The Samba-Bugzilla – Bug 3002
parameter "guest account" in smb.conf seems to be ignored.
Last modified: 2009-04-04 08:03:00 UTC
I am running Samba 3.0.14a (Debian packages for Sarge)
It seems that even if I set the directive "guest account" to some other user,
Samba still maps guest account to the default guest user "nobody".
I have set up a server with this config (I report only useful lines):
guest account = guest
map to guest = bad user
passdb backend = tdbsam guest
guest ok = yes
read list = guest
read only = no
I have run "testparm -v" and there are no errors. The "guest account" directive
seems to have been parsed correctly, but when I connect with a non-existent
user, I get mapped to the user "nobody", which is default for guest account,
instead of the username "guest" which I have set up.
is the [general] section in you example a typo?
If so, then that is the problem I assume. It should
Sorry, it's a typo in the report. It's [global] in the config file. And since
testparms -v gives no errors, no warnings, and reports that it has correctly
read the "guest account = guest" configration entry, I suppose that the config
file should be all right.
could you attach a level 10 debug log and your smb.conf with
this report? Thanks.
You will find attached a file named "log_and_config.zip" that contains the
complete config file and a log file obtained by logging in from my notebook,
using an username (kurgan) that does not exist in the customer's domain.
Customer's (and server's) domain is "IANUA", while my notebook does belong to
domain "KURGAN". I had tried even with a customer's PC that does not belong to
any domain, but now I cannot replicate that setup.
What I have done from the client is just open a window and type in it
"\\server", then I have tried to open the share named "drivers", but failed
because the user "nobody" has no file system access to that share.
The user "guest" exists both in /etc/passwd and in samba. In passwd it has a
disabled password, in samba it has an empty password. I have also tried using
another user instead of "guest" but I still get mapped to "nobody".
Created attachment 1383 [details]
Log and config of the offending Samba server
The nodoby account already exists in your
passdb.tdb file. If you run 'pdbedit -x nobody',
restart smbd, that should clear things up.
This is not true, I have no "nobody" use in Samba. I have one in /etc/passwd, of
course. Here is a dump of my ssh session:
login as: root
Last login: Wed Aug 17 16:33:20 2005 from 220.127.116.11
server:~# smbpasswd -x nobody
Failed to delete entry for user nobody.
Failed to modify password entry for user nobody
server:~# pdbedit -L
rip:1007:Utente per macchine in riparazione,,,
server:~# pdbedit -x nobody
user nobody does not exist in the passdb
As you can see, I have no "nobody" user in Samba. I have indeed a "guest" user,
which I created as I have stated before.
ok. Fair enough. Somehow smbd has associated the default guest
user with RID 501. So whebn creating a guest session, it pulls
that information. But the vuid used in the share connection
should use the 'guest account' value. Does smbstatus also
Well, 501 is the ID for my "guest" user, as you can see here:
server:~# pdbedit -L -v guest
Unix username: guest
Account Flags: [U ]
User SID: S-1-5-21-784407194-842192429-356550006-501
Primary Group SID: S-1-5-21-784407194-842192429-356550006-514
Full Name: guest
Home Directory: \\server\guest
Logon Script: logon.bat
Logon time: 0
Logoff time: Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 21:45:51 GMT
Password last set: Fri, 05 Aug 2005 16:03:43 GMT
Password can change: Fri, 05 Aug 2005 16:03:43 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
And when connecting using an invalid user, smbstatus shows:
Samba version 3.0.14a-Debian
PID Username Group Machine
Service pid machine Connected at
IPC$ 21406 cozza Wed Aug 17 18:38:51 2005
drivers 21406 cozza Wed Aug 17 18:39:03 2005
No locked files
Please note that there are no users listed at all. Shouldn't be a "guest" or
"nobody" user shown in users list?
I really don't know what is happening.