Neelakantan Kannappa (nkannapp)
2020-Jun-08 18:31 UTC
[Samba] [EXTERNAL] Could not access a share as a guest
Hi Ashok,
That solved this issue and moved ahead of that IPC$ share access issue. Thanks
for that.
Now, I am seeing the below error.
Please note I am new to samba world. Pardon me if I am asking for more.
Meanwhile I too will check smb.conf online doc and my smb.conf for any
conflicting configurations.
[2020/06/08 12:23:08.982042, 5, pid=471, effective(0, 0), real(0, 0)]
../../source3/smbd/dosmode.c:449(get_ea_dos_attribute)
get_ea_dos_attribute: Cannot get attribute from EA on file
1d972c9a-6afe-4c46-ba77-7fdf8c24af5a#b079d2d8-0000-0000-0000-000000000000#3-snapshot.vhdx:
Error = No data available
[2020/06/08 12:23:08.982063, 10, pid=471, effective(0, 0), real(0, 0)]
../../source3/smbd/open.c:3185(open_file_ntcreate)
Thanks,
Neelakantan K.
-----Original Message-----
From: Ashok Ramakrishnan <aramakrishnan at nasuni.com>
Sent: Monday, June 8, 2020 7:24 PM
To: Neelakantan Kannappa (nkannapp) <Neelakantan.Kannappa at quest.com>
Subject: RE: [EXTERNAL] [Samba] Could not access a share as a guest
CAUTION: This email originated from outside of the organization. Do not follow
guidance, click links, or open attachments unless you recognize the sender and
know the content is safe.
The "restrict anonymous = 2" setting in smb.conf is what (most likely)
causes the mapping to IPC$ to fail as guest.
As an experiment, u may want to set it to 1 (restrict anonymous = 1) and try.
What that means in terms of security, you can find in smb.conf man page.
Hope this helps.
-Ashok
-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Neelakantan
Kannappa (nkannapp) via samba
Sent: Sunday, June 7, 2020 3:10 PM
To: samba at lists.samba.org
Subject: [EXTERNAL] [Samba] Could not access a share as a guest
Hi Group,
I have mentioned the details of the Samba and the Smb.conf.
When I access the the configured share from a windows server 2019 server
machine.
I am getting the following error on the samba server side. Your help will be
greatly appreciated.
[2020/06/07 12:45:28.833238, 1]
../../source3/smbd/service.c:348(create_connection_session_info)
create_connection_session_info: guest user (from session setup) not permitted
to access this share (IPC$)
[2020/06/07 12:45:28.833257, 1]
../../source3/smbd/service.c:531(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
Samba Version 4.11.6.
Smb.conf/testparam -s
# Global parameters
[global]
add share command = /hidden-path/cifs_add_share.sh
async smb echo handler = Yes
deadtime = 120
delete share command = /hidden-path/cifs_delete_share.sh
disable spoolss = Yes
domain master = No
getwd cache = No
hostname lookups = Yes
kerberos method = system keytab
load printers = No
local master = No
log file = /var/log/hidden-path/%m.log
machine password timeout = 0
map to guest = Bad User
max log size = 10240
max smbd processes = 132
preferred master = No
printcap name = /dev/null
restrict anonymous = 2
security = USER
server min protocol = SMB2
server string = XXX.
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=4194304
SO_SNDBUF=1048576
template homedir = /home/%U
template shell = /sbin/nologin
unix extensions = No
username map = /hidden-path/etc/samba/smbusers
workgroup = MYGROUP
idmap config * : backend = tdb
block size = 4096
cups options = raw
smb encrypt = No
[OrBackupDevice]
follow symlinks = No
force unknown acl user = Yes
guest ok = Yes
guest only = Yes
hosts allow = 169.254.183.198 10.230.135.160 10.230.135.111 127.0.0.1
include = /hidden-path/OrbBackupDevice.inc
level2 oplocks = No
mangled names = no
oplocks = No
path = /containers/OrbBackupDevice/OrbBackupRoot/
read only = No
strict locking = No
vfs objects = streams_depot acl_xattr customvfs
acl_xattr:ignore hashes = yes
--
$ cat /hidden-path/ etc/samba/smbusers
nobody = guest
$
$ /samba/usr/bin/pdbedit -L
administrator:1004: xxx administrator
$
$ cat /etc/passwd
..
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin ...
$
--
NOTE: Tried with "force user (S) & force group(S_ to be that of the
administrator" . That too did not help resolve the issue.
Thanks,
Neelakantan K.
