Samba and guest access

English Network/Internet
#1

I’m setting up a simple samba share on my home network. I would like guest access (no prompt for username & pass) and write access on my /home dir. Right now, when I browse to my samba share it prompts for a username and pass despite having the allow guest options in my conf. It won’t even let me login to my own share with my current username and pass. I’ve tried many other options and commenting various lines in the global part but nothing works. Here’s my smb.conf


[global]
    workgroup = WORKGROUP
    netbios name = Devbook
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    include = /etc/samba/dhcp.conf
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = No
    domain logons = Yes
    domain master = Yes
    security = user
    wins support = No
    add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
    local master = Yes
    os level = 65
    preferred master = Yes
    wins server =
[users]
    comment = All users
    path = /home
    read only = No
    inherit acls = Yes
    veto files = /aquota.user/groups/shares/
    browseable = Yes
    create mask = 755
    directory mask = 755
    guest ok = Yes
    guest only = Yes
#2

On 1/22/2014 2:36 PM, own3dbydsquared wrote:
>
> I’m setting up a simple samba share on my home network. I would like
> guest access (no prompt for username & pass) and write access on my
> /home dir. Right now, when I browse to my samba share it prompts for a
> username and pass despite having the allow guest options in my conf. It
> won’t even let me login to my own share with my current username and
> pass. I’ve tried many other options and commenting various lines in the
> global part but nothing works. Here’s my smb.conf

own3dbydsquared;

What version of Samba are you using?


/usr/sbin/smbd -V

Is there any reason you have Samba configured as a PDC on a NT style domain? Seems like a bit of over kill for simple
file sharing.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

#3

Running

Version 4.1.3-3.12.1-3127-SUSE-oS13.1-x86_64

As for the PDC, there’s no reason except it was the way I could get it configured through YaST. If I do ‘Not a DC’ and join the domain anonymously I get the message ‘Error getting session_key of SAM pipe. Error was NT_STATUS_NO_USER_SESSION_KEY. Unable to join domain WORKGROUP.’ I mean whatever works, I’m ok with.

#4

On 1/22/2014 6:26 PM, own3dbydsquared wrote:
>
> venzkep;2618595 Wrote:
>>
>> What version of Samba are you using?
>>>
> Code:
> --------------------
> > >
> > /usr/sbin/smbd -V
> >
> --------------------
>>>
>>
>> Is there any reason you have Samba configured as a PDC on a NT style
>> domain? Seems like a bit of over kill for simple
>> file sharing.
> Running
> Code:
> --------------------
> Version 4.1.3-3.12.1-3127-SUSE-oS13.1-x86_64
> --------------------
>
> As for the PDC, there’s no reason except it was the way I could get it
> configured through YaST. If I do ‘Not a DC’ and join the domain
> anonymously I get the message ‘Error getting session_key of SAM pipe.
> Error was NT_STATUS_NO_USER_SESSION_KEY. Unable to join domain
> WORKGROUP.’ I mean whatever works, I’m ok with.
>
>
own3dbydsquared;

This HowTo is getting is a bit out of date but gives the basics for configuring Samba as a Workgroup computer.
http://www.swerdna.net.au/suselanprimer.html
There are a few adjustments you need to make for systemd.

When you access a share on the Linux machine, before a user can be mapped to guest, Samba must know that this is guest
access. There is no way to know unless you first try to authenticate. See the writeup on the security parameter in man
smb.conf. In particular this paragraph:

Note that the name of the resource being requested is not sent to the server until after the server has successfully
authenticated the client. This is why guest shares don’t work in user level security without allowing the server to
automatically map unknown users into the guest account. See the map to guest parameter for details on doing this.

Since you wish to access shares in your home directory. The Linux permissions must allow the Samba users to read/write
the files in the share. Since the Samba guest user is “nobody” in the “nobody” group, you will need to make the shared
files/directories world accessible.

