Daniel Migowski
2018-Mar-06 09:42 UTC
[Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
Hello, guest logins are not allowed anymore in Windows 10 build 1709 by default. Due to company restrictions I am not allowed to reenable that in windows group controls. I now like to authorize all connections independent of the current user and password and just allow access so Windows thinks it has an authenticated connection and allows access. Is this somehow possible by using strange PAM configuration or by other dirty tricks without modifying the Samba source code? The server just provides readonly shares to everyone, so I don't care for any credentials anyway. Regards, Daniel Migowski
L.P.H. van Belle
2018-Mar-06 10:14 UTC
[Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
Hai, ... man smb.conf .... Have you tried that, that should work ;-) . There you should see something like this. [Global] map to guest = Bad Password [ashare] path = /home/public/share read only = yes guest ok = yes Look it up in the manual to see these settings explained, and dont forget to set the correct rights on the shared path. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Daniel Migowski via samba > Verzonden: dinsdag 6 maart 2018 10:43 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Autoaccept all authentications to mitigate > disabled guest logins in Windows 10 build 1709 > > Hello, > > guest logins are not allowed anymore in Windows 10 build 1709 > by default. Due to company restrictions I am not allowed to > reenable that in windows group controls. > > I now like to authorize all connections independent of the > current user and password and just allow access so Windows > thinks it has an authenticated connection and allows access. > Is this somehow possible by using strange PAM configuration > or by other dirty tricks without modifying the Samba source > code? The server just provides readonly shares to everyone, > so I don't care for any credentials anyway. > > Regards, > Daniel Migowski > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Rowland Penny
2018-Mar-06 10:22 UTC
[Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
On Tue, 6 Mar 2018 11:14:33 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > ... man smb.conf .... > Have you tried that, that should work ;-) . > > There you should see something like this. > > [Global] > map to guest = Bad Password > > [ashare] > path = /home/public/share > read only = yes > guest ok = yes > >I would suggest a standalone server. 'security = Bad User' and don't create any users on the standalone server. Rowland
Rowland Penny
2018-Mar-06 11:23 UTC
[Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
On Tue, 6 Mar 2018 10:28:03 +0000 Daniel Migowski <dmigowski at ikoffice.de> wrote:> "Security = User" ist already enabled. I assume you did mean that? > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von > Rowland Penny via samba Gesendet: Dienstag, 6. März 2018 11:22 > An: samba at lists.samba.org > Betreff: Re: [Samba] Autoaccept all authentications to mitigate > disabled guest logins in Windows 10 build 1709 > > On Tue, 6 Mar 2018 11:14:33 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > Hai, > > > > ... man smb.conf .... > > Have you tried that, that should work ;-) . > > > > There you should see something like this. > > > > [Global] > > map to guest = Bad Password > > > > [ashare] > > path = /home/public/share > > read only = yes > > guest ok = yes > > > > > > I would suggest a standalone server. 'security = Bad User' and don't > create any users on the standalone server. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaBIG OOPS ;-) Total brain fail there, I meant 'map to guest = Bad User' With this and no users, anybody will be able to connect to the shares. Rowland
Daniel Migowski
2018-Mar-07 02:33 UTC
[Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
Hai, Already tried the bad user option. Samba still answers the client that guest mode is to be used, but here is the problem. Windows 10 forbids guest mode now because of Security concerns! I need a way for Samba to accept the challenge response answer regardless of the user so Windows believes it was authenticated. Any hack no matter how dirty is greatly appreciated. Greetings, Daniel Migowski -----Ursprüngliche Nachricht----- Von: L.P.H. van Belle [mailto:belle at bazuin.nl] Gesendet: Dienstag, 6. März 2018 11:49 An: Daniel Migowski <dmigowski at ikoffice.de> Betreff: RE: [Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709 Hai, Best is to keep this on the list. But try as Rowland suggest also the option map to guest = Bad User Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Daniel Migowski [mailto:dmigowski at ikoffice.de] > Verzonden: dinsdag 6 maart 2018 11:26 > Aan: L.P.H. van Belle > Onderwerp: AW: [Samba] Autoaccept all authentications to mitigate > disabled guest logins in Windows 10 build 1709 > > Hallo, > > I tried that a few years ago, and that worked... until Microsoft > decided to disallow unencrypted guest access to Samba shares in build > 1709 a few weeks ago. > > Now I have to get around that because company guidelines of our > customers won't change the new default setting. > > Regards, > Daniel Migowski > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von > L.P.H. van Belle via samba > Gesendet: Dienstag, 6. März 2018 11:15 > An: samba at lists.samba.org > Betreff: Re: [Samba] Autoaccept all