ich versuche einen Samba Share einzurichten und stoße auf Probleme beim Anonymen Login im Zusammenhang mit ACLs.
Zusammengefasst:
1. Ich habe einen [public] Service eingerichtet, auf den man auch als Gast Zugriff haben soll.
2. Ich habe einen eigenen Gastaccount samba eingerichtet, der (mittels acl) auf das Laufwerk der Freigabe lesend Zugriff hat . Das Laufwerk gehört einem anderen User.
3. Ich habe in der smb.conf den Gastaccount auf samba geändert.
4. Das mounten mit den Optionen -o "username=<nicht existenter User>,passwort=<falsches Passwort>" funktioniert. Der Zugriff als Gast ist möglich.
ABER 5. Das mounten mit der Option -o guest funktioniert, allerdings funktioniert der Zugriff auf den Service nicht. Ein einfaches ls liefert "Permission denied".
Hier sind die Konfigurationsdatein und Log-Ausgaben. Hat jemand eine Ahnung, woran das liegen könnte? Vielen Dank für eure Hile!
Code: Alles auswählen
getfacl: Removing leading '/' from absolute path names
# file: smb-share
# owner: 1000
# group: 1000
user::rwx
user:samba:r-x
group::---
mask::r-x
other::---
default:user::rwx
default:user:samba:r-x
default:group::---
default:mask::r-x
default:other::---
Code: Alles auswählen
[global]
workgroup = smb
security = user
map to guest = Bad Password
guest account = samba
username map = /etc/samba/users.map # enthält nur samba = guest, habe aber auch samba = * ausprobiert
hosts allow = # none, ie. all hosts permitted access
hosts deny = # none, ie. no hosts are specifically denied
[homes]
comment = Home Directories
browsable = no
read only = yes
create mode = 0750
[public]
create mask = 777
directory mask = 777
#path = /test-share
path = /smb-share
read only = yes
guest ok = yes
comment = smb share
printable = no
[test]
create mask = 777
directory mask = 777
path = /smb-test
read only = yes
guest ok = yes
comment = smb share
printable = no
Code: Alles auswählen
smbd version 4.13.13-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2020
uid=0 gid=0 euid=0 egid=0
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
Processing section "[homes]"
Processing section "[public]"
Processing section "[test]"
adding IPC service
added interface eth0 ip=172.17.0.2 bcast=172.17.255.255 netmask=255.255.0.0
loaded services
INFO: Profiling support unavailable in this build.
Becoming a daemon.
Registered MSG_REQ_POOL_USAGE
pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_POOL_USAGE
Failed to fetch domain sid for SMB
DCERPC endpoint server 'winreg' registered
DCERPC endpoint server 'srvsvc' registered
DCERPC endpoint server 'lsarpc' registered
DCERPC endpoint server 'samr' registered
DCERPC endpoint server 'netdfs' registered
DCERPC endpoint server 'dssetup' registered
DCERPC endpoint server 'wkssvc' registered
DCERPC endpoint server 'spoolss' registered
DCERPC endpoint server 'svcctl' registered
DCERPC endpoint server 'ntsvcs' registered
DCERPC endpoint server 'eventlog' registered
DCERPC endpoint server 'initshutdown' registered
register_rpc_module: Successfully added RPC module 'mdssvc'
DCERPC endpoint server 'mdssvc' registered
Initialise the svcctl registry keys if needed.
Initialise the eventlog registry keys if needed.
daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
start_background_queue: Starting background LPQ thread
Failed to fetch record!
waiting for connections
Registered MSG_REQ_POOL_USAGE
reloading printcap cache
reload status: ok
Registered MSG_REQ_POOL_USAGE
Unable to connect to CUPS server localhost:631 - Bad file descriptor
failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
=== Login als fake user ===
Registered MSG_REQ_POOL_USAGE
Allowed connection from 192.168.178.68 (192.168.178.68)
init_oplocks: initializing messages.
Transaction 0 of length 244 (0 toread)
Selected protocol SMB3_11
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got NTLMSSP neg_flags=0xe0080225
Got user=[harakiri] domain=[] workstation=[] len1=0 len2=150
check_ntlm_password: Checking password for unmapped user []\[harakiri]@[] with the new password interface
check_ntlm_password: mapped user is: []\[harakiri]@[]
check_sam_security: Couldn't find user 'harakiri' in passdb.
