samba - May 2014 - Can login as Guest from server, but not from workstation?

Hi,

I have a long-running samba einstallation on Freebsd, with various
incarnations of windows from XP through Vista and Windows 7 all
working flawlessly. Recently we added a media computer (TVIX) and
decided to use Samba to serve the files to the TVIX. This is when my
misery began..

The TVIX requires the share to be TVIXHD1 and accessed via the Guest
account (it is not very flexible about changing options). So I created
the share:

[TVIXHD1]
comment = MEDIA FILES
path = /var/VIDEONFS
read only = no
guest ok  = yes
public = yes

I didn't use guest only, because we want people to be able to access
this share normally also. I added the 'nobody' user to the password
database using pdbedit, so I could use the default user for
Guest. Testing with smbclient -U Guest prompts for a password, but
when I just hit return, I get the share with no problem.

However, trying to access the share from the TVIX machine provides no
joy. Setting the debug level to 3, what I see when the TVIX tries to
login is

1) A call to check_ntlm_password, which checks for the unmapped user
   []\[Guest]@[192.168.1.5], mapped user is [NS]\[Guest]@[192.168.1.5]

Couldn't find user 'Guest' in passdb and fails. It then repeats this
exact sequence, and fails again.

Comparing the logfiles with the succesful login from the sever using
smbclient

1) check_ntlm_passwrd, unmapped user [SSRCOM]\[Guest]@[NS]
                       mapped user [NS]\[Guest]@[NS]

Can't find user 'Guest' in passdb and fails. As above, it continues
to
do repeat the authentication, but this time uses an empty password,
instead of the same one:

2) check_ntlm_password: unmapped user []\[]@[] 
                        mapped user []\[]@[]

and then it says guest authenticatl for user [] succeeded with user
name nobody.

Can someone tell me how to get this to happen for the client machine?

Thanks so much.

Scott
-- 
sdb at ssr.com

You may want to check your smb.conf (or " testparm -v" output) for the
"guest account" variable.

The default is
     guest account = nobody


that I think should map to an existing (and probably restricted) unix 
user account (e.g. in /etc/passwd.)



I don't think you need to create a samba account for "nobody."





On 05/29/14 16:43, Scott Ballantyne wrote:
> Hi,
>
> I have a long-running samba einstallation on Freebsd, with various
> incarnations of windows from XP through Vista and Windows 7 all
> working flawlessly. Recently we added a media computer (TVIX) and
> decided to use Samba to serve the files to the TVIX. This is when my
> misery began..
>
> The TVIX requires the share to be TVIXHD1 and accessed via the Guest
> account (it is not very flexible about changing options). So I created
> the share:
>
> [TVIXHD1]
> comment = MEDIA FILES
> path = /var/VIDEONFS
> read only = no
> guest ok  = yes
> public = yes
>
> I didn't use guest only, because we want people to be able to access
> this share normally also. I added the 'nobody' user to the password
> database using pdbedit, so I could use the default user for
> Guest. Testing with smbclient -U Guest prompts for a password, but
> when I just hit return, I get the share with no problem.
>
> However, trying to access the share from the TVIX machine provides no
> joy. Setting the debug level to 3, what I see when the TVIX tries to
> login is
>
> 1) A call to check_ntlm_password, which checks for the unmapped user
>     []\[Guest]@[192.168.1.5], mapped user is [NS]\[Guest]@[192.168.1.5]
>
> Couldn't find user 'Guest' in passdb and fails. It then repeats
this
> exact sequence, and fails again.
>
> Comparing the logfiles with the succesful login from the sever using
> smbclient
>
> 1) check_ntlm_passwrd, unmapped user [SSRCOM]\[Guest]@[NS]
>                         mapped user [NS]\[Guest]@[NS]
>
> Can't find user 'Guest' in passdb and fails. As above, it
continues to
> do repeat the authentication, but this time uses an empty password,
> instead of the same one:
>
> 2) check_ntlm_password: unmapped user []\[]@[]
>                          mapped user []\[]@[]
>
> and then it says guest authenticatl for user [] succeeded with user
> name nobody.
>
> Can someone tell me how to get this to happen for the client machine?
>
> Thanks so much.
>
> Scott

On Thu, May 29, 2014 at 08:43:23PM -0000, Scott Ballantyne
wrote:
> Hi,
> 
> I have a long-running samba einstallation on Freebsd, with various
> incarnations of windows from XP through Vista and Windows 7 all
> working flawlessly. Recently we added a media computer (TVIX) and
> decided to use Samba to serve the files to the TVIX. This is when my
> misery began..
> 
> The TVIX requires the share to be TVIXHD1 and accessed via the Guest
> account (it is not very flexible about changing options). So I created
> the share:
> 
> [TVIXHD1]
> comment = MEDIA FILES
> path = /var/VIDEONFS
> read only = no
> guest ok  = yes
> public = yes
> 
> I didn't use guest only, because we want people to be able to access
> this share normally also. I added the 'nobody' user to the password
> database using pdbedit, so I could use the default user for
> Guest. Testing with smbclient -U Guest prompts for a password, but
> when I just hit return, I get the share with no problem.
> 
> However, trying to access the share from the TVIX machine provides no
> joy. Setting the debug level to 3, what I see when the TVIX tries to
> login is
> 
> 1) A call to check_ntlm_password, which checks for the unmapped user
>    []\[Guest]@[192.168.1.5], mapped user is [NS]\[Guest]@[192.168.1.5]
> 
> Couldn't find user 'Guest' in passdb and fails. It then repeats
this
> exact sequence, and fails again.
> 
> Comparing the logfiles with the succesful login from the sever using
> smbclient
> 
> 1) check_ntlm_passwrd, unmapped user [SSRCOM]\[Guest]@[NS]
>                        mapped user [NS]\[Guest]@[NS]
Looks like your client is requesting access
as an account literally called "SSRCOM\Guest".

Look at the smb.conf "map to guest" parameter.
You probably need "map to guest = Bad User".

Jeremy.