Bug 3002 - parameter "guest account" in smb.conf seems to be ignored.
parameter "guest account" in smb.conf seems to be ignored.
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
x86 Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2005-08-15 00:41 UTC by Fabio Muzzi Frabetti
Modified: 2009-04-04 08:03 UTC (History)
0 users

See Also:

Log and config of the offending Samba server (58.47 KB, application/octet-stream)
2005-08-17 07:45 UTC, Fabio Muzzi Frabetti
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Fabio Muzzi Frabetti 2005-08-15 00:41:05 UTC
I am running Samba 3.0.14a (Debian packages for Sarge)

It seems that even if I set the directive "guest account" to some other user,
Samba still maps guest account to the default guest user "nobody".

I have set up a server with this config (I report only useful lines):

 guest account = guest
 map to guest = bad user
 passdb backend = tdbsam guest

  guest ok = yes
  read list = guest
  read only = no

I have run "testparm -v" and there are no errors. The "guest account" directive
seems to have been parsed correctly, but when I connect with a non-existent
user, I get mapped to the user "nobody", which is default for guest account,
instead of the username "guest" which I have set up.
Comment 1 Gerald (Jerry) Carter 2005-08-15 05:14:01 UTC
is the [general] section in you example a typo?  
If so, then that is the problem I assume.  It should
be [global].
Comment 2 Fabio Muzzi Frabetti 2005-08-15 07:39:56 UTC
Sorry, it's a typo in the report. It's [global] in the config file. And since
testparms -v gives no errors, no warnings, and reports that it has correctly
read the "guest account = guest" configration entry, I suppose that the config
file should be all right.
Comment 3 Gerald (Jerry) Carter 2005-08-16 15:37:29 UTC
could you attach a level 10 debug log and your smb.conf with 
this report?  Thanks.
Comment 4 Fabio Muzzi Frabetti 2005-08-17 07:45:06 UTC
You will find attached a file named "log_and_config.zip" that contains the
complete config file and a log file obtained by logging in from my notebook,
using an username (kurgan) that does not exist in the customer's domain.

Customer's (and server's) domain is "IANUA", while my notebook does belong to
domain "KURGAN". I had tried even with a customer's PC that does not belong to
any domain, but now I cannot replicate that setup.

What I have done from the client is just open a window and type in it
"\\server", then I have tried to open the share named "drivers", but failed
because the user "nobody" has no file system access to that share.

The user "guest" exists both in /etc/passwd and in samba. In passwd it has a
disabled password, in samba it has an empty password. I have also tried using
another user instead of "guest" but I still get mapped to "nobody".
Comment 5 Fabio Muzzi Frabetti 2005-08-17 07:45:48 UTC
Created attachment 1383 [details]
Log and config of the offending Samba server
Comment 6 Gerald (Jerry) Carter 2005-08-17 08:40:01 UTC
The nodoby account already exists in your 
passdb.tdb file.  If you run 'pdbedit -x nobody',
restart smbd, that should clear things up.
Comment 7 Fabio Muzzi Frabetti 2005-08-17 08:54:01 UTC
This is not true, I have no "nobody" use in Samba. I have one in /etc/passwd, of
course. Here is a dump of my ssh session:

login as: root
Last login: Wed Aug 17 16:33:20 2005 from
server:~# smbpasswd -x nobody
Failed to delete entry for user nobody.
Failed to modify password entry for user nobody

server:~# pdbedit -L
rip:1007:Utente per macchine in riparazione,,,

server:~# pdbedit -x nobody
user nobody does not exist in the passdb

As you can see, I have no "nobody" user in Samba. I have indeed a "guest" user,
which I created as I have stated before.
Comment 8 Gerald (Jerry) Carter 2005-08-17 09:18:34 UTC
ok.  Fair enough.  Somehow smbd has associated the default guest 
user with RID 501.  So whebn creating a guest session, it pulls 
that information.  But the vuid used in the share connection 
should use the 'guest account' value.  Does smbstatus also 
display 'nobody'?
Comment 9 Fabio Muzzi Frabetti 2005-08-17 09:42:01 UTC
Well, 501 is the ID for my "guest" user, as you can see here:

server:~# pdbedit -L -v  guest
Unix username:        guest
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-784407194-842192429-356550006-501
Primary Group SID:    S-1-5-21-784407194-842192429-356550006-514
Full Name:            guest
Home Directory:       \\server\guest
HomeDir Drive:
Logon Script:         logon.bat
Profile Path:
Domain:               IANUA
Account desc:
Munged dial:
Logon time:           0
Logoff time:          Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time:         Fri, 13 Dec 1901 21:45:51 GMT
Password last set:    Fri, 05 Aug 2005 16:03:43 GMT
Password can change:  Fri, 05 Aug 2005 16:03:43 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT
Last bad password   : 0
Bad password count  : 0

And when connecting using an invalid user, smbstatus shows:

server:~# smbstatus

Samba version 3.0.14a-Debian
PID     Username      Group         Machine

Service      pid     machine       Connected at
IPC$         21406   cozza         Wed Aug 17 18:38:51 2005
drivers      21406   cozza         Wed Aug 17 18:39:03 2005

No locked files

Please note that there are no users listed at all. Shouldn't be a "guest" or
"nobody" user shown in users list?

I really don't know what is happening.