Rowland Penny
2025-Jan-17 21:39 UTC
[Samba] Different behavior when client uses "sec=none" and when provides bad user (mapped to guest)
On Fri, 17 Jan 2025 22:32:03 +0100 Carlos Alberto Balseiro Mayi via samba <samba at lists.samba.org> wrote:> ? > HI everyone. > > I've been analyzing a problem with an embedded Linux/FPGA device that > in some cases was failing to run properly when using files from a > samba share. After some time I've found it is related to Samba bug > 12783 and setting kernel oplocks on global fix the issue. > > But while looking at that I have found a strange behavior I can't > understand. I have guest ok = yes on the share and map to guest = Bad > User on global. > > If I mount the share with a bad user, everything works OK and I can > see the device lock on the file with smbstatus. > > But if I mount the samba share with sec=none , the program will throw > an error, I think because it wasn't able to adquire a lock on the > file - I don't see a lock in smbstatus. > > In both cases the connection is assigned to nobody, as configured for > guest connections. I run samba 4.20.5 on Truenas Scale 24.10 . I have > attached to this mail: > > - the output of testparm -s > > - the audit logs provided by Truenas when I connect with bad user and > with sec=none > > - the smbstatus when connected with bad user and with sec=none > > Any idea what can be happening? > > Best Regards, > > Carlos A. BalseiroThis list strips attachments, please post again but this time add the attachments inline or post them somewhere and provide links. Rowland
Carlos Alberto Balseiro Mayi
2025-Jan-17 21:55 UTC
[Samba] Different behavior when client uses "sec=none" and when provides bad user (mapped to guest)
testparm -s output:> Load smb config files from /etc/smb4.conf > Loaded services file OK. > Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility > fallback) > > Server role: ROLE_STANDALONE > > # Global parameters > [global] > bind interfaces only = Yes > disable spoolss = Yes > dns proxy = No > load printers = No > logging = file > map to guest = Bad User > max log size = 5120 > passdb backend = tdbsam:/var/run/samba-cache/private/passdb.tdb > printcap name = /dev/null > registry shares = Yes > server multi channel support = No > server string = TrueNAS Server > winbind request timeout = 2 > workgroup = CORUSCANT > idmap config * : range = 90000001 - 100000000 > fruit:zero_file_id = False > fruit:nfs_aces = False > idmap config * : backend = tdb > create mask = 0664 > directory mask = 0775 > kernel oplocks = Yes > > (REMOVED INFO FROM SHARES NOT INVOLVED IN THIS) > > [descargas] > ea support = No > guest ok = Yes > path = /mnt/NAS/descargas > read only = No > smbd max xattr size = 2097152 > vfs objects = streams_xattr shadow_copy_zfs ixnas zfs_core io_uring > tn:vuid > fruit:time machine max size = 0 > fruit:time machine = False > nfs4:chown = True > tn:home = False > tn:path_suffix > tn:purpose = MULTI_PROTOCOL_NFSAudit bad user:> Logon ID: '0' > Logon Type: 3 > Local Address: ipv4:192.168.1.4:445 > Remote Address: ipv4:192.168.1.100:55186 > Service Description: SMB2 > Auth Description: Null > Client Domain: '' > Client Account: badusertest > Workstation: '' > Became Account: Null > Became Domain: Null > Became Sid: Null > Mapped Account: badusertest > Mapped Domain: '' > Netlogon Computer: Null > Netlogon Trust Account: Null > Netlogon Negotiate Flags: '0x00000000' > Netlogon Secure Channel Type: 0 > Netlogon Trust Account Sid: Null > Password Type: NTLMv2 > Client Policy Access Check: Null > Server Policy Access Check: Null > Vers: > Major: 0 > Minor: 1 > Result: > Type: NTSTATUS > Value Raw: 3221225572 > Value Parsed: NT_STATUS_NO_SUCH_USERsmbstatus bad user:> Samba version 4.20.5-truenas > PID Username Group Machine > Protocol Version Encryption Signing > ---------------------------------------------------------------------------------------------------------------------------------------- > 193273 nobody nogroup 192.168.1.100 > (ipv4:192.168.1.100:55188) SMB3_11 - - > 102411 nobody nogroup 192.168.1.10 > (ipv4:192.168.1.10:47964) SMB3_11 - - > > Service pid Machine Connected at > Encryption Signing > --------------------------------------------------------------------------------------------- > IPC$ 102411 192.168.1.10 Fri Jan 17 18:53:13 2025 CET - > - > descargas 193273 192.168.1.100 Fri Jan 17 21:56:27 2025 CET - > - > Carpetas Personales 102411 192.168.1.10 Fri Jan 17 18:53:13 2025 CET > - - > IPC$ 193273 192.168.1.100 Fri Jan 17 21:56:27 2025 CET - > - > > Locked files: > Pid User(ID) DenyMode Access R/W Oplock > SharePath Name Time > -------------------------------------------------------------------------------------------------- > 193273 65534 DENY_NONE 0x12019f RDWR BATCH > /mnt/NAS/descargas MiSTer/games/AO486/media/another world/another > world.vhd Fri Jan 17 21:58:04 2025Audit sec=none :> Logon ID: '0' > Logon Type: 3 > Local Address: ipv4:192.168.1.4:445 > Remote Address: ipv4:192.168.1.100:43240 > Service Description: SMB2 > Auth Description: Null > Client Domain: '' > Client Account: '' > Workstation: '' > Became Account: nobody > Became Domain: TRUENAS > Became Sid: S-1-5-21-2028966449-1147323095-3560797536-501 > Mapped Account: '' > Mapped Domain: '' > Netlogon Computer: Null > Netlogon Trust Account: Null > Netlogon Negotiate Flags: '0x00000000' > Netlogon Secure Channel Type: 0 > Netlogon Trust Account Sid: Null > Password Type: No-Password > Client Policy Access Check: Null > Server Policy Access Check: Null > Vers: > Major: 0 > Minor: 1 > Result: > Type: NTSTATUS > Value Raw: 0 > Value Parsed: SUCCESSsmbstatus sec=none:> Samba version 4.20.5-truenas > PID Username Group Machine > Protocol Version Encryption Signing > ---------------------------------------------------------------------------------------------------------------------------------------- > 102411 nobody nogroup 192.168.1.10 > (ipv4:192.168.1.10:47964) SMB3_11 - - > 187450 nobody nogroup 192.168.1.100 > (ipv4:192.168.1.100:43240) SMB3_11 - - > > Service pid Machine Connected at > Encryption Signing > --------------------------------------------------------------------------------------------- > IPC$ 102411 192.168.1.10 Fri Jan 17 18:53:13 2025 CET - > - > IPC$ 187450 192.168.1.100 Fri Jan 17 21:44:41 2025 CET - > - > Carpetas Personales 102411 192.168.1.10 Fri Jan 17 18:53:13 2025 CET > - - > descargas 187450 192.168.1.100 Fri Jan 17 21:44:41 2025 CET - > - > > No locked filesBest Regards, Carlos A. Balseiro