[wpkg-users] Samba problem

Pendl Stefan stefan.pendl at haidlmair.at
Thu Sep 17 17:38:57 CEST 2009 

>
> Marco Gaiarin wrote:
> > Mandi! Dennis Kuhlmeier
> >   In chel di` si favelave...
> >
> >> This is mostly the same as our netlogon shares, I believe
> "guest ok"
> >> is the most essential option here. Too bad I don't have a copy of
> >
> > 'guest user' are defined and indeed work? Seems to me that
> yoor probrem
> > arise from the guest access not working.
> >
> > I have:
> >
> >     guest account = guest
> >     map to guest = Bad User
> >
>
> I tried
>
> map to guest = Bad User
> map to guest = Bad Password
>
> I hope the following isn't too confusing. Just being thorough...
> Both mappings work fine from another Linux machine which is not in
> the domain:
>
> [root at host mnt]# mount -t cifs //host2/wpkg /mnt/help
> Password:
> [root at host mnt]# umount help
> [root at host mnt]# mount -t cifs //host2/wpkg /mnt/help
> Password:
> [root at host mnt]# umount help
>
> Although there is something strange about using user "guest"
>
> If guest user is mapped to bad user, the following happens
> (I entered a wrong password on purpose in all cases!)
> [root at host mnt]# mount -t cifs -o username=valid_user //host2/wpkg
> /mnt/help
> Password:
> mount error 13 = Permission denied
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> [root at host mnt]# mount -t cifs -o username=guest //host2/wpkg
> /mnt/help
> Password:
> mount error 13 = Permission denied
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
>
> As you can see, a wrong password with a valid user fails as does
> user guest! Any other invalid user on the other hand can log in!
>
> Now I tried with "bad password" setting Samba:
> [root at host mnt]# mount -t cifs -o username=valid_user //host2/wpkg
> /mnt/help
> Password:
> [root at host mnt]# umount help
> [root at host mnt]# mount -t cifs -o username=guest //host2/wpkg
> /mnt/help
> Password:
> mount error 13 = Permission denied
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
>
> Again user guest fails, although I could log in with a wrong
> password as a valid user.
> On the server user guest is unknown!
> [root at host2 samba]# id guest
> id: guest: No such user
>
> [root at host2 samba]# pdbedit -vu guest
> Username not found!
>
> The initial error thus is not shown in the log at any time while I'm
> trying around with this...
> [2009/09/17 17:05:28, 0] smbd/service.c:make_connection_snum(850)
>   make_connection: connection to wpkg denied due to security
> descriptor.
>
> Any more ideas?
> Does anybody actually have the wpkg share on the domain controller?
>
> Regards and thanks,
>
> Dennis
>

The security settings on a domain controller are very restrictive and the guest access is disabled anyways.

It is not a good idea to use a domain controller for anything else, than a domain controller.

I would create a special user called wpkg with a separate group and map bad users to it.
The wpkg user does only have permissions to the wpkg file share.

---
Stefan

More information about the wpkg-users mailing list