Neelakantan Kannappa (nkannapp)
2020-Jun-08 18:31 UTC
[Samba] [EXTERNAL] Could not access a share as a guest
Hi Ashok, That solved this issue and moved ahead of that IPC$ share access issue. Thanks for that. Now, I am seeing the below error. Please note I am new to samba world. Pardon me if I am asking for more. Meanwhile I too will check smb.conf online doc and my smb.conf for any conflicting configurations. [2020/06/08 12:23:08.982042, 5, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute) get_ea_dos_attribute: Cannot get attribute from EA on file 1d972c9a-6afe-4c46-ba77-7fdf8c24af5a#b079d2d8-0000-0000-0000-000000000000#3-snapshot.vhdx: Error = No data available [2020/06/08 12:23:08.982063, 10, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:3185(open_file_ntcreate) Thanks, Neelakantan K. -----Original Message----- From: Ashok Ramakrishnan <aramakrishnan at nasuni.com> Sent: Monday, June 8, 2020 7:24 PM To: Neelakantan Kannappa (nkannapp) <Neelakantan.Kannappa at quest.com> Subject: RE: [EXTERNAL] [Samba] Could not access a share as a guest CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. The "restrict anonymous = 2" setting in smb.conf is what (most likely) causes the mapping to IPC$ to fail as guest. As an experiment, u may want to set it to 1 (restrict anonymous = 1) and try. What that means in terms of security, you can find in smb.conf man page. Hope this helps. -Ashok -----Original Message----- From: samba <samba-bounces at lists.samba.org> On Behalf Of Neelakantan Kannappa (nkannapp) via samba Sent: Sunday, June 7, 2020 3:10 PM To: samba at lists.samba.org Subject: [EXTERNAL] [Samba] Could not access a share as a guest Hi Group, I have mentioned the details of the Samba and the Smb.conf. When I access the the configured share from a windows server 2019 server machine. I am getting the following error on the samba server side. Your help will be greatly appreciated. [2020/06/07 12:45:28.833238, 1] ../../source3/smbd/service.c:348(create_connection_session_info) create_connection_session_info: guest user (from session setup) not permitted to access this share (IPC$) [2020/06/07 12:45:28.833257, 1] ../../source3/smbd/service.c:531(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED Samba Version 4.11.6. Smb.conf/testparam -s # Global parameters [global] add share command = /hidden-path/cifs_add_share.sh async smb echo handler = Yes deadtime = 120 delete share command = /hidden-path/cifs_delete_share.sh disable spoolss = Yes domain master = No getwd cache = No hostname lookups = Yes kerberos method = system keytab load printers = No local master = No log file = /var/log/hidden-path/%m.log machine password timeout = 0 map to guest = Bad User max log size = 10240 max smbd processes = 132 preferred master = No printcap name = /dev/null restrict anonymous = 2 security = USER server min protocol = SMB2 server string = XXX. socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=4194304 SO_SNDBUF=1048576 template homedir = /home/%U template shell = /sbin/nologin unix extensions = No username map = /hidden-path/etc/samba/smbusers workgroup = MYGROUP idmap config * : backend = tdb block size = 4096 cups options = raw smb encrypt = No [OrBackupDevice] follow symlinks = No force unknown acl user = Yes guest ok = Yes guest only = Yes hosts allow = 169.254.183.198 10.230.135.160 10.230.135.111 127.0.0.1 include = /hidden-path/OrbBackupDevice.inc level2 oplocks = No mangled names = no oplocks = No path = /containers/OrbBackupDevice/OrbBackupRoot/ read only = No strict locking = No vfs objects = streams_depot acl_xattr customvfs acl_xattr:ignore hashes = yes -- $ cat /hidden-path/ etc/samba/smbusers nobody = guest $ $ /samba/usr/bin/pdbedit -L administrator:1004: xxx administrator $ $ cat /etc/passwd .. nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin ... $ -- NOTE: Tried with "force user (S) & force group(S_ to be that of the administrator" . That too did not help resolve the issue. Thanks, Neelakantan K. -- To unsubscribe from this list go to the following URL and read the instructions: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=02%7C01%7CNeelakantan.Kannappa%40quest.com%7C0463aab8cde843e21f7d08d80bb3670c%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637272212459229654&sdata=vgGa3qu3k%2FF4QVJ6lPon3UvjwNw%2Fs%2Bc3XKjsZLdnP9E%3D&reserved=0 This e-mail message and all attachments transmitted with it may contain privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message, all attachments and all copies and backups thereof.