authentications to mitigate > disabled guest logins in Windows 10 build 1709 > > Hai, > > ... man smb.conf .... > Have you tried that, that should work ;-) . > > There you should see something like this. > > [Global] > map to guest = Bad Password > > [ashare] > path = /home/public/share > read only = yes > guest ok = yes > > > Look it up in the manual to see these settings explained, and dont > forget to set the correct rights on the shared path. > > > Greetz, > > Louis > > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Daniel > > Migowski via samba > > Verzonden: dinsdag 6 maart 2018 10:43 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] Autoaccept all authentications to > mitigate disabled > > guest logins in Windows 10 build 1709 > > > > Hello, > > > > guest logins are not allowed anymore in Windows 10 build 1709 by > > default. Due to company restrictions I am not allowed to > reenable that > > in windows group controls. > > > > I now like to authorize all connections independent of the current > > user and password and just allow access so Windows thinks it has an > > authenticated connection and allows access. > > Is this somehow possible by using strange PAM configuration or by > > other dirty tricks without modifying the Samba source code? > The server > > just provides readonly shares to everyone, so I don't care for any > > credentials anyway. > > > > Regards, > > Daniel Migowski > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Andrew Bartlett
2018-Mar-07 02:55 UTC
[Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
On Wed, 2018-03-07 at 02:33 +0000, Daniel Migowski via samba wrote:> Hai, > > Already tried the bad user option. Samba still answers the client > that guest mode is to be used, but here is the problem. Windows 10 > forbids guest mode now because of Security concerns! I need a way for > Samba to accept the challenge response answer regardless of the user > so Windows believes it was authenticated. Any hack no matter how > dirty is greatly appreciated.The issue is that the server must respond with a security hash involving the password the user used. Hacks can't fake up knowing what the user set. Sorry, Andrew Bartlett> Greetings, > Daniel Migowski > > -----Ursprüngliche Nachricht----- > Von: L.P.H. van Belle [mailto:belle at bazuin.nl] > Gesendet: Dienstag, 6. März 2018 11:49 > An: Daniel Migowski <dmigowski at ikoffice.de> > Betreff: RE: [Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709 > > Hai, > > Best is to keep this on the list. > But try as Rowland suggest also the option map to guest = Bad User > > > Greetz, > > Louis > > > -----Oorspronkelijk bericht----- > > Van: Daniel Migowski [mailto:dmigowski at ikoffice.de] > > Verzonden: dinsdag 6 maart 2018 11:26 > > Aan: L.P.H. van Belle > > Onderwerp: AW: [Samba] Autoaccept all authentications to mitigate > > disabled guest logins in Windows 10 build 1709 > > > > Hallo, > > > > I tried that a few years ago, and that worked... until Microsoft > > decided to disallow unencrypted guest access to Samba shares in build > > 1709 a few weeks ago. > > > > Now I have to get around that because company guidelines of our > > customers won't change the new default setting. > > > > Regards, > > Daniel Migowski > > > > -----Ursprüngliche Nachricht----- > > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von > > L.P.H. van Belle via samba > > Gesendet: Dienstag, 6. März 2018 11:15 > > An: samba at lists.samba.org > > Betreff: Re: [Samba] Autoaccept all authentications to mitigate > > disabled guest logins in Windows 10 build 1709 > > > > Hai, > > > > ... man smb.conf .... > > Have you tried that, that should work ;-) . > > > > There you should see something like this. > > > > [Global] > > map to guest = Bad Password > > > > [ashare] > > path = /home/public/share > > read only = yes > > guest ok = yes > > > > > > Look it up in the manual to see these settings explained, and dont > > forget to set the correct rights on the shared path. > > > > > > Greetz, > > > > Louis > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Daniel > > > Migowski via samba > > > Verzonden: dinsdag 6 maart 2018 10:43 > > > Aan: samba at lists.samba.org > > > Onderwerp: [Samba] Autoaccept all authentications to > > > > mitigate disabled > > > guest logins in Windows 10 build 1709 > > > > > > Hello, > > > > > > guest logins are not allowed anymore in Windows 10 build 1709 by > > > default. Due to company restrictions I am not allowed to > > > > reenable that > > > in windows group controls. > > > > > > I now like to authorize all connections independent of the current > > > user and password and just allow access so Windows thinks it has an > > > authenticated connection and allows access. > > > Is this somehow possible by using strange PAM configuration or by > > > other dirty tricks without modifying the Samba source code? > > > > The server > > > just provides readonly shares to everyone, so I don't care for any > > > credentials anyway. > > > > > > Regards, > > > Daniel Migowski > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > >-- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Possibly Parallel Threads
- Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
- Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
- Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
- Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709
- Windows 10 does not register dns in samba 4.3.4