The best way by far to handle this is to make sure you setup Samba users properly so you have proper authentication when
you log on and do not rely on “guest” access. The swerdna’s HowTo will give the details on creating samba users with
smbpasswd. The password you create with smbpasswd should be the Windows password. Your Windows machine will by default
pass the username/password of the logged on user. You can override this from the “Users” tab of the Control Panel.
You might be requested to authenticate the first time you try to access a share, but after that you should never get a
prompt. If you have Linux Clients, then KDE can be configured (Configure Desktop) to pass a given name and password.
Not sure about gnome.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

#5

On 1/22/2014 6:26 PM, own3dbydsquared wrote:
> As for the PDC, there’s no reason except it was the way I could get it
> configured through YaST. If I do ‘Not a DC’ and join the domain
> anonymously I get the message ‘Error getting session_key of SAM pipe.
> Error was NT_STATUS_NO_USER_SESSION_KEY. Unable to join domain
> WORKGROUP.’ I mean whatever works, I’m ok with.

Is there an AD in this mix? If not why are you trying to join a domain?

P.V.
“We’re all in this together, I’m pulling for you” Red Green

#6

Hmm this is not quite what I had in mind. I’d rather not have to make everything 777. So in this case, I’ll do what you said first and create a samba user with smbpasswd. From this command:

sudo pdbedit -L

I can list all users. Right now, only root is listed, not my linux user. So I tried to login to the share using root but that didn’t work…interesting. I also tried to do what swerdna’s HowTo said:

sudo smbpasswd -a william

but I can’t login with that newly created user either. Another issue, the password I use can’t be the same as the current linux user’s. Odd.

Nope, no active directory. Just a simple home network share.

#7

On 1/23/2014 11:36 PM, own3dbydsquared wrote:
>
> venzkep;2618638 Wrote:
>>
<snip>
>>
> Hmm this is not quite what I had in mind. I’d rather not have to make
> everything 777. So in this case, I’ll do what you said first and create
> a samba user with smbpasswd. From this command:
> Code:
> --------------------
> sudo pdbedit -L
> --------------------
> I can list all users. Right now, only root is listed, not my linux
> user. So I tried to login to the share using root but that didn’t
> work…interesting. I also tried to do what swerdna’s HowTo said:
> Code:
> --------------------
> sudo smbpasswd -a william
> --------------------
> but I can’t login with that newly created user either. Another issue,
> the password I use can’t be the same as the current linux user’s. Odd.
>
> venzkep;2618644 Wrote:
>>
>> Is there an AD in this mix? If not why are you trying to join a domain?
> Nope, no active directory. Just a simple home network share.
>
>
The Samba user you add with “smbpasswd -a” must be a valid Linux user name, but the password created is arbitrary. Make
your smb.conf conforms with Swerdna’s HowTo. The firewall has “Samba Server”, “Netbios Server” and “Samba Client” as
allowed services. Restart (or Start if not running) smbd and nmbd.


systemctl restart smb.service
systemctl restart nmb.service

If authentication is still a problem for you, add this parameter to /etc/samba/smb.conf


log level = 0 auth:3

Restart smbd and then check /var/log/samba/log.smbd to see why your user is not being authenticated.

When everything is working properly you should see something like the following in your logs:


[2014/01/24 00:26:22.355331,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
check_ntlm_password:  Checking password for unmapped user [SAL2]\[venzke]@[SAL2] with the new password interface
[2014/01/24 00:26:22.355657,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
check_ntlm_password:  mapped user is: [EULER3]\[venzke]@[SAL2]
[2014/01/24 00:26:22.358376,  3] ../source3/auth/auth.c:226(auth_check_ntlm_password)
check_ntlm_password: sam authentication for user [venzke] succeeded
[2014/01/24 00:26:22.358697,  2] ../source3/auth/auth.c:278(auth_check_ntlm_password)
check_ntlm_password:  authentication for user [venzke] -> [venzke] -> [venzke] succeeded

In the above log segment the user name is venzke, the client computer is SAL2 (Vista) and the Samba4 server is EULER3
(openSUSE 13.1)

P.V.
“We’re all in this together, I’m pulling for you” Red Green

#8

Yup I have both Samba server and client as allowed services. There is no Netbios server option.

Ok I added that line and here is the output with my smbpasswd -a created user which has to same username as my linux user but different password. (couldnt create with the same)

[2014/01/25 14:06:36.147885,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[anonymous]@[DEVBOOK] with the new password interface
[2014/01/25 14:06:36.148089,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[anonymous]@[DEVBOOK]
[2014/01/25 14:06:36.148330,  3] ../source3/auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'anonymous' in passdb.
[2014/01/25 14:06:36.148464,  3] ../source3/auth/auth_winbind.c:60(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
[2014/01/25 14:06:36.148556,  2] ../source3/auth/auth.c:288(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2014/01/25 14:06:36.148681,  3] ../source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
  No such user anonymous [WORKGROUP] - using guest account
[2014/01/25 14:06:37.403671,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[anonymous]@[DEVBOOK] with the new password interface
[2014/01/25 14:06:37.403831,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[anonymous]@[DEVBOOK]
[2014/01/25 14:06:37.403954,  3] ../source3/auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'anonymous' in passdb.
[2014/01/25 14:06:37.404030,  3] ../source3/auth/auth_winbind.c:60(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
[2014/01/25 14:06:37.404085,  2] ../source3/auth/auth.c:288(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2014/01/25 14:06:37.404148,  3] ../source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
  No such user anonymous [WORKGROUP] - using guest account
[2014/01/25 14:06:41.519280,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[linux_user]@[DEVBOOK] with the new password interface
[2014/01/25 14:06:41.519433,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[linux_user]@[DEVBOOK]
[2014/01/25 14:06:41.520513,  3] ../source3/auth/auth.c:226(auth_check_ntlm_password)
  check_ntlm_password: sam authentication for user [linux_user] succeeded
[2014/01/25 14:06:41.520635,  2] ../source3/auth/auth.c:278(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [linux_user] -> [linux_user] -> [linux_user] succeeded

So it succedded yet when I hit enter it stills prompts me for a username and password…

Now when I use my linux username and password here’s the output.

[2014/01/25 14:17:51.270453,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[anonymous]@[DEVBOOK] with the new password interface
[2014/01/25 14:17:51.270577,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[anonymous]@[DEVBOOK]
[2014/01/25 14:17:51.270691,  3] ../source3/auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'anonymous' in passdb.
[2014/01/25 14:17:51.270750,  3] ../source3/auth/auth_winbind.c:60(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
[2014/01/25 14:17:51.270794,  2] ../source3/auth/auth.c:288(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2014/01/25 14:17:51.270869,  3] ../source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
  No such user anonymous [WORKGROUP] - using guest account
[2014/01/25 14:17:53.392674,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[anonymous]@[DEVBOOK] with the new password interface
[2014/01/25 14:17:53.392809,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[anonymous]@[DEVBOOK]
[2014/01/25 14:17:53.392957,  3] ../source3/auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'anonymous' in passdb.
[2014/01/25 14:17:53.393036,  3] ../source3/auth/auth_winbind.c:60(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
[2014/01/25 14:17:53.393083,  2] ../source3/auth/auth.c:288(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2014/01/25 14:17:53.393143,  3] ../source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
  No such user anonymous [WORKGROUP] - using guest account
[2014/01/25 14:17:57.889053,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[linux_user]@[DEVBOOK] with the new password interface
[2014/01/25 14:17:57.889171,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[linux_user]@[DEVBOOK]
[2014/01/25 14:17:57.890003,  3] ../source3/auth/auth_winbind.c:60(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
[2014/01/25 14:17:57.890064,  2] ../source3/auth/auth.c:288(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [linux_user] -> [linux_user] FAILED with error NT_STATUS_WRONG_PASSWORD
[2014/01/25 14:17:57.890828,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user ]\]@] with the new password interface
[2014/01/25 14:17:57.890889,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\]@]
[2014/01/25 14:17:57.890960,  3] ../source3/auth/auth.c:226(auth_check_ntlm_password)
  check_ntlm_password: guest authentication for user ] succeeded

So this one also succeed but stills prompts me after I entered correct authentication. :\ Very strange.

#9

On 1/25/2014 1:26 PM, own3dbydsquared wrote:
>
> venzkep;2618913 Wrote:
>> The firewall has “Samba Server”, “Netbios Server” and “Samba Client” as
>> allowed services.
> Yup I have both Samba server and client as allowed services. There is no
> Netbios server option.

