >> browseable = no
    >> writable = yes
    >> create mask = 664
    >> directory mask = 0775
    >>
    >>
    >> [source1]
    >> path = /home/source1
    >> public = yes
    >> valid users = @DOMAIN+group1
    >> read list = @DOMAIN+group1
    >> write list = @DOMAIN+group1
    >> force group = group1
    >> writable = yes
    >> printable = no
    >> browseable = yes
    >> create mask = 0665
    >> # valid users = @group1
    >> force directory mode = 0775
    >> guest ok = yes
    >> # hosts deny = 192.168.6.194
    >>
    >>
    >>
    >> Logs for Samba says:
    >> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357)
    >> using SPNEGO
    >> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580)
    >> Selected protocol NT LM 0.12
    >> [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    >> Transaction 2 of length 256
    >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    >> switch message SMBsesssetupX (pid 12283) conn 0x0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
    >> wct=12 flg2=0xc807
    >> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
    >> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
    >> all old resources.
    >> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
    >> Doing spnego session setup
    >> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
    >> NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
    >> NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
    >> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
    >> Got OID 1 3 6 1 4 1 311 2 2 10
    >> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
    >> Got secblob of size 40
    >> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
    >> Got NTLMSSP neg_flags=0xe2088297
    >> [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    >> Transaction 3 of length 366
    >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    >> switch message SMBsesssetupX (pid 12283) conn 0x0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
    >> wct=12 flg2=0xc807
    >> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
    >> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
    >> all old resources.
    >> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
    >> Doing spnego session setup
    >> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
    >> NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
    >> NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
    >> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
    >> Got user=[guest] domain=[DOMAIN] workstation=[1-123] len1=24 len2=24
    >> [2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155)
    >> Mapped user guest to nobody
    >> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221)
    >> check_ntlm_password: Checking password for unmapped user
    >> [DOMAIN]\[guest]@[1-123] with the new password interface
    >> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224)
    >> check_ntlm_password: mapped user is: [DOMAIN]\[nobody]@[1-123]
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    >> [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
    >> fetch gid from cache 1514 -> S-1-5-21-1185377677-3652869139-2531771690-514
    >> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(270)
    >> check_ntlm_password: winbind authentication for user [guest] succeeded
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    >> [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 2] auth/auth.c:check_ntlm_password(309)
    >> check_ntlm_password: authentication for user [guest] -> [nobody] ->
    >> [DOMAIN+guest] succeeded
    >> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:store_gid_sid_cache(1059)
    >> store_gid_sid_cache: gid 1513 in cache ->
    >> S-1-5-21-1185377677-3652869139-2531771690-513
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    >> [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    >> [2007/09/26 08:01:48, 3] groupdb/mapping.cdb_create_builtin_alias(1364)
    >> pdb_create_builtin_alias: Could not get a gid out of winbind
    >> [2007/09/26 08:01:48, 0]
    >> auth/auth_util.c:create_builtin_administrators(785)
    >> create_builtin_administrators: Failed to create Administrators
    >> [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(899)
    >> create_local_nt_token: Failed to create BUILTIN\Administrators group!
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.cush_sec_ctx(208)
    >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    >> [2007/09/26 08:01:48, 3] smbd/uid.cush_conn_ctx(345)
    >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    >> [2007/09/26 08:01:48, 3] groupdb/mapping.cdb_create_builtin_alias(1364)
    >> pdb_create_builtin_alias: Could not get a gid out of winbind
    >> [2007/09/26 08:01:48, 0] auth/auth_util.c:create_builtin_users(751)
    >> create_builtin_users: Failed to create Users
    >> [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(926)
    >> create_local_nt_token: Failed to create BUILTIN\Users group!
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.cop_sec_ctx(339)
    >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    >> get_privileges: No privileges assigned to SID
    >> [S-1-5-21-1185377677-3652869139-2531771690-501]
    >> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    >> get_privileges: No privileges assigned to SID
    >> [S-1-5-21-1185377677-3652869139-2531771690-513]
    >> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    >> get_privileges: No privileges assigned to SID [S-1-5-2]
    >> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
    >> get_privileges: No privileges assigned to SID [S-1-5-11]
    >> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
    >> fetch gid from cache 1513 -> S-1-5-21-1185377677-3652869139-2531771690-513
    >> [2007/09/26 08:01:48, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
    >> NTLMSSP Sign/Seal - Initialising with flags:
    >> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
    >> Got NTLMSSP neg_flags=0xe2088215
    >> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(280)
    >> User name: DOMAIN+guest Real name:
    >> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(301)
    >> UNIX uid 1501 is UNIX user DOMAIN+guest, and will be vuid 101
    >> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(332)
    >> Adding homes service for user 'DOMAIN+guest' using home directory:
    >> '/home/DOMAIN/guest'
    >> [2007/09/26 08:01:48, 3] param/loadparm.c:lp_add_home(2588)
    >> adding home's share [guest] for user 'DOMAIN+guest' at
    >> '/home/DOMAIN/guest'
    >> [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    >> Transaction 4 of length 100
    >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    >> switch message SMBtconX (pid 12283) conn 0x0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] lib/util_sid.c:string_to_sid(223)
    >> string_to_sid: Sid @DOMAIN+hs does not start with 'S-'.
    >> [2007/09/26 08:01:48, 2] smbd/service.c:make_connection_snum(580)
    >> user 'DOMAIN+guest' (from session setup) not permitted to access this
    >> share (service)
    >> [2007/09/26 08:01:48, 3] smbd/error.c:error_packet(146)
    >> error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
    >> NT_STATUS_ACCESS_DENIED
    >> [2007/09/26 08:01:48, 3] smbd/process.crocess_smb(1110)
    >> Transaction 5 of length 43
    >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
    >> switch message SMBulogoffX (pid 12283) conn 0x0
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/reply.c:reply_ulogoffX(1618)
    >> ulogoffX vuid=101
    >> [2007/09/26 08:01:48, 3] smbd/process.c:timeout_processing(1359)
    >> timeout_processing: End of file from client (client has disconnected).
    >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
    >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >> [2007/09/26 08:01:48, 3] smbd/connection.c:yield_connection(69)
    >> Yielding connection to
    >> [2007/09/26 08:01:48, 3] smbd/server.c:exit_server_common(675)
    >> Server exit (normal exit)
    >>
    >>
    >> Regards
    >> Jacek Kowalski
    >> --
    >> To unsubscribe from this list go to the following URL and read the
    >> instructions: https://lists.samba.org/mailman/listinfo/samba
    >>
    >>

    >
    >
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread