Re: [Samba] guest not permitted to access share
I`ve fix the problem! I`ve add to my smb.conf in the source section: valid users = @DOMAIN+group1 DOMAIN+guest read list = @DOMAIN+group1 DOMAIN+guest and turn off guest ok = yes And everything work`s perfectly! Thank you for all! Jaco P.S. My english is not quite well ;-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] guest not permitted to access share
Good thought, should have tried this earlier. but yes it can access the filesystem. After I change the shell for nobody (it defaults to nologin) I can su to it and access the share. > -Original Message- > From: John Drescher [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 27, 2007 10:23 AM > To: Wayne Johnson > Cc: Jacek Kowalski; samba@lists.samba.org > Subject: Re: [Samba] guest not permitted to access share > > > On 9/27/07, Wayne Johnson <[EMAIL PROTECTED]> wrote: > > I'm having a similar problem. We're both using > security=ads. I tried security=domain, same issue. I'm > properly joined to the domain. It's a domain user that's > having the issue. If I set up a Unix account for them, it > works. I'd rather not have to set up 300 unix accounts just > for guest access. > > > > Could this be the same issue as having to prefix domain > users in write list with their domain? > > > Is the guest account (guest or nobody) able to able to access the > folder you are mounting as a samba share on your native unix > filesystem? > > John > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] guest not permitted to access share
Check the posix permissions in the shares are set to allow the group "nobody" (or whichever you are mapping as guest) to r/w. Check the logs at level 3, am willing to bet there is a Chdir/Permission Denied error somewhere... Carlos -Original Message- From: [EMAIL PROTECTED] on behalf of John Drescher Sent: Thu 9/27/2007 11:23 AM To: Wayne Johnson Cc: samba@lists.samba.org; Jacek Kowalski Subject: Re: [Samba] guest not permitted to access share On 9/27/07, Wayne Johnson <[EMAIL PROTECTED]> wrote: > I'm having a similar problem. We're both using security=ads. I tried > security=domain, same issue. I'm properly joined to the domain. It's a > domain user that's having the issue. If I set up a Unix account for them, it > works. I'd rather not have to set up 300 unix accounts just for guest access. > > Could this be the same issue as having to prefix domain users in write list > with their domain? > Is the guest account (guest or nobody) able to able to access the folder you are mounting as a samba share on your native unix filesystem? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] guest not permitted to access share
On 9/27/07, Wayne Johnson <[EMAIL PROTECTED]> wrote: > I'm having a similar problem. We're both using security=ads. I tried > security=domain, same issue. I'm properly joined to the domain. It's a > domain user that's having the issue. If I set up a Unix account for them, it > works. I'd rather not have to set up 300 unix accounts just for guest access. > > Could this be the same issue as having to prefix domain users in write list > with their domain? > Is the guest account (guest or nobody) able to able to access the folder you are mounting as a samba share on your native unix filesystem? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] guest not permitted to access share
I'm having a similar problem. We're both using security=ads. I tried security=domain, same issue. I'm properly joined to the domain. It's a domain user that's having the issue. If I set up a Unix account for them, it works. I'd rather not have to set up 300 unix accounts just for guest access. Could this be the same issue as having to prefix domain users in write list with their domain? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf > Of Jacek Kowalski > Sent: Thursday, September 27, 2007 12:47 AM > To: Lukasz Szybalski > Cc: samba@lists.samba.org > Subject: Re: [Samba] guest not permitted to access share > > > I have already done it before and nothig :( This same error. > > Jacek > > > Lukasz Szybalski napisał(a): > > try changing > > guest account = guest > > to > > guest account = nobody > > > > Lukasz > > > > On 9/26/07, Jacek Kowalski <[EMAIL PROTECTED]> wrote: > > > >> Hi! > >> > >> I have got the problem with my guest account. I can`t > access to the share. > >> > >> > >> The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP > >> Version of krb5 is 1.5-29 > >> > >> This is my smb.conf: > >> > >> [global] > >> # server string is the equivalent of the NT Description field > >> netbios name = SERVER > >> > >> # workgroup = NT-Domain-Name or Workgroup-Name > >> workgroup = DOMAIN > >> realm = DOMAIN.NET > >> security = ADS > >> password server = server.domain.net > >> winbind separator = + > >> allow trusted domains = No > >> #auth methods = guest sam winbind > >> idmap backend = idmap_rid:INFORNET=1000-65000 > >> idmap uid = 1000-65000 > >> idmap gid = 1000-65000 > >> template shell = /bin/bash > >> # template homedir = /home/ad/%D/%U > >> winbind use default domain = Yes > >> winbind enum users = No > >> winbind enum groups = No > >> winbind nested groups = Yes > >> #client use spnego = no > >> #server signing = auto > >> # this tells Samba to use a separate log file for each machine > >> # that connects > >> log file = /var/log/samba/%I.log > >> log level = 3 > >> # Put a capping on the size of the log files (in Kb). > >> max log size = 500 > >> smb ports = 139 > >> guest account = guest > >> encrypt passwords = yes > >> username map = /etc/samba/smbusers > >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > >> dns proxy = no > >> > >> [homes] > >> comment = Home Directories > >> browseable = no > >> writable = yes > >> create mask = 664 > >> directory mask = 0775 > >> > >> > >> [source1] > >> path = /home/source1 > >> public = yes > >> valid users = @DOMAIN+group1 > >> read list = @DOMAIN+group1 > >> write list = @DOMAIN+group1 > >> force group = group1 > >> writable = yes > >> printable = no > >> browseable = yes > >> create mask = 0665 > >> # valid users = @group1 > >> force directory mode = 0775 > >> guest ok = yes > >> # hosts deny = 192.168.6.194 > >> > >> > >> > >> Logs for Samba says: > >> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357) > >> using SPNEGO > >> [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580) > >> Selected protocol NT LM 0.12 > >> [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110) > >> Transaction 2 of length 256 > >> [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914) > >> switch message SMBsesssetupX (pid 12283) conn 0x0 > >> [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) > >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > >> [2007/09/26 08:01:48, 3] > smbd/sesssetup.c:reply_sesssetup_and_X(849) > >> wct=12 flg2=0xc807 > >> [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799) > >> setup_new_vc_session: New VC == 0, if NT4.x compatible we > would close > >> all old resources. > >> [2007/09/26 08:01:48, 3] > smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) > >> Doing spnego session setup > >> [2007/09/26 08:01:48, 3] > smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) >
Re: [Samba] guest not permitted to access share
I have already done it before and nothig :( This same error. Jacek Lukasz Szybalski napisał(a): try changing guest account = guest to guest account = nobody Lukasz On 9/26/07, Jacek Kowalski <[EMAIL PROTECTED]> wrote: Hi! I have got the problem with my guest account. I can`t access to the share. The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP Version of krb5 is 1.5-29 This is my smb.conf: [global] # server string is the equivalent of the NT Description field netbios name = SERVER # workgroup = NT-Domain-Name or Workgroup-Name workgroup = DOMAIN realm = DOMAIN.NET security = ADS password server = server.domain.net winbind separator = + allow trusted domains = No #auth methods = guest sam winbind idmap backend = idmap_rid:INFORNET=1000-65000 idmap uid = 1000-65000 idmap gid = 1000-65000 template shell = /bin/bash # template homedir = /home/ad/%D/%U winbind use default domain = Yes winbind enum users = No winbind enum groups = No winbind nested groups = Yes #client use spnego = no #server signing = auto # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%I.log log level = 3 # Put a capping on the size of the log files (in Kb). max log size = 500 smb ports = 139 guest account = guest encrypt passwords = yes username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no [homes] comment = Home Directories browseable = no writable = yes create mask = 664 directory mask = 0775 [source1] path = /home/source1 public = yes valid users = @DOMAIN+group1 read list = @DOMAIN+group1 write list = @DOMAIN+group1 force group = group1 writable = yes printable = no browseable = yes create mask = 0665 # valid users = @group1 force directory mode = 0775 guest ok = yes # hosts deny = 192.168.6.194 Logs for Samba says: [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580) Selected protocol NT LM 0.12 [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110) Transaction 2 of length 256 [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 12283) conn 0x0 [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) wct=12 flg2=0xc807 [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) Doing spnego session setup [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows 2002 