Bug #7676
closed
sharesmb guest access workgroup mode broken on latest kernel
0%
Description
Looks like any sharesmb with "guestok=true" (workgroup mode) is not giving access to the shares.
While with "guestok=false" and correct authentication against a configured pam/smb user, you get access to shares but only can enter the authenticated one.
Here is a description to reproduce the problem. I also attach a snoop of packets while trying to access the guest shares.
=================
I updated my kernel to latest via fecth/merge on my xstreamos-illumos-gate, then finally built everything and updated my dev machine.
Everything seemed fine. I could also finally create new isos and test fresh new updated installs.
I thought I was ready for a public update.
Then I noticed I could no more access my cifs shares on the updated dev machine.
I had 3 zfs dataset, all with sharesmb "guestok=true", workgroup mode.
All 3 datasets are chmod 777, chown root:root, and I could access them always in my lan before the update.
Now I don't even see the shares, windows clients requests for credentials to access \\mydevserver.
I tried then to enable pam support for smb and created a user, then created a dataset without guestok.
Now I can access \\mydevserver with that user/pass and see the shares but I can only access the new reserved dataset.
Looks like there is a problem only accessing the guestok=true shares.
===================
Files
Updated by Yuri Pankov over 6 years ago
- Status changed from New to Feedback
- Assignee set to Gabriele Bulfon
Did you check http://wiki.illumos.org/display/illumos/SMB+Guest+access?
Updated by Gabriele Bulfon over 6 years ago
Yuri Pankov wrote:
Did you check http://wiki.illumos.org/display/illumos/SMB+Guest+access?
Wow, I really thought that was the solution, and I did what is stated, but it still doesn't work :(
sonicle@xstreamdev:~# grep guest /etc/passwd /etc/shadow /var/smb/smbpasswd
/etc/passwd:guest:x:101:1::/home/guest:/bin/sh
/etc/shadow:guest:*LK*:17153::::::
/var/smb/smbpasswd:guest:101::
windows clients still ask for an authentication...also tried svcadm refresh smb/server, no way...
Updated by Gordon Ross over 6 years ago
Your attempt to connect appears to have used your desktop logon credentials.
If you open that trace with wireshark and expand frame 33, you'll see it sent:
PGBULFON\\gabriele.bulfon
After this authentication failure, the client should show you a pop-up dialog
asking if you'd like to try again with different credentials. If you fill that in
with (servername)\guest and click OK, you should get in.
Updated by Gabriele Bulfon over 6 years ago
Gordon Ross wrote:
Your attempt to connect appears to have used your desktop logon credentials.
If you open that trace with wireshark and expand frame 33, you'll see it sent:
PGBULFON\\gabriele.bulfonAfter this authentication failure, the client should show you a pop-up dialog
asking if you'd like to try again with different credentials. If you fill that in
with (servername)\guest and click OK, you should get in.
Thanks Gordon, but looks like there is something more...it still doesn't work.
I attach here the snoop output, while I tried typing "guest" and Ok, still requesting auth.
I also find it quite unusual trying to mimic a windows/workgroup environement and requesting a "guest" user logon.
That's not what a windows user expects, and if I want to secure the server, I have plenty of ways, no need to change the workgroup/guest behaviour.
Isn't it?