Re: [OmniOS-discuss] cifs anonymous troubles
hi Gordon, On Sun, Apr 17, 2016 at 5:38 PM, Gordon Rosswrote: > Hi Dan, > > So with that bug fixed, one can logon as "guest" only if: > (1) you actually ask for guest in your logon request, > (2) a local Unix account named "guest" exists, and > (3) the guest account is enabled for SMB > > Therefore, if you were using guest access before 1122 was fixed, > (and were depending on accidental guest access working), > you'll need to do the following to re-enable guest access: > > useradd (options] guest > smbadm enable-user guest I confirm this works. Thanks! ___ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
Re: [OmniOS-discuss] cifs anonymous troubles
Hi Dan, I can take a guess what this might be about. There were several bugs fixed as part of the "extended security" work: 1122 smbsrv should use SPNEGO (inbound authentication) One of those was that we used to give a client a "guest" logon if they tried to logon to SMB with _any_ unrecognized account. No, that was never a good idea. Not only was it questionable for security, but it confused issues about failed logon. Example: Windows user does NOT get the expected pop-up dialog asking for new credentials when they try to connect to a share using an invalid user name. Instead, they would get connected, but would fail to have access to anything in the share. So with that bug fixed, one can logon as "guest" only if: (1) you actually ask for guest in your logon request, (2) a local Unix account named "guest" exists, and (3) the guest account is enabled for SMB Therefore, if you were using guest access before 1122 was fixed, (and were depending on accidental guest access working), you'll need to do the following to re-enable guest access: useradd (options] guest smbadm enable-user guest The guest account password is ignored by SMB, so all that matters to SMB is whether that account is marked as enabled in /var/smb/smbpasswd To keep Unix users from using guest for login, you can set the Unix password hash to something invalid, etc. On Fri, Apr 15, 2016 at 4:05 PM, Natxo Asenjowrote: > hi, > > trying to set up an anonymous share on workgroup mode I do not get it > working. > > I have a dataset tank/test with these sharesmb properties: > > zfs get sharesmb tank/testshare > NAMEPROPERTY VALUE SOURCE > tank/testshare sharesmb name=test,guestok=true local > > These are the permissions on that path: > > # /usr/bin/ls -Vd /tank/testshare/ > drwxrwxrwx+ 14 root root 14 Sep 11 2015 /tank/testshare/ > everyone@:rwxpdDaARWcCos:fd-:allow > > Both using a windows client (win 2012r2) as a linux smbclient (fedora 23), > both quite modern, I cannot access the share: > > Linux smbclient: > $ smbclient -U " " -L //192.168.0.172 -N > Anonymous login successful > Domain=[WORKGROUP] OS=[SunOS 5.11 omnios-r151018-ae314] Server=[Native SMB > service] > > Sharename Type Comment > - --- > c$ Disk Default Share > > testDisk > Connection to 192.168.0.172 failed (Error NT_STATUS_CONNECTION_REFUSED) > NetBIOS over TCP disabled -- no workgroup available > > > Windows client: > C:\Users\Administrator>net view \\192.168.0.172 > System error 5 has occurred. > > Access is denied. > > > Using a local user works, with smb2 ;-) > > Any one success with guestok=true and cifs? > > -- > Groeten, > natxo > > ___ > OmniOS-discuss mailing list > OmniOS-discuss@lists.omniti.com > http://lists.omniti.com/mailman/listinfo/omnios-discuss > ___ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
Re: [OmniOS-discuss] cifs anonymous troubles
Hello, I wanted to chime in and say I also experienced this. Guest smb access seems broken both when I upgrade to 18 as well as when I perform a fresh install and create new pool & share. Best Regards, Jeff Berkembrock On Apr 15, 2016 1:06 PM, "Natxo Asenjo"wrote: > hi, > > trying to set up an anonymous share on workgroup mode I do not get it > working. > > I have a dataset tank/test with these sharesmb properties: > > zfs get sharesmb tank/testshare > NAMEPROPERTY VALUE SOURCE > tank/testshare sharesmb name=test,guestok=true local > > These are the permissions on that path: > > # /usr/bin/ls -Vd /tank/testshare/ > drwxrwxrwx+ 14 root root 14 Sep 11 2015 /tank/testshare/ > everyone@:rwxpdDaARWcCos:fd-:allow > > Both using a windows client (win 2012r2) as a linux smbclient (fedora 23), > both quite modern, I cannot access the share: > > Linux smbclient: > $ smbclient -U " " -L //192.168.0.172 -N > Anonymous login successful > Domain=[WORKGROUP] OS=[SunOS 5.11 omnios-r151018-ae314] Server=[Native SMB > service] > > Sharename Type Comment > - --- > c$ Disk Default Share > > testDisk > Connection to 192.168.0.172 failed (Error NT_STATUS_CONNECTION_REFUSED) > NetBIOS over TCP disabled -- no workgroup available > > > Windows client: > C:\Users\Administrator>net view \\192.168.0.172 > System error 5 has occurred. > > Access is denied. > > > Using a local user works, with smb2 ;-) > > Any one success with guestok=true and cifs? > > -- > Groeten, > natxo > > ___ > OmniOS-discuss mailing list > OmniOS-discuss@lists.omniti.com > http://lists.omniti.com/mailman/listinfo/omnios-discuss > > ___ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
[OmniOS-discuss] cifs anonymous troubles
hi, trying to set up an anonymous share on workgroup mode I do not get it working. I have a dataset tank/test with these sharesmb properties: zfs get sharesmb tank/testshare NAMEPROPERTY VALUE SOURCE tank/testshare sharesmb name=test,guestok=true local These are the permissions on that path: # /usr/bin/ls -Vd /tank/testshare/ drwxrwxrwx+ 14 root root 14 Sep 11 2015 /tank/testshare/ everyone@:rwxpdDaARWcCos:fd-:allow Both using a windows client (win 2012r2) as a linux smbclient (fedora 23), both quite modern, I cannot access the share: Linux smbclient: $ smbclient -U " " -L //192.168.0.172 -N Anonymous login successful Domain=[WORKGROUP] OS=[SunOS 5.11 omnios-r151018-ae314] Server=[Native SMB service] Sharename Type Comment - --- c$ Disk Default Share testDisk Connection to 192.168.0.172 failed (Error NT_STATUS_CONNECTION_REFUSED) NetBIOS over TCP disabled -- no workgroup available Windows client: C:\Users\Administrator>net view \\192.168.0.172 System error 5 has occurred. Access is denied. Using a local user works, with smb2 ;-) Any one success with guestok=true and cifs? -- Groeten, natxo ___ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss