samba - Jan 2019 - In Mac SMB guest access is not working

Hi team,

Upgraded samba from 4.7.x to 4.9.3, when i tried to connect my public share
using smb://ip/ through guest login in MAC my shares are not listed if i am
connected to AD.

2019/01/03 18:56:31.351985,  3, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:192(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: []\[GUEST]@[HS-MBP-3]
[2019/01/03 18:56:31.352027, 10, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:202(auth_check_ntlm_password)
  check_ntlm_password: auth_context challenge created by random
[2019/01/03 18:56:31.352069, 10, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:204(auth_check_ntlm_password)
  challenge is:
[2019/01/03 18:56:31.352109,  5, pid=1114, effective(0, 0), real(0, 0)]
../lib/util/util.c:514(dump_data)
  [0000] C2 91 43 77 80 4A 47 1B                             ..Cw.JG.
[2019/01/03 18:56:31.352182, 10, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_builtin.c:41(check_anonymous_security)
  Check auth for: [GUEST]
[2019/01/03 18:56:31.352223, 10, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
  auth_check_ntlm_password: anonymous had nothing to say
[2019/01/03 18:56:31.352265, 10, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth)
  Check auth for: [GUEST]
[2019/01/03 18:56:31.352311,  8, pid=1114, effective(0, 0), real(0, 0)]
../source3/lib/util.c:1125(is_myname)
  is_myname("") returns 0
[2019/01/03 18:56:31.352353,  6, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_sam.c:88(auth_samstrict_auth)
  check_samstrict_security:  is not one of my local names
(ROLE_DOMAIN_MEMBER)
[2019/01/03 18:56:31.352396, 10, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
  auth_check_ntlm_password: sam had nothing to say
[2019/01/03 18:56:31.352439, 10, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_winbind.c:50(check_winbind_security)
  Check auth for: [GUEST]
[2019/01/03 18:56:31.352485,  4, pid=1114, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2019/01/03 18:56:31.352530,  4, pid=1114, effective(0, 0), real(0, 0)]
../source3/smbd/uid.c:527(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2019/01/03 18:56:31.352572,  4, pid=1114, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2019/01/03 18:56:31.352614,  5, pid=1114, effective(0, 0), real(0, 0)]
../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2019/01/03 18:56:31.352655,  5, pid=1114, effective(0, 0), real(0, 0)]
../source3/auth/token_util.c:850(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2019/01/03 18:56:31.583661,  4, pid=1114, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2019/01/03 18:56:31.583734, 10, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_winbind.c:105(check_winbind_security)
  check_winbind_security: wbcAuthenticateUserEx failed: WBC_ERR_AUTH_ERROR
[2019/01/03 18:56:31.583805,  5, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
  auth_check_ntlm_password: winbind authentication for user [GUEST] FAILED
with error NT_STATUS_ACCOUNT_DISABLED, authoritative=1
[2019/01/03 18:56:31.583868,  2, pid=1114, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:334(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [GUEST] -> [GUEST] FAILED
with error NT_STATUS_ACCOUNT_DISABLED, authoritative=1

Regards,
VigneshDhanraj G

On Thu, 3 Jan 2019 19:15:48 +0530
VigneshDhanraj G via samba <samba at lists.samba.org> wrote:
> Hi team,
> 
> Upgraded samba from 4.7.x to 4.9.3, when i tried to connect my public
> share using smb://ip/ through guest login in MAC my shares are not
> listed if i am connected to AD.
> 
> 2019/01/03 18:56:31.351985,  3, pid=1114, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:192(auth_check_ntlm_password)
>   check_ntlm_password:  mapped user is: []\[GUEST]@[HS-MBP-3]
> [2019/01/03 18:56:31.352027, 10, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth.c:202(auth_check_ntlm_password)
>   check_ntlm_password: auth_context challenge created by random
> [2019/01/03 18:56:31.352069, 10, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth.c:204(auth_check_ntlm_password)
>   challenge is:
> [2019/01/03 18:56:31.352109,  5, pid=1114, effective(0, 0), real(0,
> 0)] ../lib/util/util.c:514(dump_data)
>   [0000] C2 91 43 77 80 4A 47 1B                             ..Cw.JG.
> [2019/01/03 18:56:31.352182, 10, pid=1114, effective(0, 0), real(0,
> 0),
> class=auth] ../source3/auth/auth_builtin.c:41(check_anonymous_security)
> Check auth for: [GUEST] [2019/01/03 18:56:31.352223, 10, pid=1114,
> effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
> auth_check_ntlm_password: anonymous had nothing to say [2019/01/03
> 18:56:31.352265, 10, pid=1114, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth) Check
> auth for: [GUEST] [2019/01/03 18:56:31.352311,  8, pid=1114,
> effective(0, 0), real(0, 0)] ../source3/lib/util.c:1125(is_myname)
>   is_myname("") returns 0
> [2019/01/03 18:56:31.352353,  6, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth_sam.c:88(auth_samstrict_auth)
>   check_samstrict_security:  is not one of my local names
> (ROLE_DOMAIN_MEMBER)
> [2019/01/03 18:56:31.352396, 10, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
>   auth_check_ntlm_password: sam had nothing to say
> [2019/01/03 18:56:31.352439, 10, pid=1114, effective(0, 0), real(0,
> 0),
> class=auth] ../source3/auth/auth_winbind.c:50(check_winbind_security)
> Check auth for: [GUEST] [2019/01/03 18:56:31.352485,  4, pid=1114,
> effective(0, 0), real(0,
> 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) :
> sec_ctx_stack_ndx = 2 [2019/01/03 18:56:31.352530,  4, pid=1114,
> effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:527(push_conn_ctx)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> [2019/01/03 18:56:31.352572,  4, pid=1114, effective(0, 0), real(0,
> 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2019/01/03 18:56:31.352614,  5, pid=1114, effective(0, 0), real(0,
> 0)] ../libcli/security/security_token.c:53(security_token_debug)
>   Security token: (NULL)
> [2019/01/03 18:56:31.352655,  5, pid=1114, effective(0, 0), real(0,
> 0)] ../source3/auth/token_util.c:850(debug_unix_user_token)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2019/01/03 18:56:31.583661,  4, pid=1114, effective(0, 0), real(0,
> 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2019/01/03 18:56:31.583734, 10, pid=1114, effective(0, 0), real(0,
> 0),
> class=auth] ../source3/auth/auth_winbind.c:105(check_winbind_security)
> check_winbind_security: wbcAuthenticateUserEx failed:
> WBC_ERR_AUTH_ERROR [2019/01/03 18:56:31.583805,  5, pid=1114,
> effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
> auth_check_ntlm_password: winbind authentication for user [GUEST]
> FAILED with error NT_STATUS_ACCOUNT_DISABLED, authoritative=1
> [2019/01/03 18:56:31.583868,  2, pid=1114, effective(0, 0), real(0,
> 0), class=auth] ../source3/auth/auth.c:334(auth_check_ntlm_password)
> check_ntlm_password:  Authentication for user [GUEST] -> [GUEST]
> FAILED with error NT_STATUS_ACCOUNT_DISABLED, authoritative=1
> 
> Regards,
> VigneshDhanraj G
The 'GUEST' user isn't a Samba user, it is a Windows user and is
disabled by default and it should stay that way. It is insecure to
enable it.

You should also stop posting the same questions here and to the
samba-technical mailing list, this is the place to post your type of
questions. The samba-technical list is meant for development questions.

Rowland

Hi,

Previously using samba 4.7.7. Have upgraded the samba to 4.9.3. Other than
samba nothing changed in the server. After upgrade am unable to connect the
server through smb from MAC. I didnt change any smb.conf from 4.7 . Is
there any changes to be made for make it work.