check_ntlm_password: Authentication for user [harakiri] -> [harakiri] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
Auth: [SMB2,(null)] user []\[harakiri] at [Mon, 14 Feb 2022 13:22:48.097067 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:192.168.178.68:59388] mapped to []\[harakiri]. local host [ipv4:172.17.0.2:445]
{"timestamp": "2022-02-14T13:22:48.097294+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:172.17.0.2:445", "remoteAddress": "ipv4:192.168.178.68:59388", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "harakiri", "workstation": "", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "harakiri", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2232}}
No such user harakiri [] - using guest account
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
Processing section "[homes]"
Processing section "[public]"
Processing section "[test]"
adding IPC service
Allowed connection from 192.168.178.68 (192.168.178.68)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
(ipv4:192.168.178.68:59388) connect to service IPC$ initially as user samba (uid=3000, gid=100) (pid 75)
Allowed connection from 192.168.178.68 (192.168.178.68)
make_connection_snum: Connect path is '/smb-share' for service [public]
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
(ipv4:192.168.178.68:59388) connect to service public initially as user samba (uid=3000, gid=100) (pid 75)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INVALID_DEVICE_REQUEST] || at ../../source3/smbd/smb2_ioctl.c:334
smbd_do_qfsinfo: level = 1005
smbd_do_qfsinfo: level = 1004
smbd_do_qfsinfo: level = 1001
smbd_do_qfsinfo: level = 1011
get_referred_path: |public| in dfs path \192.168.178.64\public is not a dfs root.
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../../source3/smbd/smb2_ioctl.c:334
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at ../../source3/smbd/smb2_create.c:334
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[NT_STATUS_FILE_CLOSED] || at ../../source3/smbd/smb2_server.c:3223
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[9] status[NT_STATUS_FILE_CLOSED] || at ../../source3/smbd/smb2_server.c:3223
smbd_dirptr_get_entry mask=[*] found .Trash-1000/files/. fname=. (.)
smbd_dirptr_get_entry mask=[*] found .Trash-1000/files/.. fname=.. (..)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[STATUS_NO_MORE_FILES] || at ../../source3/smbd/smb2_query_directory.c:159
smbd_dirptr_get_entry mask=[*] found . fname=. (.)
smbd_dirptr_get_entry mask=[*] found .. fname=.. (..)
smbd_dirptr_get_entry mask=[*] found [... Private Dateien ...]
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[STATUS_NO_MORE_FILES] || at ../../source3/smbd/smb2_query_directory.c:159
=== Login mit -o guest ===
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[STATUS_NO_MORE_FILES] || at ../../source3/smbd/smb2_query_directory.c:159
smbd_do_qfsinfo: level = 1007
(ipv4:192.168.178.68:59388) closed connection to service public
(ipv4:192.168.178.68:59388) closed connection to service IPC$
Server exit (NT_STATUS_END_OF_FILE)
Registered MSG_REQ_POOL_USAGE
Allowed connection from 192.168.178.68 (192.168.178.68)
init_oplocks: initializing messages.
Transaction 0 of length 244 (0 toread)
Selected protocol SMB3_11
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got NTLMSSP neg_flags=0xe0080225
Got user=[] domain=[] workstation=[] len1=0 len2=0
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
check_ntlm_password: mapped user is: []\[]@[]
auth_check_ntlm_password: anonymous authentication for user [] succeeded
Auth: [SMB2,(null)] user []\[] at [Mon, 14 Feb 2022 13:23:49.031041 UTC] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:192.168.178.68:59398] became [D487A6A9E57E]\[samba] [S-1-5-21-798694239-2595039428-2558019335-501]. local host [ipv4:172.17.0.2:445]
{"timestamp": "2022-02-14T13:23:49.031268+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:172.17.0.2:445", "remoteAddress": "ipv4:192.168.178.68:59398", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "samba", "becameDomain": "D487A6A9E57E", "becameSid": "S-1-5-21-798694239-2595039428-2558019335-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 3784}}
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
Processing section "[homes]"
Processing section "[public]"
Processing section "[test]"
adding IPC service
Allowed connection from 192.168.178.68 (192.168.178.68)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
(ipv4:192.168.178.68:59398) connect to service IPC$ initially as user samba (uid=3000, gid=100) (pid 76)
Allowed connection from 192.168.178.68 (192.168.178.68)
make_connection_snum: Connect path is '/smb-share' for service [public]
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
(ipv4:192.168.178.68:59398) connect to service public initially as user samba (uid=3000, gid=100) (pid 76)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INVALID_DEVICE_REQUEST] || at ../../source3/smbd/smb2_ioctl.c:334
smbd_do_qfsinfo: level = 1005
smbd_do_qfsinfo: level = 1004
smbd_do_qfsinfo: level = 1001
smbd_do_qfsinfo: level = 1011
get_referred_path: |public| in dfs path \192.168.178.64\public is not a dfs root.
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../../source3/smbd/smb2_ioctl.c:334
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at ../../source3/smbd/smb2_create.c:334
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[NT_STATUS_FILE_CLOSED] || at ../../source3/smbd/smb2_server.c:3223
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[9] status[NT_STATUS_FILE_CLOSED] || at ../../source3/smbd/smb2_server.c:3223
smbd_dirptr_get_entry mask=[*] found .Trash-1000/files/. fname=. (.)
smbd_dirptr_get_entry mask=[*] found .Trash-1000/files/.. fname=.. (..)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[STATUS_NO_MORE_FILES] || at ../../source3/smbd/smb2_query_directory.c:159
=== ls /share auf dem Client ===
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:334
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[NT_STATUS_FILE_CLOSED] || at ../../source3/smbd/smb2_server.c:3223
