R. B. Letsinger
2011-May-04 20:50 UTC
[Samba] Guest access broken for Win7 between 3.3.8 and 3.5.4?
I've been running samba on RHEL5 for the past couple of years with XP clients. Late last year, in order to support new Win7 clients, I upgraded from samba-3.0.33 packages to samba3x-3.3.8 (from the Red Hat-managed configuration tree) and after some struggles got everything working. But now after upgrading to samba3x-3.5.4 I am only able to connect as a known user and not as a guest. Relevant configuration details from smb.conf: [global] security=user encrypt passwords = yes passdb backend = smbpasswd smb passwd file = /etc/samba/smbpasswd guest account = gstuser server signing = auto map to guest = Bad User log level = 2 wide links = no follow symlinks = no client ntlmv2 auth = yes client signing = mandatory ... [guest_share] guest only = yes path = <path with sufficient permissions> read only = no When I attempt to map this share on the Win7 side I get an error dialog stating "The specified network drive is no longer available". If I try to connect a similar already-mapped share on the Win7 side I get an error dialog stating "The local device name is already in use." I haven't been able to figure out how to get any further detail on the Windows side. On the Linux side, things appear to progress as expected: the original user is unrecognized, is then mapped to guest, but then I get a getpeername failed error: ... 2011/05/04 20:21:22.054326, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2011/05/04 20:21:22.054791, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [CLIENTUSER] -> [CLIENTUSER] FAILED with error NT_STATUS_NO_SUCH_USER [2011/05/04 20:21:22.057474, 1] smbd/service.c:1070(make_connection_snum) CLIENTMACHINENAME (nnn.nnn.nnn.nnn) connect to service guest_share initially as user gstuser (uid=nnn, gid=nnnn) (pid 31025) [2011/05/04 20:21:22.057875, 0] lib/util_sock.c:474(read_fd_with_timeout) [2011/05/04 20:21:22.058225, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2011/05/04 20:21:22.058376, 1] smbd/service.c:1251(close_cnum) CLIENTMACHINENAME (nnn.nnn.nnn.nnn) closed connection to service guest_share [2011/05/04 20:21:42.040820, 1] smbd/server.c:240(cleanup_timeout_fn) Cleaning up brl and lock database after unclean shutdown ... As I say, all works fine with the same Win7 client machine when the server is running samba3x-3.3.8, but gives the above behavior when I upgrade to samba3x-3.5.4. (Staying at 3.3.8 is not optimal because I am in an environment where I need to keep up-to-date with CVEs.) If I authenticate via the guest uname/pwd, I am also able to connect -- just not as an unknown user. Of possible relevance is that I'm not running nbmd, which I haven't need to-date. The change log for the latest samba3x package mentions that SPNEGO parsing was fixed between the two releases and I'm wondering if that could be implicated. Any thoughts?
Possibly Parallel Threads
- problem joining WinXP machine to samba PDC+LDAP environment
- xpsp2 clients authenticate, W2ksp4 clients must use IP or FQDN
- Win98 client samba 3.3.8-52.el5_5.2 on ext4
- Samba 3.3.8 and libsmbclient 3.0.33
- Pittfals Windows 7 and samba 3.3.8 (centos 5.5), LDAP BE - joining domain