This post is about troubleshooting connectivity issues to Raspberry Pi when accessing an SMB shared path.
Context
The aim is to expose a NAS from Raspberry Pi using Samba. It should be accessible only with authentication. The good thing in Windows is that it disables the anonymous access by default¹.
For authenticating there is a user created in Raspberry Pi. Below is the design.
Problem
When accessing SMB share from Windows 10 machine, it error out with
You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network."
The event viewer shows the below.
Rejected an insecure guest logon.
User name: <user name>
Server name: \raspberrypi
Guidance:
This event indicates that the server attempted to log the user on as an unauthenticated guest and was denied by the client. Guest logons do not support standard security features such as signing and encryption. As a result, guest logons are vulnerable to man-in-the-middle attacks that can expose sensitive data on the network. Windows disables insecure guest logons by default. Microsoft does not recommend enabling insecure guest logons.
Analysis
It says the attempt is made as an unauthenticated user. But the dialog box for login was present and entered the username and password.
Root cause
The credentials were wrong. When the password was wrong, instead of telling wrong user name or password, it fall back to unauthenticated anonymous user access and that is rejected.
Why it takes that fall back?
It is bacause of a setting in Samba. The setting name is "map to guest". The default value is 'Never'² but the value was somehow different.
Solution / Fix
Make sure the smb.conf has "map to guest user" = 'never', if we want to enforce only authenticated users accessing the share. May be we can leave it as the default value is 'never'.
More more details refer Ansible scripts³ in previous post in this blog.
Happy debugging...
No comments:
Post a Comment