Hello,
I'm having a problem with guest access. Either I'm misunderstanding how
the authentication process works, or this is a bug in Samba. I wonder if
somebody would be able to tell me which is the case.
The problem concerns guest access to a share. As I understand the
authentication process (as explained in the smb.conf man page), if a user
doesn't supply a correct password and a service is marked "guest
ok", the
user should be granted access to the service as the guest user
I also understand that this should work regardless of whether or not
security = share, user, or server. However, in practice this does not seem
to be the case. In my experience, guest access is only properly granted in
when security = share. Here's an example that isolates the problem:
First, I use this minimal smb.conf file:
[global]
security = share
[tmp]
path = /tmp
guest ok = yes
read only = yes
smbclient allows me to connect to the share w/o a password:
(/usr/local/samba/lib)$ smbclient '\\FRODO\tmp' -N
Added interface ip=138.26.25.10 bcast=138.26.255.255 nmask=255.255.0.0
Server time is Sun Oct 19 23:41:33 1997
Timezone is UTC-5.0
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.17p2]
smb: \>
Next, I change security to user:
[global]
security = user
[tmp]
path = /tmp
guest ok = yes
read only = yes
This time smbclient asks me for a password. I enter a bad password, which
I think should have the effect of granting me guest access. It doesn't.
(/usr/local/samba/lib)$ smbclient '\\FRODO\tmp' -N
Added interface ip=138.26.25.10 bcast=138.26.255.255 nmask=255.255.0.0
Server time is Sun Oct 19 23:42:37 1997
Timezone is UTC-5.0
Password: <badpasswd>
Session setup failed for username=JDBLAIR myname=FRODO destname=FRODO
ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or
Session Setup are invalid.)
You might find the -U, -W or -n options useful
Sometimes you have to use `-n USERNAME' (particularly with OS/2)
Some servers also insist on uppercase-only passwords
So... what am I missing? Have I misunderstood the authentication process?
thanks in advance for any help,
-john.
......................................................................
. .
.....John.D.Blair... mailto:jdblair@uab.edu phoneto:205.975.7123 .
. http://frodo.tucc.uab.edu faxto:205.975.7129 .
..sys|net.admin.... .
. the university computer center .....
..... g.e.e.k.n.i.k...the.university.of.alabama.at.birmingham....
On Mon, 20 Oct 1997, John Blair wrote:> Hello, > > I'm having a problem with guest access. Either I'm misunderstanding how > the authentication process works, or this is a bug in Samba. I wonder if > somebody would be able to tell me which is the case. > > The problem concerns guest access to a share. As I understand the > authentication process (as explained in the smb.conf man page), if a user > doesn't supply a correct password and a service is marked "guest ok", the > user should be granted access to the service as the guest user > > I also understand that this should work regardless of whether or not > security = share, user, or server. However, in practice this does not seem > to be the case. In my experience, guest access is only properly granted in > when security = share. Here's an example that isolates the problem: > > First, I use this minimal smb.conf file: > > [global] > security = share > > [tmp] > path = /tmp > guest ok = yes > read only = yes > > smbclient allows me to connect to the share w/o a password: > > (/usr/local/samba/lib)$ smbclient '\\FRODO\tmp' -N > Added interface ip=138.26.25.10 bcast=138.26.255.255 nmask=255.255.0.0 > Server time is Sun Oct 19 23:41:33 1997 > Timezone is UTC-5.0 > Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.17p2] > smb: \> > > Next, I change security to user: > > [global] > security = user > > [tmp] > path = /tmp > guest ok = yes > read only = yes > > This time smbclient asks me for a password. I enter a bad password, which > I think should have the effect of granting me guest access.i believe that the GUESTSESSSETUP=1 compile-time option allows you to do: smbclient '\\FRODO\tmp' -U% which specifies a _null_ username and password. but then again, i hate the concept of allowing guest access, even with a null username and password, _even_ for browsing. so i'm not a good person to ask an opinion of on guest access. luke