can't get unauthorized guest access to work

[tonvanunen]

The situation:
- Freenas 9.3.1. runs fine
- I want unauthorized access to the directories and files via Guest account without a password
- I have created a cifs share with unauthorized acces through the Guest account
- I can perform all operations on the server from my Windows PC without being prompted for a user name and password
- If I point to the Music folder on the server via my Sonos app i am prompted for a user name and password
- same thing when using my mediaplayer
- If I leave user and password blank, no succes
- If I fill "root" as user with password access is granted

What am I doing wrong?

If further information is needed, please let me know .

 

[anodos]

The situation:
- Freenas 9.3.1. runs fine
- I want unauthorized access to the directories and files via Guest account without a password
- I have created a cifs share with unauthorized acces through the Guest account
- I can perform all operations on the server from my Windows PC without being prompted for a user name and password
- If I point to the Music folder on the server via my Sonos app i am prompted for a user name and password
- same thing when using my mediaplayer
- If I leave user and password blank, no succes
- If I fill "root" as user with password access is granted

What am I doing wrong?

If further information is needed, please let me know .

Post /etc/local/smb4.conf

 

[tonvanunen]

[global]
server max protocol = SMB2
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 227144
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = guest
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
time server = yes
null passwords = yes
acl allow execute always = true
acl check permissions = true
dos filemode = yes
multicast dns register = yes
domain logons = no
local master = yes
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = standalone
netbios name = FREENAS
workgroup = THUIS
security = user
pid directory = /var/run/samba
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1


[NZB]
path = /mnt/NZB
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
vfs objects = zfs_space zfsacl aio_pthread streams_xattr
hide dot files = yes
guest ok = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare


[nasi]
path = /mnt/nasi_schijf
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
vfs objects = zfs_space zfsacl aio_pthread streams_xattr
hide dot files = yes
guest ok = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare

 

[anodos]

Have you checked the box for 'disable password authentication' for your guest user? If so, uncheck and set a password.

 

[tonvanunen]

I understand what you're saying but I just want the unauthorized way of working.
Do you see any strange things in the logging?

 

[anodos]

I understand what you're saying but I just want the unauthorized way of working.
Do you see any strange things in the logging?

This is how guest access works. Samba automatically maps bad users to the guest account and does not ask for a password (even though the user has one set). This is all in the documentation.

 

[tonvanunen]

Ok. So that I understand it: in order to provide unauthorized access through a guest account, I have to uncheck "disable password authentication" and fill in a password? Am I right? Seems strange to me but I will give it a try later this day.

 

[anodos]

Ok. So that I understand it: in order to provide unauthorized access through a guest account, I have to uncheck "disable password authentication" and fill in a password? Am I right? Seems strange to me but I will give it a try later this day.

"Disable password login - checkbox - when checked, disables password logins and authentication to CIFS shares; to undo this setting, set a password for the user using the “Modify User” button for the user in “View Users”

http://doc.freenas.org/9.3/freenas_account.html#users

The tooltip in the webgui is even clearer regarding the effect of "disable password logins".

For behavior of samba with guest accounts refer to the samba documentation:
https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#GUESTOK
https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#MAPTOGUEST

 

[tonvanunen]

the suggested solutions didn't work. Now I can access with user Guest and the password but that wasn't what I wanted. Still no access without asking username en password.... :(

 

[tonvanunen]

Solved!

I removed user "guest" en added it again. problem solved.... Must be some configuration-error.
Before I did that I changed all the permissions where owner was "guest" to "root"
Did the same in the CIFS-shares ans CIFS-service.
After I added the "guest" user again changed everything back from "root" to "guest"

Thanks all for helping me out! :)

 

[Brian M]

In my case at some point in my original setup in late 2013 I'd set things to use a guest user on the CIFS share, in the latest upgrade to 9.3 and 9.10 (from 9.2.1.8) the guest login on CIFS no longer worked.
- changing the Storage permissions on "media" (in my case) to the user "nobody" then in the "Services -> CIFS Settings" - "Guest Account" to "nobody" as well has everything working as it was before - can just mount without requiring authentication like it was before. (Tried many other things in the past few hours to get it working again as it used to be configured, with no luck)

 

[anodos]

Until a few month ago there was a prominent incorrect how-to for CIFS guest access on the forums that accidentally worked until a patch corrected samba configuration. This ended up breaking guest access for numerous people. It's a common problem with Internet how-to s which are generated by $user doing $random_crap and accidentally getting things working, which through cite-o-genesis causes $random_crap to become common practice that gets broken in future software fixes.

It's a sysadmin gettier problem.