# 13.0 samba guest visit from win10，no permission



## supersnd (May 18, 2021)

```
root@nasbsd ~ # more /usr/local/etc/smb4.conf
[global]
        workgroup = WORKGROUP
        passdb backend = tdbsam
#       passdb backend = smbpasswd
        map to guest =  bad user
        security = user
        client min protocol = NT1
        server min protocol = NT1
        lanman auth = yes
        encrypt passwords = yes

[zly]
#    path = /zdiskd/zly/
path = /boot/efi
    writable = yes
    guest ok = yes
    guest only = yes

[zdiska]
    path = /zdiska
    writable = yes
    guest ok = yes
    guest only = yes
```
this config use long time ,12.0 begin to 13.0,it's ok. samba version 4.13

/var/log/messages

```
May 17 23:53:13 nasbsd smbd[2675]: [2021/05/17 23:53:13.482263,  0] ../../source3/smbd/service.c:169(chdir_current_service)
May 17 23:53:13 nasbsd smbd[2675]:   chdir_current_service: vfs_ChDir(/zdiskb) failed: Permission denied. Current token: uid=65534, gid=65534, 1 groups: 65534
```
the zdiska is new disk

```
zpool create zdiska /dev/ada1

root@nasbsd ~ # zpool version
zfs-2.0.0-FreeBSD_gf11b09dec
zfs-kmod-2.0.0-FreeBSD_gf11b09dec
```
I can visit the efi，but can't visit zdiska，it is a zpool，
I do ~~~chmod -R 777 /zdiska, nothing change.
how can i do？


----------



## von_Gaden (May 22, 2021)

Do you attempt connection by IP or \\servername?

I'm not sure how `map to guest =  bad user` exactly works.


----------



## cmoerz (May 22, 2021)

von_Gaden is likely pointing out the issue: Windows 10 won't accept NT1 guest authentication by default. Did you try turning up log/debug level? What does the client specific log say when you try to connect?

I'd like to recommend removing

```
client min protocol = NT1
server min protocol = NT1
lanman auth = yes
encrypt passwords = yes
```

It's probably easier to first attempt connections with the defaults before starting to tweak those options.

Do you really want anonymous guest authentication with write access? That kind of opens up your server to anything on your network.

Either way - if you use `map to guest`, you should probably specify an actual user for your guest account, one that exists on your box. So, if you have a user "adam", you could put `guest user = adam`. Otherwise, samba will stick to user `nobody`.


----------

