samba - Sep 2007 - guest not permitted to access share

Hi!

I have got the problem with my guest account. I can`t access to the share.


The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP
Version of krb5 is 1.5-29

This is my smb.conf:

[global]
# server string is the equivalent of the NT Description field
  netbios name = SERVER

# workgroup = NT-Domain-Name or Workgroup-Name
  workgroup = DOMAIN
  realm = DOMAIN.NET
  security = ADS
  password server = server.domain.net
  winbind separator = +
  allow trusted domains = No
#        auth methods = guest sam winbind
  idmap backend = idmap_rid:INFORNET=1000-65000
  idmap uid = 1000-65000
  idmap gid = 1000-65000
  template shell = /bin/bash
#   template homedir = /home/ad/%D/%U
  winbind use default domain = Yes
  winbind enum users = No
  winbind enum groups = No
  winbind nested groups = Yes
  #client use spnego = no
        #server signing = auto
# this tells Samba to use a separate log file for each machine
# that connects
  log file = /var/log/samba/%I.log
        log level = 3
# Put a capping on the size of the log files (in Kb).
  max log size = 500
  smb ports = 139
guest account = guest
encrypt passwords = yes
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no

[homes]
  comment = Home Directories
  browseable = no
  writable = yes
  create mask = 664
  directory mask = 0775


[source1]
  path = /home/source1
  public = yes
  valid users = @DOMAIN+group1
  read list = @DOMAIN+group1
  write list = @DOMAIN+group1
  force group = group1
  writable = yes
  printable = no
  browseable = yes
  create mask = 0665
#   valid users = @group1
  force directory mode = 0775
  guest ok = yes
#   hosts deny = 192.168.6.194



