[SMB sharing] How to: Anonymous access to root sharing folder?

[Killom]

Greetings community!

I'm new to FreeNAS. I've upcycled an Thecus N4800Eco to fit FreeNAS (120GB SSD, 8GB RAM)

Now one of my first issues is, getting the root sharing folder accessible to everyone (SID: S-1-1-0 ) / guests (SID S-1-5-32-546). ATM I'm getting prompted for credentials:

In which way I have to configure FreeNAS for this to work?

 

[anodos]

Greetings community!

I'm new to FreeNAS. I've upcycled an Thecus N4800Eco to fit FreeNAS (120GB SSD, 8GB RAM)

Now one of my first issues is, getting the root sharing folder accessible to everyone (SID: S-1-1-0 ) / guests (SID S-1-5-32-546). ATM I'm getting prompted for credentials:

View attachment 35064

In which way I have to configure FreeNAS for this to work?

Guest access may not work in Windows 10 and Server 2016 without additional client configuration. You will also need to verify that your guest user has access to the share path.

 

[Killom]

What I'm not understanding is, why is guest access working then with other NAS like QNAP or Synology (or the original Thecus OS for this device) on the same system out of the box? AFAIK these ones are also using *NIX OS with samba service - there has to be a config option

 

[anodos]

What I'm not understanding is, why is guest access working then with other NAS like QNAP or Synology (or the original Thecus OS for this device) on the same system out of the box? AFAIK these ones are also using *NIX OS with samba service - there has to be a config option

It might also be a permission issue. Check contents of /var/log/samba4/log.smbd.

 

[Killom]

Code:

  INFO: Profiling support unavailable in this build.
[2020/01/14 21:34:48.481196,  1] ../../source3/smbd/files.c:227(file_init_global
)
  file_init_global: Information only: requested 233370 open files, 59392 are ava
ilable.
[2020/01/14 21:34:48.492822,  0] ../../lib/util/become_daemon.c:136(daemon_ready
)
  daemon_ready: daemon 'smbd' finished starting up and ready to serve connection
s
[2020/01/14 21:35:17.300540,  0] ../../source3/smbd/server.c:1788(main)
  smbd version 4.10.10 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2019
[2020/01/14 21:35:17.306137,  1] ../../source3/profile/profile_dummy.c:30(set_pr
ofile_level)
  INFO: Profiling support unavailable in this build.
[2020/01/14 21:35:18.046747,  1] ../../source3/smbd/files.c:227(file_init_global
)

These are the latest lines from /var/log/samba4/log.smbd. Looks good to me, no issues.

Guest access may not work in Windows 10 and Server 2016 without additional client configuration.

Same issue here with the Win7 VM - AFAIK this should work here. At least, from postings that google brought me up on screen.

You will also need to verify that your guest user has access to the share path.

Ho do I verify, that the guest has access to the share path?
In which way I'll have to configure FreeNAS to make things work with anonymous access in the first place?

I were unable to find a good tutorial for this.

Just to be clear: When entering "\\RUMPELKISTE" into the explorer, the available shares should pop up instead of a credential log in screen. Only when trying to access "\\RUMPELKISTE\Share1" there should be asked for credentials.

 

[Killom]

Well now I'm confused ... I don't know, what I've done, but anonymous share is now working - at least for Win7

Wireshark trace Win10:

Code:

