Posted 06 December, 2017
Suddenly a Linux server, -only- serving as ‘open’ samba share (guest account allowed) stopt working. I logged in and found samba working, no weird network issues, nothing. A mystery !
After a service smb restart and a reboot -h now (sue me, uptime) I increased the log level of smb to level 3 this is done by changing /etc/samba/smb.conf :
[global] workgroup = SAMBA security = user passdb backend = tdbsam [...] map to guest = Bad User log level = 3 [... below come shares ...] [data] path = /data [...] force user = testuser guest ok = yes
You can then follow what samba is doing at /var/log/samba/log.smbd (for Centos, after restarting the service) This is what I found :
[2017/12/05 11:10:37.388846, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [DESKTOP-XXXXXX]\[svennsvenndDESKTOP-XXXXXX] with the new password interface [2017/12/05 11:10:37.388886, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password) check_ntlm_password: mapped user is: [TEMPSTORAGE]\[svennd]@[DESKTOP-XXXXXX] [2017/12/05 11:10:37.388985, 3] ../source3/auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'svennd' in passdb. [2017/12/05 11:10:37.389029, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [svennd] -> [svennd] FAILED with error NT_STATUS_NO_SUCH_USER [2017/12/05 11:10:37.389077, 3] ../source3/auth/auth_util.c:1610(do_map_to_guest_server_info) No such user svennd [DESKTOP-XXXXXX] - using guest account [2017/12/05 11:10:37.390215, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET)
So in short windows tries to use my local account and fails, this is expected. Then samba gives me the permissions of a guest account. Weirdly enough after that samba reports NT_STATUS_CONNECTION_RESET, or more simply put “server exit”. I tried to find more info on the recent patches using :
rpm -q --changelog samba-common-4.6.2-12.el7_4.noarch | less
At this time of writing the latest “feature change” was way back in march, this installation was newer so that could hardly be the issue.
* Fri Mar 31 2017 Guenther Deschner <[email protected]> - 4.6.2-0 - Update to Samba 4.6.2
In the end, we did not find the issue in the samba server. The issue was the client, running a windows 10 up-to-date version (fall creators update). This was the only change, between a working and not working setup. So Windows must have changed some behavior ? Tested with a Windows 7 machine, this suspicion was confirmed, there it worked. A workaround for my case was to setup a username that the server does know on the client :
C:\Users\svenn>net view \\shareserver System error 53 has occurred. The network path was not found. C:\Users\svenn>net use \\shareserver\data /user:testuser The command completed successfully. C:\Users\svenn>net view \\shareserver Shared resources at \\shareserver Samba 4.6.2 Share name Type Used as Comment ------------------------------------------------------------------------------- data Disk (UNC) storage data_rgb Disk storage The command completed successfully.
And after that I can browse and access the share through explorer. While this for sure is not foolproof, for my case its enough. (single client to server)
This register setting in windows seems to be affecting this issue, thanks Dominik!
If you enjoyed this article, please consider buying me a Dr Pepper.
Fuel the beast!
Buy me a Dr Pepper
Hi,
i just found this
https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.LanmanWorkstation::Pol_EnableInsecureGuestLogons
Simply create that key in the registry an reboot. Works fine for me.
Hey Dominik, that seems to be the issue yes, thanks !
Thanks for sharing this, svennd. It helped me on my research for this changed behavior. I wrote an article how to solve this on server (Samba) side and simulate a guest access by authenticating and user mapping: https://www.claudiokuenzler.com/blog/879/windows-10-server-2016-access-samba-share-guest-account-analysis-workaround-event-31017
Works, as long as the user(s) accessing the share are in the same domain.