All,
I've migrated a share from an older samba server (3.0.33) running on a
Sun Solaris box to a newer samba server (3.6.23) running on a RedHat
Linux 6 box.
For the most part I've tried to keep the configuration the same (simply
to make the migration easier since I'm not an expert on Samba config
options).
I got the authentication working (security=domain) but now I'm finding
that users that don't have an account on the samba server can not get
access to the share. This was not the case on the old server.
It appears that the following option should allow that to happen but it
doesn't seem to be working on the new server:
guest account = nobody
map to guest = Bad Uid
I see this in the logs when the user tries to login:
Trying _Get_Pwnam(), username as given is DS\bhuffman
[2015/04/19 16:07:38.221277, 5] lib/username.c:134(Get_Pwnam_internals)
Trying _Get_Pwnam(), username as uppercase is DS\BHUFFMAN
[2015/04/19 16:07:38.221334, 5] lib/username.c:143(Get_Pwnam_internals)
Checking combinations of 0 uppercase letters in ds\bhuffman
[2015/04/19 16:07:38.221375, 5] lib/username.c:149(Get_Pwnam_internals)
Get_Pwnam_internals didn't find user [DS\bhuffman]!
[2015/04/19 16:07:38.221415, 5] lib/username.c:171(Get_Pwnam_alloc)
Finding user bhuffman
[2015/04/19 16:07:38.221454, 5] lib/username.c:116(Get_Pwnam_internals)
Trying _Get_Pwnam(), username as lowercase is bhuffman
[2015/04/19 16:07:38.221545, 5] lib/username.c:134(Get_Pwnam_internals)
Trying _Get_Pwnam(), username as uppercase is BHUFFMAN
[2015/04/19 16:07:38.221612, 5] lib/username.c:143(Get_Pwnam_internals)
Checking combinations of 0 uppercase letters in bhuffman
[2015/04/19 16:07:38.221653, 5] lib/username.c:149(Get_Pwnam_internals)
Get_Pwnam_internals didn't find user [bhuffman]!
[2015/04/19 16:07:38.221701, 5] lib/username.c:171(Get_Pwnam_alloc)
Finding user bhuffman
[2015/04/19 16:07:38.221741, 5] lib/username.c:116(Get_Pwnam_internals)
Trying _Get_Pwnam(), username as lowercase is bhuffman
[2015/04/19 16:07:38.221796, 5] lib/username.c:134(Get_Pwnam_internals)
Trying _Get_Pwnam(), username as uppercase is BHUFFMAN
[2015/04/19 16:07:38.221853, 5] lib/username.c:143(Get_Pwnam_internals)
Checking combinations of 0 uppercase letters in bhuffman
[2015/04/19 16:07:38.221893, 5] lib/username.c:149(Get_Pwnam_internals)
Get_Pwnam_internals didn't find user [bhuffman]!
[2015/04/19 16:07:38.221932, 3] auth/auth_util.c:1073(check_account)
Failed to find authenticated user DS\bhuffman via getpwnam(), denying
access.
[2015/04/19 16:07:38.222590, 5] auth/auth.c:281(check_ntlm_password)
check_ntlm_password: winbind authentication for user [bhuffman]
FAILED with error NT_STATUS_NO_SUCH_USER
[2015/04/19 16:07:38.222650, 2] auth/auth.c:330(check_ntlm_password)
check_ntlm_password: Authentication for user [bhuffman] ->
[bhuffman] FAILED with error NT_STATUS_NO_SUCH_USER
[2015/04/19 16:07:38.222701, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
Here is my full smb.conf:
[global]
workgroup = XY
server string = File Server
netbios name = SERVER01
security = domain
encrypt passwords = Yes
password server = a.b.c.d
guest account = nobody
map to guest = Bad Uid
wins server = a.b.c.d
load printers = no
cups options = raw
[share]
comment = Data
path = /data/share
public = yes
writable = no
printable = no
Thanks,
Brian
Greetings, Brian C. Huffman!> I've migrated a share from an older samba server (3.0.33) running on a > Sun Solaris box to a newer samba server (3.6.23) running on a RedHat > Linux 6 box.> For the most part I've tried to keep the configuration the same (simply > to make the migration easier since I'm not an expert on Samba config > options).> I got the authentication working (security=domain) but now I'm finding > that users that don't have an account on the samba server can not get > access to the share. This was not the case on the old server.> It appears that the following option should allow that to happen but it > doesn't seem to be working on the new server: > guest account = nobody > map to guest = Bad Uid> I see this in the logs when the user tries to login:> Trying _Get_Pwnam(), username as given is DS\bhuffman > [2015/04/19 16:07:38.221277, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is DS\BHUFFMAN > [2015/04/19 16:07:38.221334, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in ds\bhuffman > [2015/04/19 16:07:38.221375, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [DS\bhuffman]! > [2015/04/19 16:07:38.221415, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user bhuffman > [2015/04/19 16:07:38.221454, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is bhuffman > [2015/04/19 16:07:38.221545, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is BHUFFMAN > [2015/04/19 16:07:38.221612, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in bhuffman > [2015/04/19 16:07:38.221653, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [bhuffman]! > [2015/04/19 16:07:38.221701, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user bhuffman > [2015/04/19 16:07:38.221741, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is bhuffman > [2015/04/19 16:07:38.221796, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is BHUFFMAN > [2015/04/19 16:07:38.221853, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in bhuffman > [2015/04/19 16:07:38.221893, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [bhuffman]! > [2015/04/19 16:07:38.221932, 3] auth/auth_util.c:1073(check_account) > Failed to find authenticated user DS\bhuffman via getpwnam(), denying > access. > [2015/04/19 16:07:38.222590, 5] auth/auth.c:281(check_ntlm_password) > check_ntlm_password: winbind authentication for user [bhuffman] > FAILED with error NT_STATUS_NO_SUCH_USER > [2015/04/19 16:07:38.222650, 2] auth/auth.c:330(check_ntlm_password) > check_ntlm_password: Authentication for user [bhuffman] -> > [bhuffman] FAILED with error NT_STATUS_NO_SUCH_USER > [2015/04/19 16:07:38.222701, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILUREIt seems Samba unable to find the user in first place. In which case, "bad uid" is unlikely to work, I guess, as it gets no UID whatsoever. You will need to review your configuration link to the domain.> Here is my full smb.conf: > [global] > workgroup = XY > server string = File Server > netbios name = SERVER01> security = domain > encrypt passwords = Yes > password server = a.b.c.d> guest account = nobody > map to guest = Bad Uid> wins server = a.b.c.d > load printers = no > cups options = raw> [share] > comment = Data > path = /data/share > public = yes > writable = no > printable = noFirst, I don't see "guest ok = yes" on your share. Second, try with "map to guest = bad user", if you don't want to fix the link to your domain proper. -- With best regards, Andrey Repin Monday, April 20, 2015 01:16:56 Sorry for my terrible english...
On 19/04/15 22:02, Brian C. Huffman wrote:> All, > > I've migrated a share from an older samba server (3.0.33) running on a > Sun Solaris box to a newer samba server (3.6.23) running on a RedHat > Linux 6 box. > > For the most part I've tried to keep the configuration the same > (simply to make the migration easier since I'm not an expert on Samba > config options). > > I got the authentication working (security=domain) but now I'm finding > that users that don't have an account on the samba server can not get > access to the share. This was not the case on the old server. > > It appears that the following option should allow that to happen but > it doesn't seem to be working on the new server: > guest account = nobody > map to guest = Bad Uid > > I see this in the logs when the user tries to login: > > Trying _Get_Pwnam(), username as given is DS\bhuffman > [2015/04/19 16:07:38.221277, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is DS\BHUFFMAN > [2015/04/19 16:07:38.221334, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in ds\bhuffman > [2015/04/19 16:07:38.221375, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [DS\bhuffman]! > [2015/04/19 16:07:38.221415, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user bhuffman > [2015/04/19 16:07:38.221454, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is bhuffman > [2015/04/19 16:07:38.221545, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is BHUFFMAN > [2015/04/19 16:07:38.221612, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in bhuffman > [2015/04/19 16:07:38.221653, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [bhuffman]! > [2015/04/19 16:07:38.221701, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user bhuffman > [2015/04/19 16:07:38.221741, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is bhuffman > [2015/04/19 16:07:38.221796, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is BHUFFMAN > [2015/04/19 16:07:38.221853, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in bhuffman > [2015/04/19 16:07:38.221893, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [bhuffman]! > [2015/04/19 16:07:38.221932, 3] auth/auth_util.c:1073(check_account) > Failed to find authenticated user DS\bhuffman via getpwnam(), > denying access. > [2015/04/19 16:07:38.222590, 5] auth/auth.c:281(check_ntlm_password) > check_ntlm_password: winbind authentication for user [bhuffman] > FAILED with error NT_STATUS_NO_SUCH_USER > [2015/04/19 16:07:38.222650, 2] auth/auth.c:330(check_ntlm_password) > check_ntlm_password: Authentication for user [bhuffman] -> > [bhuffman] FAILED with error NT_STATUS_NO_SUCH_USER > [2015/04/19 16:07:38.222701, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > > Here is my full smb.conf: > [global] > workgroup = XY > server string = File Server > netbios name = SERVER01 > > security = domain > encrypt passwords = Yes > password server = a.b.c.d > > guest account = nobody > map to guest = Bad Uid > > wins server = a.b.c.d > load printers = no > cups options = raw > > > [share] > comment = Data > path = /data/share > public = yes > writable = no > printable = no > > Thanks, > BrianTry 'map to guest = Bad User' Rowland
Am 20.04.2015 um 00:24 schrieb Andrey Repin:> First, I don't see "guest ok = yes" on your share. > Second, try with "map to guest = bad user", if you don't want to fix the link > to your domain proper.And probably you must also make sure that the user specified at "map to guest" actually exists, and has read permission in the shared directory. However even with everything configured correct, it can still feel like behaving erratic, asking for password when it should not. I think this is because two effects interact: Windows always first tries to log you on with your windows userid, and Samba always accepts local users in addition to guests - but then the passwort must be correct! If you have the same username on your local machine as on the server, but with different passwords, then it will always fail. Workaround: insist that is tries to use a non-existing userid: net use n: \\server\share /user:notexit This works fine, without asking for a password, and immediately connects as guest. A nicer solution would be map to guest = invalid password, but this has other disadvantages (described in the man page). The best solution would be if these options could be set per share, instead of only globally. Then one could make a share specifically for guests, that always just works, no matter what.