Well you should have the netbios server (nmb) started and allowed.
>
> venzkep;2618913 Wrote:
>> If authentication is still a problem for you, add this parameter to
>> /etc/samba/smb.conf
>>>
> Code:
> --------------------
> > >
> > log level = 0 auth:3
> >
> --------------------
>>>
>> Restart smbd and then check /var/log/samba/log.smbd to see why your
>> user is not being authenticated.
>>
> Ok I added that line and here is the output with my smbpasswd -a created
> user which has to same username as my linux user but different password.
> (couldnt create with the same)
What error message do you get when you try to make them the same? In any event the password you submit to the Samba4
server is the one created with smbpasswd.

>
> Code:
> --------------------
> [2014/01/25 14:06:36.147885, 3] …/source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[DEVBOOK] with the new password interface
> [2014/01/25 14:06:36.148089, 3] …/source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [WORKGROUP][anonymous]@[DEVBOOK]
> [2014/01/25 14:06:36.148330, 3] …/source3/auth/check_samsec.c:399(check_sam_security)
> check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
> [2014/01/25 14:06:36.148464, 3] …/source3/auth/auth_winbind.c:60(check_winbind_security)
> check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
> [2014/01/25 14:06:36.148556, 2] …/source3/auth/auth.c:288(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [anonymous] → [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
> [2014/01/25 14:06:36.148681, 3] …/source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
> No such user anonymous [WORKGROUP] - using guest account
> [2014/01/25 14:06:37.403671, 3] …/source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[DEVBOOK] with the new password interface
> [2014/01/25 14:06:37.403831, 3] …/source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [WORKGROUP][anonymous]@[DEVBOOK]
> [2014/01/25 14:06:37.403954, 3] …/source3/auth/check_samsec.c:399(check_sam_security)
> check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
> [2014/01/25 14:06:37.404030, 3] …/source3/auth/auth_winbind.c:60(check_winbind_security)
> check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
> [2014/01/25 14:06:37.404085, 2] …/source3/auth/auth.c:288(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [anonymous] → [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
> [2014/01/25 14:06:37.404148, 3] …/source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
> No such user anonymous [WORKGROUP] - using guest account
> [2014/01/25 14:06:41.519280, 3] …/source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user [WORKGROUP][linux_user]@[DEVBOOK] with the new password interface
> [2014/01/25 14:06:41.519433, 3] …/source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [WORKGROUP][linux_user]@[DEVBOOK]
> [2014/01/25 14:06:41.520513, 3] …/source3/auth/auth.c:226(auth_check_ntlm_password)
> check_ntlm_password: sam authentication for user [linux_user] succeeded
> [2014/01/25 14:06:41.520635, 2] …/source3/auth/auth.c:278(auth_check_ntlm_password)
> check_ntlm_password: authentication for user [linux_user] → [linux_user] → [linux_user] succeeded
> --------------------
>
>
> So it succedded yet when I hit enter it stills prompts me for a username
> and password…