No.    Time    Source    Destination    Protocol    Length    Info
31    4.915514    192.168.16.2    224.0.0.251    MDNS    163    Standard query response 0x0000 A, cache flush 192.168.16.2 AAAA, cache flush fe80::214:fdff:fe19:88e6 AAAA, cache flush 2a01:c22:8435:9a00:214:fdff:fe19:88e6 NSEC, cache flush Rumpelkiste.local
47    5.928472    192.168.16.105    192.168.16.2    TCP    66    51368 → 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
48    5.928684    192.168.16.2    192.168.16.105    TCP    66    445 → 51368 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1
49    5.928764    192.168.16.105    192.168.16.2    TCP    54    51368 → 445 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
50    5.928814    192.168.16.105    192.168.16.2    SMB    127    Negotiate Protocol Request
54    5.989075    192.168.16.2    192.168.16.105    SMB2    260    Negotiate Protocol Response
55    5.989155    192.168.16.105    192.168.16.2    SMB2    288    Negotiate Protocol Request
56    5.990842    192.168.16.2    192.168.16.105    SMB2    326    Negotiate Protocol Response
57    5.991692    192.168.16.105    192.168.16.2    SMB2    220    Session Setup Request, NTLMSSP_NEGOTIATE
58    5.992922    192.168.16.2    192.168.16.105    SMB2    375    Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
59    5.994653    192.168.16.105    192.168.16.2    TCP    54    51368 → 445 [RST, ACK] Seq=474 Ack=800 Win=0 Len=0
77    7.006447    192.168.16.105    192.168.16.2    TCP    66    51371 → 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
78    7.006659    192.168.16.2    192.168.16.105    TCP    66    445 → 51371 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1
79    7.006729    192.168.16.105    192.168.16.2    TCP    54    51371 → 445 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
80    7.006779    192.168.16.105    192.168.16.2    SMB2    288    Negotiate Protocol Request
83    7.062177    192.168.16.2    192.168.16.105    SMB2    326    Negotiate Protocol Response
84    7.062805    192.168.16.105    192.168.16.2    SMB2    220    Session Setup Request, NTLMSSP_NEGOTIATE
85    7.064219    192.168.16.2    192.168.16.105    SMB2    375    Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
86    7.065713    192.168.16.105    192.168.16.2    TCP    54    51371 → 445 [RST, ACK] Seq=401 Ack=594 Win=0 Len=0

Connection ends here with credential box on screen. No credentials were requested by FreeNAS. So it seems to be a client side issue.
But what i've read about SMB is, that the client (at least) should try to authenticate at first with the credentials of the logged on windows user.

Wiresharktrace Win7:

Code:

No.    Time    Source    Destination    Protocol    Length    Info
269    10.167058    192.168.16.108    192.168.16.2    TCP    66    49195 → 139 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
270    10.167236    192.168.16.2    192.168.16.108    TCP    66    139 → 49195 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1
271    10.167374    192.168.16.108    192.168.16.2    NBSS    126    Session request, to RUMPELKISTE<20> from VBOX-PC<00>
272    10.219872    192.168.16.2    192.168.16.108    NBSS    60    Positive session response
273    10.220298    192.168.16.108    192.168.16.2    SMB    213    Negotiate Protocol Request
274    10.228234    192.168.16.2    192.168.16.108    SMB2    260    Negotiate Protocol Response
275    10.228403    192.168.16.108    192.168.16.2    SMB2    162    Negotiate Protocol Request
276    10.230805    192.168.16.2    192.168.16.108    SMB2    260    Negotiate Protocol Response
277    10.231725    192.168.16.108    192.168.16.2    SMB2    220    Session Setup Request, NTLMSSP_NEGOTIATE
278    10.232917    192.168.16.2    192.168.16.108    SMB2    375    Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
279    10.233403    192.168.16.108    192.168.16.2    SMB2    300    Session Setup Request, NTLMSSP_AUTH, User: \
280    10.237503    192.168.16.2    192.168.16.108    SMB2    139    Session Setup Response
281    10.237875    192.168.16.108    192.168.16.2    SMB2    166    Tree Connect Request Tree: \\RUMPELKISTE\IPC$
282    10.239029    192.168.16.2    192.168.16.108    SMB2    138    Tree Connect Response
283    10.241551    192.168.16.108    192.168.16.2    TCP    66    49196 → 139 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
284    10.241762    192.168.16.2    192.168.16.108    TCP    66    139 → 49196 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1

Win7 on the other hand, will try to authenticate with anonymous credentials just fine.

Guest access may not work in Windows 10 and Server 2016 without additional client configuration.

That line is also found in the info box in FreeNAS. But the most valuable information is missing here: which configuration has to be done here?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:1

won't do the trick.