[Samba] (retry) 3.0.7: 'map to guest' incomplete behavior

Heath Kehoe hakehoe at avalon.net
Fri Oct 8 16:06:43 GMT 2004

Hash: SHA1

(my first attempt got mangled because of the attachments, so I'm 

I have a 3.0.7 server that is part of an active directory domain, and I
have a problem where 'map to guest = Bad User' doesn't do what I expect.

On this system, unix users are a subset of AD users.  Those users who
have accounts on both unix and AD can access the Samba server; but users
who have an AD account but not a unix account can not.  What I want is
for those users without a unix account to still be able to access the
world-readable shares as 'guest'.

In my smb.conf, I have 'map to guest = Bad User' and
'guest account = guest'.  But even with those settings, we still
get an error in the smb log: "Username DOMAIN\blah is invalid on this

However, if a user specifies a bogus username when setting up the drive
map (i.e., a username that does not exist in AD) then Samba will
proceed to connect that user as 'guest'.  In other words, 'map to guest'
only works if the given username is not in AD.

I modified reply_spnego_kerberos() in smbd/sesssetup.c so that it would
use the guest user if the user is not in the unix password db and
'map to guest' is on.  The patch is available here:

If the developers have a problem with extending the 'map to guest'
functionality in this way, then I suggest you add a new option
('unix map to guest' or something).

I know that there's a hook to have smbd create user accounts on the
fly, but that is not an acceptable solution in my environment.  I
need to have unknown (but valid) AD accounts map to 'guest'.

- - heath
Version: GnuPG v1.2.4 (Darwin)


More information about the samba mailing list