>
> Now when I use my linux username and password here’s the output.
>
> Code:
> --------------------
> [2014/01/25 14:17:51.270453, 3] …/source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[DEVBOOK] with the new password interface
> [2014/01/25 14:17:51.270577, 3] …/source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [WORKGROUP][anonymous]@[DEVBOOK]
> [2014/01/25 14:17:51.270691, 3] …/source3/auth/check_samsec.c:399(check_sam_security)
> check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
> [2014/01/25 14:17:51.270750, 3] …/source3/auth/auth_winbind.c:60(check_winbind_security)
> check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
> [2014/01/25 14:17:51.270794, 2] …/source3/auth/auth.c:288(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [anonymous] → [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
> [2014/01/25 14:17:51.270869, 3] …/source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
> No such user anonymous [WORKGROUP] - using guest account
> [2014/01/25 14:17:53.392674, 3] …/source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[DEVBOOK] with the new password interface
> [2014/01/25 14:17:53.392809, 3] …/source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [WORKGROUP][anonymous]@[DEVBOOK]
> [2014/01/25 14:17:53.392957, 3] …/source3/auth/check_samsec.c:399(check_sam_security)
> check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
> [2014/01/25 14:17:53.393036, 3] …/source3/auth/auth_winbind.c:60(check_winbind_security)
> check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
> [2014/01/25 14:17:53.393083, 2] …/source3/auth/auth.c:288(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [anonymous] → [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
> [2014/01/25 14:17:53.393143, 3] …/source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
> No such user anonymous [WORKGROUP] - using guest account
> [2014/01/25 14:17:57.889053, 3] …/source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user [WORKGROUP][linux_user]@[DEVBOOK] with the new password interface
> [2014/01/25 14:17:57.889171, 3] …/source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [WORKGROUP][linux_user]@[DEVBOOK]
> [2014/01/25 14:17:57.890003, 3] …/source3/auth/auth_winbind.c:60(check_winbind_security)
> check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
> [2014/01/25 14:17:57.890064, 2] …/source3/auth/auth.c:288(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [linux_user] → [linux_user] FAILED with error NT_STATUS_WRONG_PASSWORD
> [2014/01/25 14:17:57.890828, 3] …/source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user ]]@] with the new password interface
> [2014/01/25 14:17:57.890889, 3] …/source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [WORKGROUP]]@]
> [2014/01/25 14:17:57.890960, 3] …/source3/auth/auth.c:226(auth_check_ntlm_password)
> check_ntlm_password: guest authentication for user ] succeeded
> --------------------
>
>
> So this one also succeed but stills prompts me after I entered correct
> authentication. :\ Very strange.
>
>
What OS is being run on your clients? Start nmb and allow it through your firewall. Does your smb.conf conform to what
is outlined in Swerdna’s article? Perhaps you need to post your current /etc/samba/smb.conf.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

#10

Hmm I removed my user and added it again, this time it worked.

OS is suse 13.1 and Windows 7. There is no option for netbios server in software management or firewall. Apart from logon paths, yes it conforms to Swerdna’s guide. If I comment them out, it makes no difference.
Here is my current smb.conf


[global]
    workgroup = WORKGROUP
    netbios name = Devbook
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    include = /etc/samba/dhcp.conf
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = No
    domain logons = Yes
    domain master = Yes
    security = user
    wins support = No
    add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
    local master = Yes
    os level = 65
    preferred master = Yes
    wins server = 
    log level = 0 auth:3
[users]
    comment = All users
    path = /home
    read only = No
    inherit acls = Yes
    veto files = /aquota.user/groups/shares/
    browseable = Yes
    create mask = 755
    directory mask = 755
    guest ok = Yes
    guest only = Yes
[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    write list = root
#11

On 1/26/2014 9:26 PM, own3dbydsquared wrote:
>
> venzkep;2619360 Wrote:
>>
>> What error message do you get when you try to make them the same? In
>> any event the password you submit to the Samba4
>> server is the one created with smbpasswd.
> Hmm I removed my user and added it again, this time it worked.
> venzkep;2619360 Wrote:
>>
>> What OS is being run on your clients? Start nmb and allow it through
>> your firewall. Does your smb.conf conform to what
>> is outlined in Swerdna’s article? Perhaps you need to post your current
>> /etc/samba/smb.conf.
> OS is suse 13.1 and Windows 7. There is no option for netbios server in
> software management or firewall. Apart from logon paths, yes it conforms
> to Swerdna’s guide. If I comment them out, it makes no difference.
> Here is my current smb.conf
>
> Code:
> --------------------
>
> [global]
> workgroup = WORKGROUP
> netbios name = Devbook
> passdb backend = tdbsam
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> map to guest = Bad User
> include = /etc/samba/dhcp.conf
> logon path = \%L\profiles.msprofile
> logon home = \%L%U.9xprofile
> logon drive = P:
> usershare allow guests = No
> domain logons = Yes
> domain master = Yes
> security = user
> wins support = No
> add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
> local master = Yes
> os level = 65
> preferred master = Yes
> wins server =
> log level = 0 auth:3
> [users]
> comment = All users
> path = /home
> read only = No
> inherit acls = Yes
> veto files = /aquota.user/groups/shares/
> browseable = Yes
> create mask = 755
> directory mask = 755
> guest ok = Yes
> guest only = Yes
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> write list = root
>
> --------------------
>

nmb(d) is the netbios server. Is it started?


systemctl status nmb.service

Under YaST > Security and Users > Firewall > Allowed Service; you should have these three listed as allowed. Samba
Server, Samba Client and Netbios Server. If Netbios Server is not listed add it in the drop down menu.