Dodatek Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) Got OID 1 3 6 1 4 1 311 2 2 10 [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) Got secblob of size 40 [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110) Transaction 3 of length 366 [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 12283) conn 0x0 [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) wct=12 flg2=0xc807 [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) Doing spnego session setup [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows 2002 Dodatek Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) Got user=[guest] domain=[DOMAIN] workstation=[1-123] len1=24 len2=24 [2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155) Mapped user guest to nobody [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007
Re: [Samba] guest not permitted to access share
try changing guest account = guest to guest account = nobody Lukasz On 9/26/07, Jacek Kowalski <[EMAIL PROTECTED]> wrote: > Hi! > > I have got the problem with my guest account. I can`t access to the share. > > > The OS is Centos 5 Linux 2.6.18-8.1.10.el5 #1 SMP > Version of krb5 is 1.5-29 > > This is my smb.conf: > > [global] > # server string is the equivalent of the NT Description field > netbios name = SERVER > > # workgroup = NT-Domain-Name or Workgroup-Name > workgroup = DOMAIN > realm = DOMAIN.NET > security = ADS > password server = server.domain.net > winbind separator = + > allow trusted domains = No > #auth methods = guest sam winbind > idmap backend = idmap_rid:INFORNET=1000-65000 > idmap uid = 1000-65000 > idmap gid = 1000-65000 > template shell = /bin/bash > # template homedir = /home/ad/%D/%U > winbind use default domain = Yes > winbind enum users = No > winbind enum groups = No > winbind nested groups = Yes > #client use spnego = no > #server signing = auto > # this tells Samba to use a separate log file for each machine > # that connects > log file = /var/log/samba/%I.log > log level = 3 > # Put a capping on the size of the log files (in Kb). > max log size = 500 > smb ports = 139 > guest account = guest > encrypt passwords = yes > username map = /etc/samba/smbusers > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = no > > [homes] > comment = Home Directories > browseable = no > writable = yes > create mask = 664 > directory mask = 0775 > > > [source1] > path = /home/source1 > public = yes > valid users = @DOMAIN+group1 > read list = @DOMAIN+group1 > write list = @DOMAIN+group1 > force group = group1 > writable = yes > printable = no > browseable = yes > create mask = 0665 > # valid users = @group1 > force directory mode = 0775 > guest ok = yes > # hosts deny = 192.168.6.194 > > > > Logs for Samba says: > [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO > [2007/09/26 08:01:48, 3] smbd/negprot.c:reply_negprot(580) > Selected protocol NT LM 0.12 > [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110) > Transaction 2 of length 256 > [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 12283) conn 0x0 > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) > wct=12 flg2=0xc807 > [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) > Doing spnego session setup > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) > NativeOS=[Windows 2002 Dodatek Service Pack 2 2600] > NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 3 6 1 4 1 311 2 2 10 > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) > Got secblob of size 40 > [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe2088297 > [2007/09/26 08:01:48, 3] smbd/process.c:process_smb(1110) > Transaction 3 of length 366 > [2007/09/26 08:01:48, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 12283) conn 0x0 > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) > wct=12 flg2=0xc807 > [2007/09/26 08:01:48, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) > Doing spnego session setup > [2007/09/26 08:01:48, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) > NativeOS=[Windows 2002 Dodatek Service Pack 2 2600] > NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] > [2007/09/26 08:01:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) > Got user=[guest] domain=[DOMAIN] workstation=[1-123] len1=24 len2=24 > [2007/09/26 08:01:48, 3] smbd/map_username.c:map_username(155) > Mapped user guest to nobody > [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(221) > check_ntlm_password: Checking password for unmapped user > [EMAIL PROTECTED] with the new password interface > [2007/09/26 08:01:48, 3] auth/auth.c:check_ntlm_password(224) > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2007/09/26 08:01:48, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2007/09/26 08:01:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting se