VigneshDhanraj G
2019-Sep-25 10:54 UTC
[Samba] In mac guest user is not working when AD connected - samba 4.9.3
Hi Team, I have configured server signing as mandatory in smb.conf. After configured, guest user is not working when AD is connected. In mac while connecting to samba if i give register user as vignesh/guest, guest user is working. But if I click Guest radio button, guest user is not working. Please find the below configuration and log for reference. [Global] available= yes restrict anonymous= 0 server string= Test Workgroup= GNANA netbios name= px4-400d realm= GNANA.COM <http://VIGNESH.COM> password server= 192.168.1.14, * idmap backend= tdb idmap uid= 5000-9999999 idmap gid= 5000-9999999 idmap config GNANA : backend= rid idmap config GNANA : range= 10000000-19999999 security= ADS name resolve order= wins host bcast lmhosts client use spnego= yes dns proxy= no winbind use default domain= no winbind nested groups= yes inherit acls= yes winbind enum users= yes winbind enum groups= yes winbind separator= \\ winbind cache time= 300 winbind offline logon= true template shell= /bin/sh kerberos method= secrets and keytab map to guest= Bad User host msdfs= yes strict allocate= no encrypt passwords= yes passdb backend= smbpasswd printcap name= lpstat printable= no load printers= yes ntlm auth= Yes server signing= mandatory log =[2019/09/25 15:01:46.694089, 4] ../auth/auth_log.c:580(log_successful_authz_event_human_readable) Successful AuthZ: [SMB2,NTLMSSP] user [vignesh]\[Guest] at [Wed, 25 Sep 2019 15:01:46.694013 PDT] Remote host [ipv4:192.168.1.14:60396] local host [ipv4:192.168.1.14:445] [2019/09/25 15:01:46.694437, 5] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user vignesh\guest [2019/09/25 15:01:46.694541, 5] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is vignesh\guest [2019/09/25 15:01:46.694639, 5] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals did find user [vignesh\guest]! [2019/09/25 15:01:46.694715, 3] ../source3/smbd/password.c:133(register_homes_share) Adding homes service for user 'vignesh\guest' using home directory: '/home/vignesh/guest' [2019/09/25 15:01:46.695056, 5] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) dbwrap_lock_order_lock: check lock order 1 for /tmp/samba/smbXsrv_session_global.tdb [2019/09/25 15:01:46.695371, 5] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) dbwrap_lock_order_unlock: release lock order 1 for /tmp/samba/smbXsrv_session_global.tdb [2019/09/25 15:01:46.695622, 5] ../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu) signed SMB2 message [2019/09/25 15:01:47.845994, 0] ../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu) Bad SMB2 signature for message [2019/09/25 15:01:47.846405, 0] ../lib/util/util.c:514(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2019/09/25 15:01:47.846921, 0] ../lib/util/util.c:514(dump_data) [2019/09/25 15:01:47.847455, 3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2476 [2019/09/25 15:01:47.847807, 5] ../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu) signed SMB2 message [2019/09/25 15:01:47.850773, 0] ../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu) Bad SMB2 signature for message [2019/09/25 15:01:47.850999, 0] ../lib/util/util.c:514(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2019/09/25 15:01:47.851345, 0] ../lib/util/util.c:514(dump_data) [2019/09/25 15:01:47.851726, 3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2476 Kindly do the needful. Thanks, Vignesh.
Andrew Bartlett
2019-Sep-25 10:58 UTC
[Samba] In mac guest user is not working when AD connected - samba 4.9.3
On Wed, 2019-09-25 at 16:24 +0530, VigneshDhanraj G via samba wrote:> Hi Team, > > I have configured server signing as mandatory in smb.conf. After > configured, guest user is not working when AD is connected. > > In mac while connecting to samba if i give register user as vignesh/guest, > guest user is working. But if I click Guest radio button, guest user is not > working.server signing as mandetory makes no sense with a guest connection, where there is no password with which to secure the session. You need to decide on one or the other. I hope this clarifies things, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
VigneshDhanraj G
2019-Sep-25 12:17 UTC
[Samba] In mac guest user is not working when AD connected - samba 4.9.3
Hi Andrew, If I give register user as vignesh/guest, its working fine. While selecting the Guest radio button, guest user is not working. Guest user is working fine without AD connection. Kindly do the needful. Thanks, Vignesh. On Wed, Sep 25, 2019 at 4:28 PM Andrew Bartlett <abartlet at samba.org> wrote:> On Wed, 2019-09-25 at 16:24 +0530, VigneshDhanraj G via samba wrote: > > Hi Team, > > > > I have configured server signing as mandatory in smb.conf. After > > configured, guest user is not working when AD is connected. > > > > In mac while connecting to samba if i give register user as > vignesh/guest, > > guest user is working. But if I click Guest radio button, guest user is > not > > working. > > server signing as mandetory makes no sense with a guest connection, > where there is no password with which to secure the session. > > You need to decide on one or the other. > > I hope this clarifies things, > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > >
Possibly Parallel Threads
- In mac guest user is not working when AD connected - samba 4.9.3
- In mac guest user is not working when AD connected - samba 4.9.3
- In mac guest user is not working when AD connected - samba 4.9.3
- Not Able to access cifs when AD connected to different network
- After configured server signing, file transfer speed is very slow