[Pkg-samba-maint] Bug#458071: Wrong file timestamps on smbfs mounted share when timezone +13

Steve Langasek vorlon at debian.org
Sun Jan 6 07:29:45 UTC 2008


On Sat, Jan 05, 2008 at 05:38:10PM +1300, Alex Jenner wrote:
> > I suppose we could at least add code to the smbmount wrapper script to
> > translate "-o guest" to "-o guest,sec=none".

> I was going to make a new bug report as this one has gone off-topic, but
> right now if testing became the new stable, there might be a certain
> percentage of users no longer be able to mount their smbfs shares.

Well, I've committed that change to the package which has just been uploaded
to unstable, so at least this won't be a reason for it.

It also spits out a warning that the option is being translated, so users
shouldn't be misled when they switch to using the cifs commands directly.

> > Right, it's a server problem in a sense; see the "map to guest" option in
> > smb.conf(5), you probably want (at least) map to guest = bad user.

> The following three methods all worked (allowed mount -f cifs)...
> A. start with the smb.conf above and change "security = share"
>       - but not a good option in many cases.
> B. start with smb.conf above and add "map to guest = bad password"
>       - also not a good option according to smb.conf man page.
> C. start with smb.conf above and comment out "passdb backend = tdbsam"
>     and add "map to guest = bad user"

> Simply adding "map to guest = bad user" didn't work on it's own, unless I
> removed/commented out "passdb backend = tdbsam" (default is smbpasswd).
> Removing "encrypt passwords = true" option didn't help either.

Yes, this is the case that caused me to say "at least".  If you have a
Windows client trying to authenticate, and the username on Windows matches a
user on the Linux server, "map to guest = bad user" is insufficient.  In
those cases I for one tend to favor setting up proper domain-based logins
for all machines in question, but 'map to guest = bad password' is certainly
another option.  Removing the passdb isn't one I would've thought of - or
recommended if I had, since that removes any possibility of doing
/authenticated/ access to that same server.

> Finally I did one more test...
> 1. stop samba
> 2. edit smb.conf above and use options
>       security = user
>       passdb backend = tdbsam
>       map to guest = bad user
> 3. move/remove all /var/lib/samba/*.tdb files.
> 4. start samba.

> When samba starts it recreates all the /var/lib/samba/*.tdb files. Now I
> can mount with "mount.cifs //server/share /mnt -o guest", even though I'm
> back to using "passdb backend = tdbsam".

> I'm not sure what was happening there... but it's worth noting that for
> some people, the "map to guest = bad user" option will not be enough on
> it's own.

Well, what's happened is that as a result of removing the tdb files, *all*
users are now bad users; so no matter what the client submits it's always
mapped to anonymous access.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org





More information about the Pkg-samba-maint mailing list