Logs for Samba says:
[2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357)
 using SPNEGO
[2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580)
 Selected protocol NT LM 0.12
[2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
 Transaction 2 of length 256
[2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
 switch message SMBsesssetupX (pid 12283) conn 0x0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
 wct=12 flg2=0xc807
[2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
 Doing spnego session setup
[2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
 NativeOS=[Windows 2002 Dodatek Service Pack 2 2600] 
NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
[2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
 Got OID 1 3 6 1 4 1 311 2 2 10
[2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
 Got secblob of size 40
[2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
 Got NTLMSSP neg_flags=0xe2088297
[2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
 Transaction 3 of length 366
[2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
 switch message SMBsesssetupX (pid 12283) conn 0x0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
 wct=12 flg2=0xc807
[2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
 Doing spnego session setup
[2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
 NativeOS=[Windows 2002 Dodatek Service Pack 2 2600] 
NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
[2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
 Got user=[guest] domain=[DOMAIN] workstation=[1-123] len1=24 len2=24
[2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155)
 Mapped user guest to nobody
[2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221)
 check_ntlm_password:  Checking password for unmapped user 
[DOMAIN]\[guest]@[1-123] with the new password interface
[2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224)
 check_ntlm_password:  mapped user is: [DOMAIN]\[nobody]@[1-123]
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
 fetch gid from cache 1514 -> S-1-5-21-1185377677-3652869139-2531771690-514
[2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(270)
 check_ntlm_password: winbind authentication for user [guest] succeeded
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 2] auth/auth.c:check_ntlm_password(309)
 check_ntlm_password:  authentication for user [guest] -> [nobody] -> 
[DOMAIN+guest] succeeded
[2007/09/26 08:01:48, 3] passdb/lookup_sid.c:store_gid_sid_cache(1059)
 store_gid_sid_cache: gid 1513 in cache -> 
S-1-5-21-1185377677-3652869139-2531771690-513
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/09/26 08:01:48, 3] groupdb/mapping.c:pdb_create_builtin_alias(1364)
 pdb_create_builtin_alias: Could not get a gid out of winbind
[2007/09/26 08:01:48, 0] 
auth/auth_util.c:create_builtin_administrators(785)
 create_builtin_administrators: Failed to create Administrators
[2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(899)
 create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/09/26 08:01:48, 3] groupdb/mapping.c:pdb_create_builtin_alias(1364)
 pdb_create_builtin_alias: Could not get a gid out of winbind
[2007/09/26 08:01:48, 0] auth/auth_util.c:create_builtin_users(751)
 create_builtin_users: Failed to create Users
[2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(926)
 create_local_nt_token: Failed to create BUILTIN\Users group!
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID 
[S-1-5-21-1185377677-3652869139-2531771690-501]
[2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID 
[S-1-5-21-1185377677-3652869139-2531771690-513]
[2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-5-2]
[2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-5-11]
[2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
 fetch gid from cache 1513 -> S-1-5-21-1185377677-3652869139-2531771690-513
[2007/09/26 08:01:48, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
 NTLMSSP Sign/Seal - Initialising with flags:
[2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
 Got NTLMSSP neg_flags=0xe2088215
[2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(280)
 User name: DOMAIN+guest     Real name:
[2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(301)
 UNIX uid 1501 is UNIX user DOMAIN+guest, and will be vuid 101
[2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(332)
 Adding homes service for user 'DOMAIN+guest' using home directory: 
'/home/DOMAIN/guest'
[2007/09/26 08:01:48, 3] param/loadparm.c:lp_add_home(2588)
 adding home's share [guest] for user 'DOMAIN+guest' at 
'/home/DOMAIN/guest'
[2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
 Transaction 4 of length 100
[2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
 switch message SMBtconX (pid 12283) conn 0x0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] lib/util_sid.c:string_to_sid(223)
 string_to_sid: Sid @DOMAIN+hs does not start with 'S-'.
[2007/09/26 08:01:48, 2] smbd/service.c:make_connection_snum(580)
 user 'DOMAIN+guest' (from session setup) not permitted to access this 
share (service)
[2007/09/26 08:01:48, 3] smbd/error.c:error_packet(146)
 error packet at smbd/reply.c(676) cmd=117 (SMBtconX) 
NT_STATUS_ACCESS_DENIED
[2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
 Transaction 5 of length 43
[2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
 switch message SMBulogoffX (pid 12283) conn 0x0
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/reply.c:reply_ulogoffX(1618)
 ulogoffX vuid=101
[2007/09/26 08:01:48, 3] smbd/process.c:timeout_processing(1359)
 timeout_processing: End of file from client (client has disconnected).
[2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 08:01:48, 3] smbd/connection.c:yield_connection(69)
 Yielding connection to
[2007/09/26 08:01:48, 3] smbd/server.c:exit_server_common(675)
 Server exit (normal exit)


