drivie wrote: ↑Sat Jun 29, 2019 8:45 am
Well, I searched through the smb.sh file (in /etc/init.d directory) using WinSCP editor and could not locate the line you listed. I had downgraded my firmware to 4.3.6.0959 so I wonder if that line is missing because of that...? Still unable to access any shares as a guest user though. Not sure where to go from here.
ETA: I went ahead and upgraded to 4.3.6.0979 again and the line you listed was in the smb.sh file so I was able to make the changes. Guest access is working now. Thank you so much!!!
Yes, It appears if you downgrade from 4.3.6.0979 the line "/sbin/setcfg global "invalid users" "guest" -f ${CONFIG}' doesn't appear in smb.sh
This is what is happening -
pre 4.3.6.0979 smb.conf "invalid users =" does not exist
upgrade to 4.3.6.0979 smb.conf "invalid users = guest" (added because of smb.sh)
downgrade to 4.3.6.0959 smb.conf still "invalid users = guest" (can't be changed by smb.sh as no code to change it)
The problem with using "invalid users = guest" QNAP, is simply explained in the SAMBA manual which states -
invalid users (S)
This is a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security.
If you try to access your shares and the Account you use is not on the NAS, SAMBA sends it to the guest Account but as we saw the guest is blocked by "invalid users = guest" and it fails.
Soooooo...
if you downgrade to 4.3.6.0959 or lower then edit smb.conf "invalid users =" Save the file and restart SMB with /etc/init.d/smb.sh restart
(Note: Below is not QNAP approved. Just my own way of fixing what I think they were trying to achieve.)
if you are still on 4.3.6.0979 then edit smb.sh as below adding the two lines
/sbin/setcfg global "invalid users" "guest" -f ${CONFIG}
/sbin/setcfg global "invalid users" "" -f ${CONFIG}
and remove the last
/sbin/setcfg global "invalid users" "guest" -f ${CONFIG}
so the code looks like below
Save the file and restart SMB with /etc/init.d/smb.sh restart
Code: Select all
_init_anonymous()
{
# "guest account" check.
guest_account=`/sbin/getcfg global "guest account" -d "NOT_FOUND" -f ${CONFIG}`
#if [ "x${guest_account}" == "xNOT_FOUND" ]; then
#/sbin/write_log "[Microsoft Networking] ${CONFIG} setup 'guest account' not found. Repaired." 2
#fi
# "guest account" reset.
/sbin/setcfg global "guest account" "guest" -f ${CONFIG}
# "map to guest" check.
map_to_guest=`/sbin/getcfg global "map to guest" -d "NOT_FOUND" -f ${CONFIG}`
#if [ "x${map_to_guest}" == "xNOT_FOUND" ]; then
#/sbin/write_log "[Microsoft Networking] ${CONFIG} setup 'map to guest' not found. Repaired." 2
#fi
# "map to guest" reset. Dependes on "restrict anonymous".
restrict_anonymous=`/sbin/getcfg global "restrict anonymous" -d "NOT_FOUND" -f ${CONFIG}`
if [ "x${restrict_anonymous}" == "x2" ]; then
# restrict anonymous level 2.
/sbin/setcfg global "map to guest" "Never" -f ${CONFIG}
/sbin/setcfg global "invalid users" "guest" -f ${CONFIG}
else
/sbin/setcfg global "map to guest" "Bad User" -f ${CONFIG}
/sbin/setcfg global "invalid users" "" -f ${CONFIG}
fi
}
EDIT:
I can now confirm the above (after backing up, reinitialising, installing 4.3.6.0959, reconfiguring NAS and checking the files - PHEW!)
This bug was introduced by QNAP when they rewrote smb.sh in 4.3.6.0979
Previous firmware did not have "invalid users = guest" in smb.conf or a line in smb.sh to configure it!
Waiting for QNAP to fix their code.
Waiting..............