Thanks

On Thu, Jan 3, 2019 at 7:55 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 3 Jan 2019 19:15:48 +0530
> VigneshDhanraj G via samba <samba at lists.samba.org> wrote:
>
> > Hi team,
> >
> > Upgraded samba from 4.7.x to 4.9.3, when i tried to connect my public
> > share using smb://ip/ through guest login in MAC my shares are not
> > listed if i am connected to AD.
> >
> > 2019/01/03 18:56:31.351985,  3, pid=1114, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth.c:192(auth_check_ntlm_password)
> >   check_ntlm_password:  mapped user is: []\[GUEST]@[HS-MBP-3]
> > [2019/01/03 18:56:31.352027, 10, pid=1114, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:202(auth_check_ntlm_password)
> >   check_ntlm_password: auth_context challenge created by random
> > [2019/01/03 18:56:31.352069, 10, pid=1114, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:204(auth_check_ntlm_password)
> >   challenge is:
> > [2019/01/03 18:56:31.352109,  5, pid=1114, effective(0, 0), real(0,
> > 0)] ../lib/util/util.c:514(dump_data)
> >   [0000] C2 91 43 77 80 4A 47 1B                             ..Cw.JG.
> > [2019/01/03 18:56:31.352182, 10, pid=1114, effective(0, 0), real(0,
> > 0),
> > class=auth]
../source3/auth/auth_builtin.c:41(check_anonymous_security)
> > Check auth for: [GUEST] [2019/01/03 18:56:31.352223, 10, pid=1114,
> > effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
> > auth_check_ntlm_password: anonymous had nothing to say [2019/01/03
> > 18:56:31.352265, 10, pid=1114, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth) Check
> > auth for: [GUEST] [2019/01/03 18:56:31.352311,  8, pid=1114,
> > effective(0, 0), real(0, 0)] ../source3/lib/util.c:1125(is_myname)
> >   is_myname("") returns 0
> > [2019/01/03 18:56:31.352353,  6, pid=1114, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth_sam.c:88(auth_samstrict_auth)
> >   check_samstrict_security:  is not one of my local names
> > (ROLE_DOMAIN_MEMBER)
> > [2019/01/03 18:56:31.352396, 10, pid=1114, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
> >   auth_check_ntlm_password: sam had nothing to say
> > [2019/01/03 18:56:31.352439, 10, pid=1114, effective(0, 0), real(0,
> > 0),
> > class=auth] ../source3/auth/auth_winbind.c:50(check_winbind_security)
> > Check auth for: [GUEST] [2019/01/03 18:56:31.352485,  4, pid=1114,
> > effective(0, 0), real(0,
> > 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) :
> > sec_ctx_stack_ndx = 2 [2019/01/03 18:56:31.352530,  4, pid=1114,
> > effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:527(push_conn_ctx)
> >   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> > [2019/01/03 18:56:31.352572,  4, pid=1114, effective(0, 0), real(0,
> > 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
> >   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> > [2019/01/03 18:56:31.352614,  5, pid=1114, effective(0, 0), real(0,
> > 0)] ../libcli/security/security_token.c:53(security_token_debug)
> >   Security token: (NULL)
> > [2019/01/03 18:56:31.352655,  5, pid=1114, effective(0, 0), real(0,
> > 0)] ../source3/auth/token_util.c:850(debug_unix_user_token)
> >   UNIX token of user 0
> >   Primary group is 0 and contains 0 supplementary groups
> > [2019/01/03 18:56:31.583661,  4, pid=1114, effective(0, 0), real(0,
> > 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
> >   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> > [2019/01/03 18:56:31.583734, 10, pid=1114, effective(0, 0), real(0,
> > 0),
> > class=auth] ../source3/auth/auth_winbind.c:105(check_winbind_security)
> > check_winbind_security: wbcAuthenticateUserEx failed:
> > WBC_ERR_AUTH_ERROR [2019/01/03 18:56:31.583805,  5, pid=1114,
> > effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
> > auth_check_ntlm_password: winbind authentication for user [GUEST]
> > FAILED with error NT_STATUS_ACCOUNT_DISABLED, authoritative=1
> > [2019/01/03 18:56:31.583868,  2, pid=1114, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:334(auth_check_ntlm_password)
> > check_ntlm_password:  Authentication for user [GUEST] -> [GUEST]
> > FAILED with error NT_STATUS_ACCOUNT_DISABLED, authoritative=1
> >
> > Regards,
> > VigneshDhanraj G
>
> The 'GUEST' user isn't a Samba user, it is a Windows user and
is
> disabled by default and it should stay that way. It is insecure to
> enable it.
>
> You should also stop posting the same questions here and to the
> samba-technical mailing list, this is the place to post your type of
> questions. The samba-technical list is meant for development questions.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba