samba 3.0 does not list servers when "map to guest = bad user" ?

• Previous message: Tom: "Re: Hoax: Re: What up with www.debian.org ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 21 Nov 2003 02:02:07 -0800
To: debian-user <debian-user@lists.debian.org>

Hello,

I've been trying to configure a samba 3.0 server to play nicely both
with smbclient and with MS windows. The server in question is running
samba 3.0.0final-1 with the default smb.conf file (for now).

At present, if I try to view the list of shares from within windows, I
get a login dialog box and cannot proceed. Using 'smbclient -L', I can
view the list of shares and servers - just like I want it to be.

The way I had fixed the problem with windows before, within samba 2.x,
was to set "map to guest = bad user", which set up fallback to guest
access the way I wanted it to. Unfortunately, when I do that with samba
3.0 I cannot get a list of servers when I connect using a "bad"
username.

This is what happens when "map to guest = never", the default if not
specified (user adsfsadf does not exist):

******begin******
bugfood@bugfood:~$ smbclient -N -U adsfsadf -L darwin
Anonymous login successful

         Sharename Type Comment
         --------- ---- -------
         print$ Disk Printer Drivers
         IPC$ IPC IPC Service (darwin server (Samba
3.0.0-Debian))
         ADMIN$ IPC IPC Service (darwin server (Samba
3.0.0-Debian))
Anonymous login successful

         Server Comment
         --------- -------
         BEAUTY The Wins Server
         DARWIN darwin server (Samba 3.0.0-Debian)

         Workgroup Master
         --------- -------
         CZR BEAUTY
*******end*******

...and this is what happens when "map to guest = bad user". Note that
the "Server" section is empty.

******begin******
bugfood@bugfood:~$ smbclient -N -U adsfsadf -L darwin

         Sharename Type Comment
         --------- ---- -------
         print$ Disk Printer Drivers
         IPC$ IPC IPC Service (darwin server (Samba
3.0.0-Debian))
         ADMIN$ IPC IPC Service (darwin server (Samba
3.0.0-Debian))

         Server Comment
         --------- -------

         Workgroup Master
         --------- -------
         CZR BEAUTY
*******end*******

Interestingly enough, when I connect using smbclient from samba 2.x, the
servers are still listed even if "map to guest = bad user". The only
difference in the output is that "Anonymous login successful" is shown
when "map to guest = never".

Also, I can specify "-U nobody" to smbclient v3.0, but I'd rather not do
so unless that's really the only clean way to solve the problem. Regular
connections to a share ("smbclient //server/sharename") seem to get
mapped to guest properly without having to specify user nobody.

So, (finally) my question is this:
How can I properly enable guess access on the samba server such that
windows can access the shares without getting a password prompt, and
smbclient v3.0 can see the list of servers without specifying "-U
nobody"?

By now you might be wondering why seeing the server list is so important
to me when there's only two servers listed. :) Actually, I'm trying to
work out a fix for this so I can appropriately change the configuration
of a wins server. Right now I'm just messing with a test-box, but the
symptoms are the same.

For convenience, I'm attaching a copy of my smb.conf file (it's the
default configuration anyway, though).

Thanks in advance for any help,
Corey

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = czr

# server string is the equivalent of the NT Description field
   server string = %h server (Samba %v)

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
; wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z

# If we receive WINS server info from DHCP, override the options above.
   include = /etc/samba/dhcp.conf

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast

#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
; syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
# package for details.
; security = user

# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
   encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
   passdb backend = tdbsam guest

   obey pam restrictions = yes

; guest account = nobody
   invalid users = root

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
; unix password sync = no

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Augustin Luton <aluton@hybrigenics.fr> for
# sending the correct chat script for the passwd program in Debian Potato).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
; pam password change = no

########## Printing ##########

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes

# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap

# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups

# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
; printer admin = @ntadmin

######## File sharing ########

# Name mangling options
; preserve case = yes
; short preserve case = yes

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY

# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
; domain master = auto

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash

#======================= Share Definitions =======================

[homes]
   comment = Home Directories
   browseable = no

# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
   writable = no

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no

[printers]
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = no
   writable = no
   create mode = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
; write list = root, @ntadmin

# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes

# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Tom: "Re: Hoax: Re: What up with www.debian.org ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]