On Thu, Aug 2, 2018 at 11:11 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 2 Aug 2018 11:02:45 -0400 > pisymbol <pisymbol at gmail.com> wrote: > > > Whoops! Replying to all! > > > > On Thu, Aug 2, 2018 at 10:55 AM, Rowland Penny via samba < > > samba at lists.samba.org> wrote: > > > > > On Thu, 2 Aug 2018 10:43:26 -0400 > > > pisymbol via samba <samba at lists.samba.org> wrote: > > > > > > > Full disclosure: This is an exported share on a QNAP NAS device. > > > > > > Even fuller disclosure ;-) > > > You haven't given us enough info > > > > > > > I can facilitate though. > > > > > > > What version of Samba is the QNAP NAS using ? > > > > > > > 4.4.16 > > > > What is in smb.conf ? > > > > > > > A lot of stuff as you can imagine. > > Yes and it will remain imaginary until you post it >[admin at outerdrive ~]# cat /etc/config/smb.conf [global] realm = ACME.COM passdb backend = smbpasswd workgroup = ACME security = ADS #### NOTE: I had to change this to ADS to get this toaster oven to join AD server string encrypt passwords = Yes username level = 0 map to guest = Bad User null passwords = yes max log size = 10 socket options = TCP_NODELAY SO_KEEPALIVE os level = 20 preferred master = no dns proxy = No smb passwd file=/etc/config/smbpasswd username map = /etc/config/smbusers guest account = guest directory mask = 0777 create mask = 0777 oplocks = yes locking = yes disable spoolss = no load printers = yes veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/:2e*/. at __qini/.Qsync/. at upload_cache/.qsync/.qsync_sn/. at qsys/.streams/.digest/ delete veto files = yes map archive = no map system = no map hidden = no map read only = no deadtime = 10 server role = auto use sendfile = yes unix extensions = no store dos attributes = yes client ntlmv2 auth = yes dos filetime resolution = no follow symlinks = yes wide links = yes force unknown acl user = yes template homedir = /share/homes/DOMAIN=%D/%U inherit acls = yes domain logons = no min receivefile size = 256 case sensitive = auto domain master = auto local master = no enhance acl v1 = yes remove everyone = yes conn log = no kernel oplocks = no min protocol = LANMAN1 smb2 leases = yes durable handles = yes kernel share modes = no posix locking = no lock directory = /share/CACHEDEV1_DATA/.samba/lock state directory = /share/CACHEDEV1_DATA/.samba/state cache directory = /share/CACHEDEV1_DATA/.samba/cache printcap cache time = 0 acl allow execute always = yes server signing = disabled aio read size = 1 aio write size = 0 streams_depot:delete_lost = yes streams_depot:check_valid = no fruit:nfs_aces = no fruit:veto_appledouble = no winbind expand groups = 1 pid directory = /var/lock printcap name = /etc/printcap printing = cups show add printer wizard = no host msdfs = yes winbind enum groups = Yes winbind enum users = Yes wins support = no name resolve order = host bcast max protocol = SMB2_10 vfs objects = shadow_copy2 acl_xattr catia fruit qnap_macea streams_depot aio_pthread [Multimedia] comment = System default share path = /share/CACHEDEV1_DATA/Multimedia browsable = yes oplocks = yes ftp write only = no recycle bin = yes recycle bin administrators only = no qbox = no public = yes invalid users = "guest" read list = @"everyone" write list = "admin" valid users = "root",@"everyone","admin" inherit permissions = yes shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Multimedia/.snapshot shadow:basedir = /share/CACHEDEV1_DATA/Multimedia shadow:sort = desc shadow:format = @GMT-%Y.%m.%d-%H:%M:%S smb encrypt = disabled strict allocate = yes streams_depot:check_valid = yes mangled names = yes [Download] comment = System default share path = /share/CACHEDEV1_DATA/Download browsable = yes oplocks = yes ftp write only = no recycle bin = yes recycle bin administrators only = no qbox = no public = yes invalid users = "guest" read list write list = "admin" valid users = "root","admin" inherit permissions = yes shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Download/.snapshot shadow:basedir = /share/CACHEDEV1_DATA/Download shadow:sort = desc shadow:format = @GMT-%Y.