You still have Samba set as a domain controller (PDC). Hopefully you never actually added any machines to the domain.
Unless you added machines to the domain, just drop the “domain logons” parameter from /etc/samba/smb.conf.

Which machine is “DEVBOOK”? From the earlier post is looked like the name of the client (Windows 7). If that is correct
then you need to change the netbios name of the server (Samba) to something else.

Your share [users] has the parameter “guest only”. This means that you are required to access that share as the guest
account and that account has at most read privileges in /home. Try adding the [homes] share. This is a special share
that should show the home folder of an authenticated user. Notice it has to path statement. This is by design.


[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
\code]


--
P.V.
"We're all in this together, I'm pulling for you" Red Green
#12

I think it was started.

nmb.service - Samba NMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled)
   Active: active (running) since Mon 2014-01-27 21:03:57 EST; 20min ago
  Process: 703 ExecStart=/usr/sbin/nmbd $NMBDOPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 722 (nmbd)
   CGroup: /system.slice/nmb.service
           └─722 /usr/sbin/nmbd

Jan 27 21:03:57 devbook.site systemd[1]: Starting Samba NMB Daemon...
Jan 27 21:03:57 devbook.site systemd[1]: Started Samba NMB Daemon.

Well that’s embarrassing, I had Netbios server the whole time . So all three are listed as allowed services.

I don’t think I’ve added any machines to the domain. Plus if I do ‘No DC’ it asks for a username and password for joining the WORKGROUP domain. Didn’t know there was one to begin with. And I can’t join anonymously. So I just left it at PDC to keep away that annoyance.

That machine is suse 13.1 machine. I have done most of the testing on this machine (suse).

This goes along with my original intention of Samba. But since I don’t want to make my home chmod’ed 777 then I’ll take away guest access…forgot about that. And I’ll modify the [home] share and try that.

#13

On 1/27/2014 11:36 PM, own3dbydsquared wrote:
> And I’ll modify the [home] share and try
> that.
It is spelled: [homes]. That spelling is important! Otherwise, it is not the predefined special share of your home
directory.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

#14

Yeah that what I meant. Here’s my conf. Still getting denied.

[homes]
    comment = Home Directories
#    valid users = %S, %D%w%S
    browseable = Yes
    read only = No
    inherit acls = Yes
    guest ok = Yes
    create mask = 755
    directory mask = 755
#15

On 1/30/2014 8:26 PM, own3dbydsquared wrote:
>
> venzkep;2620309 Wrote:
>>
>> It is spelled: [homes]. That spelling is important! Otherwise, it is
>> not the predefined special share of your home
>> directory.n
> Yeah that what I meant. Here’s my conf. Still getting denied.
>
> Code:
> --------------------
> [homes]
> comment = Home Directories
> # valid users = %S, %D%w%S
> browseable = Yes
> read only = No
> inherit acls = Yes
> guest ok = Yes
> create mask = 755
> directory mask = 755
> --------------------
>
>
Leave it as posted. You can alter parameters later if you want to try something else. Exactly how do you try to
connect to the share? What browser? What command?


P.V.
“We’re all in this together, I’m pulling for you” Red Green

#16

Ok it is unaltered and is as stated previously. I am using KDE 4.11.4 and going through Dolphin > Network > Samba Shares > Workgroup > Devbook > “Please enter authentication for Devbook”. Can’t get in. Devbook is the machine I am logged into.