Jeremy Allison
2020-Jun-08 20:19 UTC
[Samba] [EXTERNAL] Could not access a share as a guest
On Mon, Jun 08, 2020 at 06:31:59PM +0000, Neelakantan Kannappa (nkannapp) via samba wrote:> Hi Ashok, > > That solved this issue and moved ahead of that IPC$ share access issue. Thanks for that. > > Now, I am seeing the below error. > > Please note I am new to samba world. Pardon me if I am asking for more. > > Meanwhile I too will check smb.conf online doc and my smb.conf for any conflicting configurations. > > [2020/06/08 12:23:08.982042, 5, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute) > get_ea_dos_attribute: Cannot get attribute from EA on file 1d972c9a-6afe-4c46-ba77-7fdf8c24af5a#b079d2d8-0000-0000-0000-000000000000#3-snapshot.vhdx: Error = No data available > [2020/06/08 12:23:08.982063, 10, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:3185(open_file_ntcreate)That is not necessarily an error. The file may not have had the DOS attributes stored on it yet, if this is the first time it's being accessed by Samba (on read for example).
Neelakantan Kannappa (nkannapp)
2020-Jun-09 08:42 UTC
[Samba] [EXTERNAL] Could not access a share as a guest
Appreciate your help. Yes that is true. Those files are created by some other Application(which are shared through samba). Ran wireshark, captured the packets and filtered for SMB2. Attached SMB2 filtered packets in a plain text format. I don't know what is happening from the packet tracing. SMB did create request, create response and immediately close request & close response. Session logged off. Even I tried "ea support = no" that also did not help. Tried other alternative with below smb conf. # acl_xattr:ignore hashes = yes # acl_xattr:ignore system acls = yes # acl_xattr:default acl style = everyone Things work properly when windows client & samba server(linux) nodes are joined to a domain. Thanks, Neelakantan K. -----Original Message----- From: Jeremy Allison <jra at samba.org> Sent: Tuesday, June 9, 2020 1:50 AM To: Neelakantan Kannappa (nkannapp) <Neelakantan.Kannappa at quest.com> Cc: Ashok Ramakrishnan <aramakrishnan at nasuni.com>; samba at lists.samba.org Subject: Re: [Samba] [EXTERNAL] Could not access a share as a guest CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. On Mon, Jun 08, 2020 at 06:31:59PM +0000, Neelakantan Kannappa (nkannapp) via samba wrote:> Hi Ashok, > > That solved this issue and moved ahead of that IPC$ share access issue. Thanks for that. > > Now, I am seeing the below error. > > Please note I am new to samba world. Pardon me if I am asking for more. > > Meanwhile I too will check smb.conf online doc and my smb.conf for any conflicting configurations. > > [2020/06/08 12:23:08.982042, 5, pid=471, effective(0, 0), real(0, 0)] ../../source3/smbd/dosmode.c:449(get_ea_dos_attribute) > get_ea_dos_attribute: Cannot get attribute from EA on file > 1d972c9a-6afe-4c46-ba77-7fdf8c24af5a#b079d2d8-0000-0000-0000-000000000 > 000#3-snapshot.vhdx: Error = No data available > [2020/06/08 12:23:08.982063, 10, pid=471, effective(0, 0), real(0, 0)] > ../../source3/smbd/open.c:3185(open_file_ntcreate)That is not necessarily an error. The file may not have had the DOS attributes stored on it yet, if this is the first time it's being accessed by Samba (on read for example). -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: smb2-pcap.txt URL: <http://lists.samba.org/pipermail/samba/attachments/20200609/cec5994c/smb2-pcap.txt>
Seemingly Similar Threads
- [EXTERNAL] Could not access a share as a guest
- [EXTERNAL] Could not access a share as a guest
- Windows Clients are given access to parent directories of the path configured as a Share path
- How to build samba-debuginfo rpm from samaba source
- Samba 4.6.4 and Excel 2016 access denied if no Group mode permission