[Samba] Q: concerning user "nobody" and Samba 3

John H Terpstra jht at samba.org
Fri Dec 9 18:19:59 GMT 2005

On Friday 09 December 2005 00:40, Frank Schifferstein wrote:
> hi,
> we are running several HP-UX 11.23 servers with Samba 2.2.x and are
> starting a migration to Samba 3 and encounter several problems.
> As far as I understand this passage: (chapter 24, Upgrading from
> Samba-2.x to Samba-3.0.20)

Please follow the information in chapter 8 of my book "Samba-3 by Example" 
rather than the brief information in the HOWTO book. "Samba-3 by Example" is 
the official deployment guide, the HOWTO book is a reference guide on how the 
facilities of Samba-3 function.

> "The following issues are known changes in behavior between Samba-2.2
> and Samba-3 that may affect certain installations of Samba.
> When operating as a member of a Windows domain, Samba-2.2 would map any
> users authenticated by the remote DC to the "guest account" if a UID
> could not be obtained via the getpwnam() call. Samba-3 rejects the
> connection with the error message "NT_STATUS_LOGON_FAILURE." There is no
> current workaround to re-establish the Samba-2.2 behavior. "

Samba-3 introduced a new parameter, "map to guest," that will permit you to 
get the old behavior of Samba-2.2.x. Suggest you check the man page for 

> the user nobody is not used anymore, and there is a need having unixuser
> account for every windowsuser account. I know, this is a general need,
> but for differerent purposes we configured "guest ok = yes" in some
> shares to allow the "guest" access to shares where the unixaccount is
> missung. Is my interpretation of the passage correct ? In case it is,
> does it refer to security = domain/ads only or is it valid for security
> = server as well (I know, security = server is not the preferred
> configuration).

- John T.

More information about the samba mailing list