#17

On 1/30/2014 10:26 PM, own3dbydsquared wrote:
>
> venzkep;2620840 Wrote:
>>
>> Leave it as posted. You can alter parameters later if you want to try
>> something else. Exactly how do you try to
>> connect to the share? What browser? What command?
>>
> Ok it is unaltered and is as stated previously. I am using KDE 4.11.4
> and going through Dolphin > Network > Samba Shares > Workgroup > Devbook
>> “Please enter authentication for Devbook”. Can’t get in. Devbook is
> the machine I am logged into.
>
>
In the location bar of Dolphin (Make it editable if it isn’t) enter just:


smb://Devbook

Does it show a folder under your username? (It should)
Try to open the folder. If authentication fails as your user, check your logs to see if you authenticated properly.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

#18

Yes smb:// mapped to my machine fine. Can’t authenticate. Here’s the log

[2014/01/31 18:12:43.286713,  3] ../source3/auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[linux_user]@[DEVBOOK] with the new password interface
[2014/01/31 18:12:43.286789,  3] ../source3/auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[linux_user]@[DEVBOOK]
[2014/01/31 18:12:43.287062,  0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn)
  Bad talloc magic value - unknown value
[2014/01/31 18:12:43.287134,  0] ../source3/lib/util.c:785(smb_panic_s3)
  PANIC (pid 2144): Bad talloc magic value - unknown value
[2014/01/31 18:12:43.287767,  0] ../source3/lib/util.c:896(log_stack_trace)
  BACKTRACE: 46 stack frames:

Has to do with Samba talloc and from Googling, still not sure what it is.

#19

On 1/31/2014 5:26 PM, own3dbydsquared wrote:
>
> venzkep;2620857 Wrote:
>>
>> In the location bar of Dolphin (Make it editable if it isn’t) enter
>> just:
>>>
> Code:
> --------------------
> > >
> > smb://Devbook
> >
> --------------------
>>>
>> Does it show a folder under your username? (It should)
>> Try to open the folder. If authentication fails as your user, check
>> your logs to see if you authenticated properly.
>>
> Yes smb:// mapped to my machine fine. Can’t authenticate. Here’s the log
>
> Code:
> --------------------
> [2014/01/31 18:12:43.286713, 3] …/source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user [WORKGROUP][linux_user]@[DEVBOOK] with the new password interface
> [2014/01/31 18:12:43.286789, 3] …/source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [WORKGROUP][linux_user]@[DEVBOOK]
> [2014/01/31 18:12:43.287062, 0] …/source3/lib/popt_common.c:67(popt_s3_talloc_log_fn)
> Bad talloc magic value - unknown value
> [2014/01/31 18:12:43.287134, 0] …/source3/lib/util.c:785(smb_panic_s3)
> PANIC (pid 2144): Bad talloc magic value - unknown value
> [2014/01/31 18:12:43.287767, 0] …/source3/lib/util.c:896(log_stack_trace)
> BACKTRACE: 46 stack frames:
> --------------------
>
> Has to do with Samba talloc and from Googling, still not sure what it
> is.
>
>
It looks like your Samba install may be broken. But first try the following command in a terminal.


smbclient -L Devbook -U<username>%<password>

Replace <username> by your Linux username and <password> by the password created with smbpasswd. If this works it looks
like a problem with Dolphin

In an earlier post it looked like authentication had succeeded. Has anything changed?
If smbclient fails try uninstalling and reinstalling Samba and the Samba libraries.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

#20

I ran the command smbclient and here’s the result:

session setup failed: NT_STATUS_CONNECTION_DISCONNECTED

I am using a different share, the [homes] share you suggested. I reverted back to the [users] share and tried smbclient again and this is what I got

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.3-3.12.1-3127-SUSE-oS13.1-x86_64]

        Sharename       Type      Comment
        ---------       ----      -------
        users           Disk      All users
        netlogon        Disk      Network Logon Service
        IPC$            IPC       IPC Service (Samba 4.1.3-3.12.1-3127-SUSE-oS13.1-x86_64)
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.3-3.12.1-3127-SUSE-oS13.1-x86_64]

        Server               Comment
        ---------            -------
        DEVBOOK              Samba 4.1.3-3.12.1-3127-SUSE-oS13.1-x86_64

        Workgroup            Master
        ---------            -------
        WORKGROUP

Seems to be ok. Dolphin issue?