Hi there,

Recently updated samba for one of my customers to 4.21.2 after updating dnf. This customer has a user map file that basically has one entry:

guest = *

While this still works if you know the share name, you can no longer type the host name in the explorer address bar and get a list of the available shares. Nor can you do a "net view \\hostname" in a CMD window and get a list of shares (it gives a "System error 53").

If you put individual entries in the user map file, for example:

guest = DOMAIN\user.name

Then you can browse the list of shares and "net view \\hostname" works.

So I decided to try a usermap script. Documentation says that this script needs to return the (AIX) user name that the AD user maps to. So in this case, any user should map to "guest". So  my script is:

#!/usr/bin/ksh

print "guest"

But this has the same effect as "guest = *" in the user name map file i.e. I can map a share if I know it's name but "net view \\hostname" doesn't work.

The customer doesn't want to create and maintain user map files for their multiple hosts that run samba, so I'm wondering if there's a way around this. I realise there are several user name hardening updates in 4.21 but they're not for this specifically.

If I downgrade back to 4.18, things go back to "normal" (wildcard works for the conditions above), however the customer doesn't want to remain on that version indefinitely.

Any help much appreciated.

Cheers,

Peter

Please check this thread -- >https://community.ibm.com/community/user/discussion/samba-4212-1-update-broke-samba-authentication#bme243fa19-b50f-4170-b78b-0dc30c67898d

Hi there,

Recently updated samba for one of my customers to 4.21.2 after updating dnf. This customer has a user map file that basically has one entry:

guest = *

While this still works if you know the share name, you can no longer type the host name in the explorer address bar and get a list of the available shares. Nor can you do a "net view \\hostname" in a CMD window and get a list of shares (it gives a "System error 53").

If you put individual entries in the user map file, for example:

guest = DOMAIN\user.name

Then you can browse the list of shares and "net view \\hostname" works.

So I decided to try a usermap script. Documentation says that this script needs to return the (AIX) user name that the AD user maps to. So in this case, any user should map to "guest". So  my script is:

#!/usr/bin/ksh

print "guest"

But this has the same effect as "guest = *" in the user name map file i.e. I can map a share if I know it's name but "net view \\hostname" doesn't work.

The customer doesn't want to create and maintain user map files for their multiple hosts that run samba, so I'm wondering if there's a way around this. I realise there are several user name hardening updates in 4.21 but they're not for this specifically.

If I downgrade back to 4.18, things go back to "normal" (wildcard works for the conditions above), however the customer doesn't want to remain on that version indefinitely.

Any help much appreciated.

Cheers,

Peter

Thank you but I'd already seen that before I opened this thread. It does not help in this situation. All that referenced script does is strip the domain portion from the AD user's name.

My customer needs to map any and all AD users to "guest".

Cheers,

Peter

Please check this thread -- >https://community.ibm.com/community/user/discussion/samba-4212-1-update-broke-samba-authentication#bme243fa19-b50f-4170-b78b-0dc30c67898d

Hi there,

Recently updated samba for one of my customers to 4.21.2 after updating dnf. This customer has a user map file that basically has one entry:

guest = *

While this still works if you know the share name, you can no longer type the host name in the explorer address bar and get a list of the available shares. Nor can you do a "net view \\hostname" in a CMD window and get a list of shares (it gives a "System error 53").

If you put individual entries in the user map file, for example:

guest = DOMAIN\user.name

Then you can browse the list of shares and "net view \\hostname" works.

So I decided to try a usermap script. Documentation says that this script needs to return the (AIX) user name that the AD user maps to. So in this case, any user should map to "guest". So  my script is:

#!/usr/bin/ksh

print "guest"

But this has the same effect as "guest = *" in the user name map file i.e. I can map a share if I know it's name but "net view \\hostname" doesn't work.

The customer doesn't want to create and maintain user map files for their multiple hosts that run samba, so I'm wondering if there's a way around this. I realise there are several user name hardening updates in 4.21 but they're not for this specifically.

If I downgrade back to 4.18, things go back to "normal" (wildcard works for the conditions above), however the customer doesn't want to remain on that version indefinitely.

Any help much appreciated.

Cheers,

Peter