Regards
Jacek Kowalski

try changing
guest account = guest
to
guest account = nobody

Lukasz

On 9/26/07, Jacek Kowalski <jacek@hapay.pl> wrote:
> Hi!
>
> I have got the problem with my guest account. I can`t access to the share.
>
>
> The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP
> Version of krb5 is 1.5-29
>
> This is my smb.conf:
>
> [global]
> # server string is the equivalent of the NT Description field
>   netbios name = SERVER
>
> # workgroup = NT-Domain-Name or Workgroup-Name
>   workgroup = DOMAIN
>   realm = DOMAIN.NET
>   security = ADS
>   password server = server.domain.net
>   winbind separator = +
>   allow trusted domains = No
> #        auth methods = guest sam winbind
>   idmap backend = idmap_rid:INFORNET=1000-65000
>   idmap uid = 1000-65000
>   idmap gid = 1000-65000
>   template shell = /bin/bash
> #   template homedir = /home/ad/%D/%U
>   winbind use default domain = Yes
>   winbind enum users = No
>   winbind enum groups = No
>   winbind nested groups = Yes
>   #client use spnego = no
>         #server signing = auto
> # this tells Samba to use a separate log file for each machine
> # that connects
>   log file = /var/log/samba/%I.log
>         log level = 3
> # Put a capping on the size of the log files (in Kb).
>   max log size = 500
>   smb ports = 139
> guest account = guest
> encrypt passwords = yes
> username map = /etc/samba/smbusers
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = no
>
> [homes]
>   comment = Home Directories
>   browseable = no
>   writable = yes
>   create mask = 664
>   directory mask = 0775
>
>
> [source1]
>   path = /home/source1
>   public = yes
>   valid users = @DOMAIN+group1
>   read list = @DOMAIN+group1
>   write list = @DOMAIN+group1
>   force group = group1
>   writable = yes
>   printable = no
>   browseable = yes
>   create mask = 0665
> #   valid users = @group1
>   force directory mode = 0775
>   guest ok = yes
> #   hosts deny = 192.168.6.194
>
>
>
> Logs for Samba says:
> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357)
>  using SPNEGO
> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580)
>  Selected protocol NT LM 0.12
> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
>  Transaction 2 of length 256
> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
>  switch message SMBsesssetupX (pid 12283) conn 0x0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
>  wct=12 flg2=0xc807
> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
>  Doing spnego session setup
> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
>  NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
> NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
>  Got OID 1 3 6 1 4 1 311 2 2 10
> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
>  Got secblob of size 40
> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>  Got NTLMSSP neg_flags=0xe2088297
> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
>  Transaction 3 of length 366
> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
>  switch message SMBsesssetupX (pid 12283) conn 0x0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
>  wct=12 flg2=0xc807
> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
>  Doing spnego session setup
> [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
>  NativeOS=[Windows 2002 Dodatek Service Pack 2 2600]
> NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
>  Got user=[guest] domain=[DOMAIN] workstation=[1-123] len1=24 len2=24
> [2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155)
>  Mapped user guest to nobody
> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221)
>  check_ntlm_password:  Checking password for unmapped user
> [DOMAIN]\[guest]@[1-123] with the new password interface
> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224)
>  check_ntlm_password:  mapped user is: [DOMAIN]\[nobody]@[1-123]
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
>  fetch gid from cache 1514 ->
S-1-5-21-1185377677-3652869139-2531771690-514
> [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(270)
>  check_ntlm_password: winbind authentication for user [guest] succeeded
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 2] auth/auth.c:check_ntlm_password(309)
>  check_ntlm_password:  authentication for user [guest] -> [nobody] ->
> [DOMAIN+guest] succeeded
> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:store_gid_sid_cache(1059)
>  store_gid_sid_cache: gid 1513 in cache ->
> S-1-5-21-1185377677-3652869139-2531771690-513
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/09/26 08:01:48, 3] groupdb/mapping.c:pdb_create_builtin_alias(1364)
>  pdb_create_builtin_alias: Could not get a gid out of winbind
> [2007/09/26 08:01:48, 0]
> auth/auth_util.c:create_builtin_administrators(785)
>  create_builtin_administrators: Failed to create Administrators
> [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(899)
>  create_local_nt_token: Failed to create BUILTIN\Administrators group!
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345)
>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/09/26 08:01:48, 3] groupdb/mapping.c:pdb_create_builtin_alias(1364)
>  pdb_create_builtin_alias: Could not get a gid out of winbind
> [2007/09/26 08:01:48, 0] auth/auth_util.c:create_builtin_users(751)
>  create_builtin_users: Failed to create Users
> [2007/09/26 08:01:48, 2] auth/auth_util.c:create_local_nt_token(926)
>  create_local_nt_token: Failed to create BUILTIN\Users group!
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
>  get_privileges: No privileges assigned to SID
> [S-1-5-21-1185377677-3652869139-2531771690-501]
> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
>  get_privileges: No privileges assigned to SID
> [S-1-5-21-1185377677-3652869139-2531771690-513]
> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
>  get_privileges: No privileges assigned to SID [S-1-5-2]
> [2007/09/26 08:01:48, 3] lib/privileges.c:get_privileges(261)
>  get_privileges: No privileges assigned to SID [S-1-5-11]
> [2007/09/26 08:01:48, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
>  fetch gid from cache 1513 ->
S-1-5-21-1185377677-3652869139-2531771690-513
> [2007/09/26 08:01:48, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
>  NTLMSSP Sign/Seal - Initialising with flags:
> [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>  Got NTLMSSP neg_flags=0xe2088215
> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(280)
>  User name: DOMAIN+guest     Real name:
> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(301)
>  UNIX uid 1501 is UNIX user DOMAIN+guest, and will be vuid 101
> [2007/09/26 08:01:48, 3] smbd/password.c:register_vuid(332)
>  Adding homes service for user 'DOMAIN+guest' using home directory:
> '/home/DOMAIN/guest'
> [2007/09/26 08:01:48, 3] param/loadparm.c:lp_add_home(2588)
>  adding home's share [guest] for user 'DOMAIN+guest' at
> '/home/DOMAIN/guest'
> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
>  Transaction 4 of length 100
> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
>  switch message SMBtconX (pid 12283) conn 0x0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] lib/util_sid.c:string_to_sid(223)
>  string_to_sid: Sid @DOMAIN+hs does not start with 'S-'.
> [2007/09/26 08:01:48, 2] smbd/service.c:make_connection_snum(580)
>  user 'DOMAIN+guest' (from session setup) not permitted to access
this
> share (service)
> [2007/09/26 08:01:48, 3] smbd/error.c:error_packet(146)
>  error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110)
>  Transaction 5 of length 43
> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914)
>  switch message SMBulogoffX (pid 12283) conn 0x0
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/reply.c:reply_ulogoffX(1618)
>  ulogoffX vuid=101
> [2007/09/26 08:01:48, 3] smbd/process.c:timeout_processing(1359)
>  timeout_processing: End of file from client (client has disconnected).
> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/26 08:01:48, 3] smbd/connection.c:yield_connection(69)
>  Yielding connection to
> [2007/09/26 08:01:48, 3] smbd/server.c:exit_server_common(675)
>  Server exit (normal exit)
>
>
> Regards
> Jacek Kowalski
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
-- 
http://lucasmanual.com/mywiki/SambaDomainController