--
To unsubscribe from this list go to the following URL and read the
instructions:
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=02%7C01%7CNeelakantan.Kannappa%40quest.com%7C0463aab8cde843e21f7d08d80bb3670c%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637272212459229654&sdata=vgGa3qu3k%2FF4QVJ6lPon3UvjwNw%2Fs%2Bc3XKjsZLdnP9E%3D&reserved=0
This e-mail message and all attachments transmitted with it may contain
privileged and/or confidential information intended solely for the use of the
addressee(s). If the reader of this message is not the intended recipient, you
are hereby notified that any reading, dissemination, distribution, copying,
forwarding or other use of this message or its attachments is strictly
prohibited. If you have received this message in error, please notify the sender
immediately and delete this message, all attachments and all copies and backups
thereof.
Jeremy Allison
2020-Jun-08 20:19 UTC
[Samba] [EXTERNAL] Could not access a share as a guest
On Mon, Jun 08, 2020 at 06:31:59PM +0000, Neelakantan Kannappa (nkannapp) via samba wrote:> Hi Ashok, > > That solved this issue and moved ahead of that IPC$ share access issue. Thanks for that. > > Now, I am seeing the below error. > > Please note I am new to samba world. Pardon me if I am asking for more. > > Meanwhile I too will check smb.conf online doc and my smb.conf for any conflicting configurations. > > [2020/06/08 12:23:08.982042, 5, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute) > get_ea_dos_attribute: Cannot get attribute from EA on file 1d972c9a-6afe-4c46-ba77-7fdf8c24af5a#b079d2d8-0000-0000-0000-000000000000#3-snapshot.vhdx: Error = No data available > [2020/06/08 12:23:08.982063, 10, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:3185(open_file_ntcreate)That is not necessarily an error. The file may not have had the DOS attributes stored on it yet, if this is the first time it's being accessed by Samba (on read for example).
Neelakantan Kannappa (nkannapp)
2020-Jun-09 08:42 UTC
[Samba] [EXTERNAL] Could not access a share as a guest
Appreciate your help. Yes that is true. Those files are created by some other Application(which are shared through samba). Ran wireshark, captured the packets and filtered for SMB2. Attached SMB2 filtered packets in a plain text format. I don't know what is happening from the packet tracing. SMB did create request, create response and immediately close request & close response. Session logged off. Even I tried "ea support = no" that also did not help. Tried other alternative with below smb conf. # acl_xattr:ignore hashes = yes # acl_xattr:ignore system acls = yes # acl_xattr:default acl style = everyone Things work properly when windows client & samba server(linux) nodes are joined to a domain. Thanks, Neelakantan K. -----Original Message----- From: Jeremy Allison <jra at samba.org> Sent: Tuesday, June 9, 2020 1:50 AM To: Neelakantan Kannappa (nkannapp) <Neelakantan.Kannappa at quest.com> Cc: Ashok Ramakrishnan <aramakrishnan at nasuni.com>; samba at lists.samba.org Subject: Re: [Samba] [EXTERNAL] Could not access a share as a guest CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. On Mon, Jun 08, 2020 at 06:31:59PM +0000, Neelakantan Kannappa (nkannapp) via samba wrote:> Hi Ashok, > > That solved this issue and moved ahead of that IPC$ share access issue. Thanks for that. > > Now, I am seeing the below error. > > Please note I am new to samba world. Pardon me if I am asking for more. > > Meanwhile I too will check smb.conf online doc and my smb.conf for any conflicting configurations. > > [2020/06/08 12:23:08.982042, 5, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute) > get_ea_dos_attribute: Cannot get attribute from EA on file > 1d972c9a-6afe-4c46-ba77-7fdf8c24af5a#b079d2d8-0000-0000-0000-000000000 > 000#3-snapshot.vhdx: Error = No data available > [2020/06/08 12:23:08.982063, 10, pid=471, effective(0, 0), real(0, 0)] > ../../source3/smbd/open.c:3185(open_file_ntcreate)That is not necessarily an error. The file may not have had the DOS attributes stored on it yet, if this is the first time it's being accessed by Samba (on read for example). -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: smb2-pcap.txt URL: <http://lists.samba.org/pipermail/samba/attachments/20200609/cec5994c/smb2-pcap.txt>
Possibly Parallel Threads
- [EXTERNAL] Could not access a share as a guest
- [EXTERNAL] Could not access a share as a guest
- Windows Clients are given access to parent directories of the path configured as a Share path
- How to build samba-debuginfo rpm from samaba source
- Samba 4.6.4 and Excel 2016 access denied if no Group mode permission