%m.%d-%H:%M:%S smb encrypt = disabled strict allocate = yes streams_depot:check_valid = yes mangled names = yes [Web] comment = System default share path = /share/CACHEDEV1_DATA/Web browsable = yes oplocks = yes ftp write only = no recycle bin = yes recycle bin administrators only = no qbox = no public = yes invalid users = "guest" read list write list = "admin" valid users = "root","admin" inherit permissions = yes shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Web/.snapshot shadow:basedir = /share/CACHEDEV1_DATA/Web shadow:sort = desc shadow:format = @GMT-%Y.%m.%d-%H:%M:%S smb encrypt = disabled strict allocate = yes streams_depot:check_valid = yes mangled names = yes [Public] comment = System default share path = /share/CACHEDEV1_DATA/Public browsable = yes oplocks = yes ftp write only = no recycle bin = yes recycle bin administrators only = yes qbox = no public = yes invalid users = "guest" read list = @"everyone" write list = "admin",@"ACME\Users" valid users = "root",@"everyone","admin",@"ACME\Users" inherit permissions = yes shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Public/.snapshot shadow:basedir = /share/CACHEDEV1_DATA/Public shadow:sort = desc shadow:format = @GMT-%Y.%m.%d-%H:%M:%S smb encrypt = disabled strict allocate = yes streams_depot:check_valid = yes mangled names = yes [homes] comment = System default share path = /share/CACHEDEV1_DATA/homes browsable = yes oplocks = yes ftp write only = no recycle bin = yes recycle bin administrators only = no qbox = no public = yes invalid users read list write list = "admin" valid users = "root","admin" inherit permissions = yes shadow:snapdir = /share/CACHEDEV1_DATA/_.share/homes/.snapshot shadow:basedir = /share/CACHEDEV1_DATA/homes shadow:sort = desc shadow:format = @GMT-%Y.%m.%d-%H:%M:%S smb encrypt = disabled mangled names = yes [printers] use client driver = yes writable = no browsable = no printable = yes guest ok = yes path = /var/spool/smb [home] comment = Home path = %H browsable = yes oplocks = yes ftp write only = no inherit permissions = yes invalid users = guest writable = yes read list = "%u" write list = "%u" valid users = "%u" root preexec = /sbin/create_home -u '%q' shadow:snapdir = /share/CACHEDEV1_DATA/homes/../_.share/homes/.snapshot shadow:basedir = %H shadow:sort = desc shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
Rowland Penny
2018-Aug-02 15:56 UTC
[Samba] Can't write to a samba share mounted as an AD user
On Thu, 2 Aug 2018 11:17:47 -0400 pisymbol <pisymbol at gmail.com> wrote:> On Thu, Aug 2, 2018 at 11:11 AM, Rowland Penny via samba < > samba at lists.samba.org> wrote: > > > On Thu, 2 Aug 2018 11:02:45 -0400 > > pisymbol <pisymbol at gmail.com> wrote: > > > > > Whoops! Replying to all! > > > > > > On Thu, Aug 2, 2018 at 10:55 AM, Rowland Penny via samba < > > > samba at lists.samba.org> wrote: > > > > > > > On Thu, 2 Aug 2018 10:43:26 -0400 > > > > pisymbol via samba <samba at lists.samba.org> wrote: > > > > > > > > > Full disclosure: This is an exported share on a QNAP NAS > > > > > device. > > > > > > > > Even fuller disclosure ;-) > > > > You haven't given us enough info > > > > > > > > > > I can facilitate though. > > > > > > > > > > What version of Samba is the QNAP NAS using ? > > > > > > > > > > 4.4.16 > > > > > > What is in smb.conf ? > > > > > > > > > > A lot of stuff as you can imagine. > > > > Yes and it will remain imaginary until you post it > > > > [admin at outerdrive ~]# cat /etc/config/smb.conf > [global] > realm = ACME.COM > passdb backend = smbpasswd > workgroup = ACME > security = ADS #### NOTE: