[Samba] Samba 3 "public" Access

Andrew Bartlett abartlet at samba.org
Thu Mar 4 23:09:25 GMT 2004

On Fri, 2004-03-05 at 09:47, Jason McCormick wrote:
>   What are the ramifications of changing security = share from sercurity =
> ads ?  I was using security = domain before.  Looking at the docs/manpages
> I'm unclear how other shares will be affected (for the sections that match
> UNIX == Windows for IT staff).  From reading the manpage, it sounds like
> if guest ok = yes then it skips checking, but does it fall back to ADS if
> there's no guest ok directive?

Ok, what has happened here is that in Samba 2.2, if a user logged in
with valid domain credentials, and did not have an account on the
system, they were mapped to a 'guest' account.  This is not possible in
3.0 (and I think it was a bad idea in the first place).

So, the alternative for you is to create a new server (or more to the
point, a virtual server configuration) that is in 'security=share' (so
the remote clients never attempt a user/password login) and has 'guest
ok' (or even beter 'guest only') set, so that all connections are
treated as guest, with no questions asked.

include = smb.conf.%L is your freind - but watch out, for this to work
you must set 'smb ports = 139' or we might not get our 'called name' on
which we base that.

Andrew Bartlett

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040305/b1e83736/attachment.bin

More information about the samba mailing list