Bug 3002 - parameter "guest account" in smb.conf seems to be ignored.
Summary: parameter "guest account" in smb.conf seems to be ignored.
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.14a
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-15 00:41 UTC by Fabio Muzzi Frabetti
Modified: 2020-12-20 18:23 UTC (History)
0 users

See Also:


Attachments
Log and config of the offending Samba server (58.47 KB, application/octet-stream)
2005-08-17 07:45 UTC, Fabio Muzzi Frabetti
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Fabio Muzzi Frabetti 2005-08-15 00:41:05 UTC
I am running Samba 3.0.14a (Debian packages for Sarge)

It seems that even if I set the directive "guest account" to some other user,
Samba still maps guest account to the default guest user "nobody".

I have set up a server with this config (I report only useful lines):

[general]
 guest account = guest
 map to guest = bad user
 passdb backend = tdbsam guest

[guest_share]
  guest ok = yes
  read list = guest
  read only = no

I have run "testparm -v" and there are no errors. The "guest account" directive
seems to have been parsed correctly, but when I connect with a non-existent
user, I get mapped to the user "nobody", which is default for guest account,
instead of the username "guest" which I have set up.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-08-15 05:14:01 UTC
is the [general] section in you example a typo?  
If so, then that is the problem I assume.  It should
be [global].
Comment 2 Fabio Muzzi Frabetti 2005-08-15 07:39:56 UTC
Sorry, it's a typo in the report. It's [global] in the config file. And since
testparms -v gives no errors, no warnings, and reports that it has correctly
read the "guest account = guest" configration entry, I suppose that the config
file should be all right.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-16 15:37:29 UTC
could you attach a level 10 debug log and your smb.conf with 
this report?  Thanks.
Comment 4 Fabio Muzzi Frabetti 2005-08-17 07:45:06 UTC
You will find attached a file named "log_and_config.zip" that contains the
complete config file and a log file obtained by logging in from my notebook,
using an username (kurgan) that does not exist in the customer's domain.

Customer's (and server's) domain is "IANUA", while my notebook does belong to
domain "KURGAN". I had tried even with a customer's PC that does not belong to
any domain, but now I cannot replicate that setup.

What I have done from the client is just open a window and type in it
"\\server", then I have tried to open the share named "drivers", but failed
because the user "nobody" has no file system access to that share.

The user "guest" exists both in /etc/passwd and in samba. In passwd it has a
disabled password, in samba it has an empty password. I have also tried using
another user instead of "guest" but I still get mapped to "nobody".
Comment 5 Fabio Muzzi Frabetti 2005-08-17 07:45:48 UTC
Created attachment 1383 [details]
Log and config of the offending Samba server
Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-08-17 08:40:01 UTC
The nodoby account already exists in your 
passdb.tdb file.  If you run 'pdbedit -x nobody',
restart smbd, that should clear things up.
Comment 7 Fabio Muzzi Frabetti 2005-08-17 08:54:01 UTC
This is not true, I have no "nobody" use in Samba. I have one in /etc/passwd, of
course. Here is a dump of my ssh session:

------------------
login as: root
Password:
Last login: Wed Aug 17 16:33:20 2005 from 62.123.154.74
server:~# smbpasswd -x nobody
Failed to delete entry for user nobody.
Failed to modify password entry for user nobody

server:~# pdbedit -L
root:0:root
flavio:1002:Flavio
portatile$:1010:PORTATILE$
ennio:1003:,,,
guest:1015:guest
utente-d5734606$:1011:UTENTE-D5734606$
luca:1001:,,,
rip:1007:Utente per macchine in riparazione,,,
flavio-5blaialp$:1009:FLAVIO-5BLAIALP$
ennio$:1008:ENNIO$
ennio2k$:1013:ENNIO2K$
lab$:1014:LAB$
ennioxp$:1012:ENNIOXP$
administrator:1004:,,,

server:~# pdbedit -x nobody
user nobody does not exist in the passdb
--------------

As you can see, I have no "nobody" user in Samba. I have indeed a "guest" user,
which I created as I have stated before.
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-08-17 09:18:34 UTC
ok.  Fair enough.  Somehow smbd has associated the default guest 
user with RID 501.  So whebn creating a guest session, it pulls 
that information.  But the vuid used in the share connection 
should use the 'guest account' value.  Does smbstatus also 
display 'nobody'?
Comment 9 Fabio Muzzi Frabetti 2005-08-17 09:42:01 UTC
Well, 501 is the ID for my "guest" user, as you can see here:

server:~# pdbedit -L -v  guest
Unix username:        guest
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-784407194-842192429-356550006-501
Primary Group SID:    S-1-5-21-784407194-842192429-356550006-514
Full Name:            guest
Home Directory:       \\server\guest
HomeDir Drive:
Logon Script:         logon.bat
Profile Path:
Domain:               IANUA
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time:         Fri, 13 Dec 1901 21:45:51 GMT
Password last set:    Fri, 05 Aug 2005 16:03:43 GMT
Password can change:  Fri, 05 Aug 2005 16:03:43 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

And when connecting using an invalid user, smbstatus shows:

server:~# smbstatus

Samba version 3.0.14a-Debian
PID     Username      Group         Machine
-------------------------------------------------------------------

Service      pid     machine       Connected at
-------------------------------------------------------
IPC$         21406   cozza         Wed Aug 17 18:38:51 2005
drivers      21406   cozza         Wed Aug 17 18:39:03 2005

No locked files

Please note that there are no users listed at all. Shouldn't be a "guest" or
"nobody" user shown in users list?

I really don't know what is happening.
Comment 10 Björn Jacke 2020-12-20 18:23:02 UTC
I don't know what is the problem in your setup but I haven't seen a problem with guest user in a recent samba release. If you still see errors with modern samba versions, please file a new bug report for that with a compact description how to reproduce the problem.