I had to change this to ADS to get > this toaster oven to join AD > server string > encrypt passwords = Yes > username level = 0 > map to guest = Bad User > null passwords = yes > max log size = 10 > socket options = TCP_NODELAY SO_KEEPALIVE > os level = 20 > preferred master = no > dns proxy = No > smb passwd file=/etc/config/smbpasswd > username map = /etc/config/smbusers > guest account = guest > directory mask = 0777 > create mask = 0777 > oplocks = yes > locking = yes > disable spoolss = no > load printers = yes > veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network > Trash Folder/Temporary > Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/:2e*/. at __qini/.Qsync/. at upload_cache/.qsync/.qsync_sn/. at qsys/.streams/.digest/ > delete veto files = yes > map archive = no > map system = no > map hidden = no > map read only = no > deadtime = 10 > server role = auto > use sendfile = yes > unix extensions = no > store dos attributes = yes > client ntlmv2 auth = yes > dos filetime resolution = no > follow symlinks = yes > wide links = yes > force unknown acl user = yes > template homedir = /share/homes/DOMAIN=%D/%U > inherit acls = yes > domain logons = no > min receivefile size = 256 > case sensitive = auto > domain master = auto > local master = no > enhance acl v1 = yes > remove everyone = yes > conn log = no > kernel oplocks = no > min protocol = LANMAN1 > smb2 leases = yes > durable handles = yes > kernel share modes = no > posix locking = no > lock directory = /share/CACHEDEV1_DATA/.samba/lock > state directory = /share/CACHEDEV1_DATA/.samba/state > cache directory = /share/CACHEDEV1_DATA/.samba/cache > printcap cache time = 0 > acl allow execute always = yes > server signing = disabled > aio read size = 1 > aio write size = 0 > streams_depot:delete_lost = yes > streams_depot:check_valid = no > fruit:nfs_aces = no > fruit:veto_appledouble = no > winbind expand groups = 1 > pid directory = /var/lock > printcap name = /etc/printcap > printing = cups > show add printer wizard = no > host msdfs = yes > winbind enum groups = Yes > winbind enum users = Yes > wins support = no > name resolve order = host bcast > max protocol = SMB2_10 > vfs objects = shadow_copy2 acl_xattr catia fruit qnap_macea > streams_depot aio_pthread > > [Multimedia] > comment = System default share > path = /share/CACHEDEV1_DATA/Multimedia > browsable = yes > oplocks = yes > ftp write only = no > recycle bin = yes > recycle bin administrators only = no > qbox = no > public = yes > invalid users = "guest" > read list = @"everyone" > write list = "admin" > valid users = "root",@"everyone","admin" > inherit permissions = yes > shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Multimedia/.snapshot > shadow:basedir = /share/CACHEDEV1_DATA/Multimedia > shadow:sort = desc > shadow:format = @GMT-%Y.%m.%d-%H:%M:%S > smb encrypt = disabled > strict allocate = yes > streams_depot:check_valid = yes > mangled names = yes > > [Download] > comment = System default share > path = /share/CACHEDEV1_DATA/Download > browsable = yes > oplocks = yes > ftp write only = no > recycle bin = yes > recycle bin administrators only = no > qbox = no > public = yes > invalid users = "guest" > read list > write list = "admin" > valid users = "root","admin" > inherit permissions = yes > shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Download/.snapshot > shadow:basedir = /share/CACHEDEV1_DATA/Download > shadow:sort = desc > shadow:format = @GMT-%Y.%m.%d-%H:%M:%S > smb encrypt = disabled > strict allocate = yes > streams_depot:check_valid = yes > mangled names = yes > > [Web] > comment = System default share > path = /share/CACHEDEV1_DATA/Web > browsable = yes > oplocks = yes > ftp write only = no > recycle bin = yes > recycle bin administrators only = no > qbox = no > public = yes > invalid users = "guest" > read list > write list = "admin" > valid users = "root","admin" > inherit permissions = yes > shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Web/.snapshot > shadow:basedir = /share/CACHEDEV1_DATA/Web > shadow:sort = desc > shadow:format = @GMT-%Y.%m.%d-%H:%M:%S > smb encrypt = disabled > strict allocate = yes > streams_depot:check_valid = yes > mangled names = yes > > [Public] > comment = System default share > path = /share/CACHEDEV1_DATA/Public > browsable = yes > oplocks = yes > ftp write only = no > recycle bin = yes > recycle bin administrators only = yes > qbox = no > public = yes > invalid users = "guest" > read list = @"everyone" > write list = "admin",@"ACME\Users" > valid users = "root",@"everyone","admin",@"ACME\Users" > inherit permissions = yes > shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Public/.snapshot > shadow:basedir = /share/CACHEDEV1_DATA/Public > shadow:sort = desc > shadow:format = @GMT-%Y.%m.%d-%H:%M:%S > smb encrypt = disabled > strict allocate = yes > streams_depot:check_valid = yes > mangled names = yes > > [homes] > comment = System default share > path = /share/CACHEDEV1_DATA/homes > browsable = yes > oplocks = yes > ftp write only = no > recycle bin = yes > recycle bin administrators only = no > qbox = no > public = yes > invalid users > read list > write list = "admin" > valid users = "root","admin" > inherit permissions = yes > shadow:snapdir = /share/CACHEDEV1_DATA/_.share/homes/.snapshot > shadow:basedir = /share/CACHEDEV1_DATA/homes > shadow:sort = desc > shadow:format = @GMT-%Y.%m.%d-%H:%M:%S > smb encrypt = disabled > mangled names = yes > > [printers] > use client driver = yes > writable = no > browsable = no > printable = yes > guest ok = yes > path = /var/spool/smb > > [home] > comment = Home > path = %H > browsable = yes > oplocks = yes > ftp write only = no > inherit permissions = yes > invalid users = guest > writable = yes > read list = "%u" > write list = "%u" > valid users = "%u" > root preexec = /sbin/create_home -u '%q' > shadow:snapdir > = /share/CACHEDEV1_DATA/homes/../_.share/homes/.snapshot > shadow:basedir = %H shadow:sort = desc > shadow:format = @GMT-%Y.%m.%d-%H:%M:%SWas this NAS a 'standalone server' at some point ? It certainly looks like it to me, two things point that way, one you are using the deprecated 'smbpasswd' 'passdb backend' and the other is that you have no authentication lines in smb.conf. Without authentication, the only user who could connect, would be the guest user, but you have explicitly denied this with 'invalid users "guest"' Rowland
On Thu, Aug 2, 2018 at 11:56 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 2 Aug 2018 11:17:47 -0400 > pisymbol <pisymbol at gmail.com> wrote: > > Was this NAS a 'standalone server' at some point ? >Well I don't know what you are asking. The NAS is new, booted up, promptly joined to AD.> It certainly looks like it to me, two things point that way, one you > are using the deprecated 'smbpasswd' 'passdb backend' and the other is > that you have no authentication lines in smb.conf. Without > authentication, the only user who could connect, would be the guest > user, but you have explicitly denied this with 'invalid users > "guest"' > >Again, I can mount the CIFS drive from Linux AS WELL AS log into the NAS using my AD domain creds? -aps
Eric Altman
2018-Aug-02 17:11 UTC
[Samba] Can't write to a samba share mounted as an AD user
If I’m not confused though, I believe pisymbol CAN get a mount. It’s just that the mount has read-only access despite the file ownership and modes being set to give full read-write? -E> On Aug 2, 2018, at 8:56 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Thu, 2 Aug 2018 11:17:47 -0400 > pisymbol <pisymbol at gmail.com <mailto:pisymbol at gmail.com>> wrote: > >> On Thu, Aug 2, 2018 at 11:11 AM, Rowland Penny via samba < >> samba at lists.samba.org> wrote: >> >>> On Thu, 2 Aug 2018 11:02:45 -0400 >>> pisymbol <pisymbol at gmail.com> wrote: >>> >>>> Whoops! Replying to all! >>>> >>>> On Thu, Aug 2, 2018 at 10:55 AM, Rowland Penny via samba < >>>> samba at lists.samba.org> wrote: >>>> >>>>> On Thu, 2 Aug 2018 10:43:26 -0400 >>>>> pisymbol via samba <samba at lists.samba.org> wrote: >>>>> >>>>>> Full disclosure: This is an exported share on a QNAP NAS >>>>>> device. >>>>> >>>>> Even fuller disclosure ;-) >>>>> You haven't given us enough info >>>>> >>>> >>>> I can facilitate though. >>>> >>>> >>>>> What version of Samba is the QNAP NAS using ? >>>>> >>>> >>>> 4.4.16 >>>> >>>> What is in smb.conf ? >>>>> >>>> >>>> A lot of stuff as you can imagine. >>> >>> Yes and it will remain imaginary until you post it >>> >> >> [admin at outerdrive ~]# cat /etc/config/smb.conf >> [global] >> realm = ACME.COM >> passdb backend = smbpasswd >> workgroup = ACME >> security = ADS #### NOTE: I had to change this to ADS to get >> this toaster oven to join AD >> server string >> encrypt passwords = Yes >> username level = 0 >> map to guest = Bad User >> null passwords = yes >> max log size = 10 >> socket options = TCP_NODELAY SO_KEEPALIVE >> os level = 20 >> preferred master = no >> dns proxy = No >> smb passwd file=/etc/config/smbpasswd >> username map = /etc/config/smbusers >> guest account = guest >> directory mask = 0777 >> create mask = 0777 >> oplocks = yes >> locking = yes >> disable spoolss = no >> load printers = yes >> veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network >> Trash Folder/Temporary >> Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/:2e*/. at __qini/.Qsync/. at upload_cache/.qsync/.qsync_sn/. at qsys/.streams/.digest/ >> delete veto files = yes >> map archive = no >> map system = no >> map hidden = no >> map read only = no >> deadtime = 10 >> server role = auto >> use sendfile = yes >> unix extensions = no >> store dos attributes = yes >> client ntlmv2 auth = yes >> dos filetime resolution = no >> follow symlinks = yes >> wide links = yes >> force unknown acl user = yes >> template homedir = /share/homes/DOMAIN=%D/%U >> inherit acls = yes >> domain logons = no >> min receivefile size = 256 >> case sensitive = auto >> domain master = auto >> local master = no >> enhance acl v1 = yes >> remove everyone = yes >> conn log = no >> kernel oplocks = no >> min protocol = LANMAN1 >> smb2 leases = yes >> durable handles = yes >> kernel share modes = no >> posix locking = no >> lock directory = /share/CACHEDEV1_DATA/.samba/lock >> state directory = /share/CACHEDEV1_DATA/.samba/state >> cache directory = /share/CACHEDEV1_DATA/.samba/cache >> printcap cache time = 0 >> acl allow execute always = yes >> server signing = disabled >> aio read size = 1 >> aio write size = 0 >> streams_depot:delete_lost = yes >> streams_depot:check_valid = no >> fruit:nfs_aces = no >> fruit:veto_appledouble = no >> winbind expand groups = 1 >> pid directory = /var/lock >> printcap name = /etc/printcap >> printing = cups >> show add printer wizard = no >> host msdfs = yes >> winbind enum groups = Yes >> winbind enum users = Yes >> wins support = no >> name resolve order = host bcast >> max protocol = SMB2_10 >> vfs objects = shadow_copy2 acl_xattr catia fruit qnap_macea >> streams_depot aio_pthread >> >> [Multimedia] >> comment = System default share >> path = /share/CACHEDEV1_DATA/Multimedia >> browsable = yes >> oplocks = yes >> ftp write only = no >> recycle bin = yes >> recycle bin administrators only = no >> qbox = no >> public = yes >> invalid users = "guest" >> read list = @"everyone" >> write list = "admin" >> valid users = "root",@"everyone","admin" >> inherit permissions = yes >> shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Multimedia/.snapshot >> shadow:basedir = /share/CACHEDEV1_DATA/Multimedia >> shadow:sort = desc >> shadow:format = @GMT-%Y.%m.%d-%H:%M:%S >> smb encrypt = disabled >> strict allocate = yes >> streams_depot:check_valid = yes >> mangled names = yes >> >> [Download] >> comment = System default share >> path = /share/CACHEDEV1_DATA/Download >> browsable = yes >> oplocks = yes >> ftp write only = no >> recycle bin = yes >> recycle bin administrators only = no >> qbox = no >> public = yes >> invalid users = "guest" >> read list >> write list = "admin" >> valid users = "root","admin" >> inherit permissions = yes >> shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Download/.snapshot >> shadow:basedir = /share/CACHEDEV1_DATA/Download >> shadow:sort = desc >> shadow:format = @GMT-%Y.%m.%d-%H:%M:%S >> smb encrypt = disabled >> strict allocate = yes >> streams_depot:check_valid = yes >> mangled names = yes >> >> [Web] >> comment = System default share >> path = /share/CACHEDEV1_DATA/Web >> browsable = yes >> oplocks = yes >> ftp write only = no >> recycle bin = yes >> recycle bin administrators only = no >> qbox = no >> public = yes >> invalid users = "guest" >> read list >> write list = "admin" >> valid users = "root","admin" >> inherit permissions = yes >> shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Web/.snapshot >> shadow:basedir = /share/CACHEDEV1_DATA/Web >> shadow:sort = desc >> shadow:format = @GMT-%Y.%m.%d-%H:%M:%S >> smb encrypt = disabled >> strict allocate = yes >> streams_depot:check_valid = yes >> mangled names = yes >> >> [Public] >> comment = System default share >> path = /share/CACHEDEV1_DATA/Public >> browsable = yes >> oplocks = yes >> ftp write only = no >> recycle bin = yes >> recycle bin administrators only = yes >> qbox = no >> public = yes >> invalid users = "guest" >> read list = @"everyone" >> write list = "admin",@"ACME\Users" >> valid users = "root",@"everyone","admin",@"ACME\Users" >> inherit permissions = yes >> shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Public/.snapshot >> shadow:basedir = /share/CACHEDEV1_DATA/Public >> shadow:sort = desc >> shadow:format = @GMT-%Y.%m.%d-%H:%M:%S >> smb encrypt = disabled >> strict allocate = yes >> streams_depot:check_valid = yes >> mangled names = yes >> >> [homes] >> comment = System default share >> path = /share/CACHEDEV1_DATA/homes >> browsable = yes >> oplocks = yes >> ftp write only = no >> recycle bin = yes >> recycle bin administrators only = no >> qbox = no >> public = yes >> invalid users >> read list >> write list = "admin" >> valid users = "root","admin" >> inherit permissions = yes >> shadow:snapdir = /share/CACHEDEV1_DATA/_.share/homes/.snapshot >> shadow:basedir = /share/CACHEDEV1_DATA/homes >> shadow:sort = desc >> shadow:format = @GMT-%Y.%m.%d-%H:%M:%S >> smb encrypt = disabled >> mangled names = yes >> >> [printers] >> use client driver = yes >> writable = no >> browsable = no >> printable = yes >> guest ok = yes >> path = /var/spool/smb >> >> [home] >> comment = Home >> path = %H >> browsable = yes >> oplocks = yes >> ftp write only = no >> inherit permissions = yes >> invalid users = guest >> writable = yes >> read list = "%u" >> write list = "%u" >> valid users = "%u" >> root preexec = /sbin/create_home -u '%q' >> shadow:snapdir >> = /share/CACHEDEV1_DATA/homes/../_.share/homes/.snapshot >> shadow:basedir = %H shadow:sort = desc >> shadow:format = @GMT-%Y.%m.%d-%H:%M:%S > > Was this NAS a 'standalone server' at some point ? > > It certainly looks like it to me, two things point that way, one you > are using the deprecated 'smbpasswd' 'passdb backend' and the other is > that you have no authentication lines in smb.conf. Without > authentication, the only user who could connect, would be the guest > user, but you have explicitly denied this with 'invalid users > "guest"' > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>