Hello there...
I have a SAMBA share on Freenas11.2-U2 with guest access enabled:
From my Linux machine, I can log in as guest:
FreeNAS says:
When logging in using a Macintosh, and choosing "Guest" in the GUI, I can not login. FreeNAS says:
I have noticed, that the Mac log says
I have a SAMBA share on Freenas11.2-U2 with guest access enabled:
Code:
root@ultraman:~ # testparm -s Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Load smb config files from /usr/local/etc/smb4.conf Processing section "[FRUITTEST]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC # Global parameters [global] deadtime = 15 disable spoolss = Yes dns proxy = No domain logons = Yes dos charset = CP437 hostname lookups = Yes kernel change notify = No ldap admin dn = **** ldap passwd sync = yes ldap suffix = dc=example,dc=com lm announce = Yes load printers = No local master = No logging = file max log size = 51200 max open files = 6603833 nsupdate command = /usr/local/bin/samba-nsupdate -g obey pam restrictions = Yes panic action = /usr/local/libexec/samba/samba-backtrace passdb backend = ldapsam:ldap://ldap.example.com printcap name = /dev/null security = USER server min protocol = SMB2_02 server role = member server server string = FreeNAS Server winbind nested groups = No workgroup = ZFS_ULTRAMAN idmap config zfs_ultraman: range = 10000-90000000 idmap config zfs_ultraman: backend = ldap ldapsam:trusted = yes idmap config *: range = 90000001-100000000 idmap config * : backend = tdb acl allow execute always = Yes create mask = 0666 directory mask = 0777 directory name cache size = 0 dos filemode = Yes strict locking = No [FRUITTEST] browseable = No guest only = Yes path = "/mnt/ultraman/FRUITTEST" read only = No veto files = /.snapshot/.windows/.mac/.zfs/ vfs objects = zfs_space zfsacl fruit streams_xattr zfsacl:acesort = dontcare nfs4:chown = true nfs4:acedup = merge nfs4:mode = special fruit:resource = stream fruit:metadata = stream
From my Linux machine, I can log in as guest:
Code:
tbp@Marie:~/git/gitlab-runner-plugin$ smbclient \\\\172.22.33.17\\FRUITTEST -U GUEST WARNING: The "syslog" option is deprecated Enter GUEST's password: Anonymous login successful Domain=[ZFS_ULTRAMAN] OS=[] Server=[] smb: \>
FreeNAS says:
Code:
[2019/02/27 13:03:04.524981, 2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ZFS_ULTRAMAN))] [2019/02/27 13:03:04.532830, 2] ../source3/lib/smbldap.c:847(smbldap_open_connection) smbldap_open_connection: connection opened [2019/02/27 13:03:04.561799, 0] ../source3/lib/util_sock.c:875(matchname) matchname: host name/name mismatch: 172.22.33.185 != (NULL) [2019/02/27 13:03:04.561902, 0] ../source3/lib/util_sock.c:1054(get_remote_hostname) matchname failed on 172.22.33.185 [2019/02/27 13:03:04.571684, 2] ../source3/param/loadparm.c:2807(lp_do_section) Processing section "[FRUITTEST]" [2019/02/27 13:03:04.582565, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password) check_ntlm_password: Authentication for user [GUEST] -> [GUEST] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2019/02/27 13:03:04.582709, 2] ../auth/auth_log.c:476(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [WORKGROUP]\[GUEST] at [Wed, 27 Feb 2019 13:03:04.582673 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MARIE] remote host [ipv4:172.22.33.185:48916] mapped to [WORKGROUP]\[GUEST]. local host [ipv4:172.22.33.17:445] [2019/02/27 13:03:04.583174, 2] ../lib/audit_logging/audit_logging.c:141(audit_log_json) JSON Authentication: {"timestamp": "2019-02-27T13:03:04.582957+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:172.22.33.17:445", "remoteAddress": "ipv4:172.22.33.185:48916", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "GUEST", "workstation": "MARIE", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "GUEST", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 13745}} [2019/02/27 13:03:04.589794, 2] ../source3/param/loadparm.c:2807(lp_do_section) Processing section "[FRUITTEST]" [2019/02/27 13:03:04.618015, 2] ../source3/smbd/service.c:849(make_connection_snum) marie (ipv4:172.22.33.185:48916) connect to service FRUITTEST initially as user nobody (uid=65534, gid=65534) (pid 24796)
When logging in using a Macintosh, and choosing "Guest" in the GUI, I can not login. FreeNAS says:
Code:
Kan ikke logge ind fa MacOS med guest (I GUI): [2019/02/27 13:00:37.096916, 2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ZFS_ULTRAMAN))] [2019/02/27 13:00:37.105410, 2] ../source3/lib/smbldap.c:847(smbldap_open_connection) smbldap_open_connection: connection opened [2019/02/27 13:00:37.134206, 0] ../source3/lib/util_sock.c:875(matchname) matchname: host name/name mismatch: 172.22.33.128 != (NULL) [2019/02/27 13:00:37.134267, 0] ../source3/lib/util_sock.c:1054(get_remote_hostname) matchname failed on 172.22.33.128 [2019/02/27 13:00:38.098339, 2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ZFS_ULTRAMAN))] [2019/02/27 13:00:38.105896, 2] ../source3/lib/smbldap.c:847(smbldap_open_connection) smbldap_open_connection: connection opened [2019/02/27 13:00:38.120023, 2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ZFS_ULTRAMAN))] [2019/02/27 13:00:38.127048, 2] ../source3/lib/smbldap.c:847(smbldap_open_connection) smbldap_open_connection: connection opened [2019/02/27 13:00:38.131977, 0] ../source3/lib/util_sock.c:875(matchname) matchname: host name/name mismatch: 172.22.33.128 != (NULL) [2019/02/27 13:00:38.132047, 0] ../source3/lib/util_sock.c:1054(get_remote_hostname) matchname failed on 172.22.33.128 [2019/02/27 13:00:38.153558, 0] ../source3/lib/util_sock.c:875(matchname) matchname: host name/name mismatch: 172.22.33.128 != (NULL) [2019/02/27 13:00:38.153616, 0] ../source3/lib/util_sock.c:1054(get_remote_hostname) matchname failed on 172.22.33.128 [2019/02/27 13:00:40.785874, 2] ../source3/param/loadparm.c:2807(lp_do_section) Processing section "[FRUITTEST]" [2019/02/27 13:00:40.790561, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password) check_ntlm_password: Authentication for user [GUEST] -> [GUEST] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2019/02/27 13:00:40.790687, 2] ../auth/auth_log.c:476(log_authentication_event_human_readable) Auth: [SMB2,(null)] user []\[GUEST] at [Wed, 27 Feb 2019 13:00:40.790654 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MACBOOKPRO-F8FF] remote host [ipv4:172.22.33.128:49277] mapped to []\[GUEST]. local host [ipv4:172.22.33.17:445] [2019/02/27 13:00:40.791091, 2] ../lib/audit_logging/audit_logging.c:141(audit_log_json) JSON Authentication: {"timestamp": "2019-02-27T13:00:40.790911+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:172.22.33.17:445", "remoteAddress": "ipv4:172.22.33.128:49277", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "GUEST", "workstation": "MACBOOKPRO-F8FF", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "GUEST", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 9446}}
I have noticed, that the Mac log says
"mappedDomain": ""
while the linux log says "clientDomain": "WORKGROUP"
. I don't know if it makes a difference or not?