Jacek,

Take a look at the 'map to guest' option.  Perhaps 'map to guest =
Bad
Password' might solve this problem for you.

Hi!

I have got the problem with my guest account. I can`t access to the share.


The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP
Version of krb5 is 1.5-29

This is my smb.conf:

[global]
# server string is the equivalent of the NT Description field
netbios name = SERVER

# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = DOMAIN
realm = DOMAIN.NET
security = ADS
password server = server.domain.net
winbind separator = +
allow trusted domains = No
# auth methods = guest sam winbind
idmap backend = idmap_rid:INFORNET=1000-65000
idmap uid = 1000-65000
idmap gid = 1000-65000
template shell = /bin/bash
# template homedir = /home/ad/%D/%U
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
#client use spnego = no
#server signing = auto
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%I.log
log level = 3
# Put a capping on the size of the log files (in Kb).
max log size = 500
smb ports = 139
guest account = guest
encrypt passwords = yes
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no

[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 664
directory mask = 0775


[source1]
path = /home/source1
public = yes
valid users = @DOMAIN+group1
read list = @DOMAIN+group1
write list = @DOMAIN+group1
force group = group1
writable = yes
printable = no
browseable = yes
create mask = 0665
# valid users = @group1
force directory mode = 0775
guest ok = yes
# hosts deny = 192.168.6.194

I`ve fix the problem! I`ve add to my smb.conf in the source section:

valid users = @DOMAIN+group1 DOMAIN+guest
read list = @DOMAIN+group1 DOMAIN+guest


and turn off

guest ok = yes



And everything work`s perfectly!

Thank you for all!

Jaco


P.S. My english is not quite well ;-)