[Samba] Windows XP & greyed-out Guest user password prompt

Jules Agee julesa at pcf.com
Thu Mar 24 20:47:14 GMT 2005 

Hi, we've been using Samba for a while, and are just now starting to 
switch our desktop computers to Windows XP. We are having a problem 
where connections to our Samba server fail, and the user is presented 
with a password prompt asking for a password for user Guest. They can't 
select a different user.

I've searched the Microsoft knowledgebase, and the Samba list archives, 
and there are others who have seen this problem, but none of the 
suggestions presented seem to help. We are currently using "security = 
share" because there are some legacy scripts that depend on not getting 
prompted for a username to access some read-only shares we have set up. 
But just for troubleshooting, I have tried setting "security = user" and 
"map to guest = Bad User" but XP still presents the guest password 
prompt and the user still isn't allowed to specify their username. We 
are not using a domain controller.

Everything works great when using a Windows 2000 client. In XP, mapping 
a drive to the Samba share works fine. From XP's command prompt, if the 
user's Windows login and password match what's in our LDAP directory 
(and they usually do), it lets them right in -- the user doesn't even 
get a password dialog when they do this:
"net use \\fileserver.example.com\share /user:joebob" But if you just 
set up a shortcut to \\fileserver.example.com\share or if you try to 
connect from the "run" line, it fails & tries to force them to login 
with the guest account.

If anyone has any suggestions, or can even make a guess at an 
explanation for this behavior, I'd really appreciate it.

Thanks!

-Jules
julesa at pcf.com

smb.conf, slightly sanitized:
[global]
         admin users = jane,joe,bob
	security = share
	encrypt passwords = true
         ldap suffix = "o=internet"
         ldap admin dn="cn=Administrator,o=internet"
	passdb backend = ldapsam:"ldaps://ldap1.example.com 
ldaps://ldap2.example.com"
	guest account = nobody
	invalid users = root
         workgroup = IS
         netbios name = fileserver.example.com
         server string = File Server
         name resolve order = host bcast
         socket options = SO_KEEPALIVE,TCP_NODELAY
         oplocks = yes
         kernel oplocks = yes
         level2 oplocks = no
         encrypt passwords = yes
         create mask = 770
         directory mask = 0770
         log level = 2
         log file = /var/log/samba/%m.log
         max log size = 10000
         map to guest = Bad Password
         load printers = no
         delete veto files = yes
         hide files = /Icon?/
         veto files = /.AppleDouble/.AppleDesktop/Network Trash 
Folder/TheVolumeSettingsFolder/TheFindByContentFolder/
	dns proxy = no
	log file = /var/log/samba/log.%m.
	max log size = 1000
	syslog = 0
	panic action = /usr/share/samba/panic-action %d
	preserve case = yes

[private]
	comment = Your Private Home Directory
	path = /home/%u
	group = default
	writable = yes
	create mask = 0700
	directory mask = 0700

[IS]
         comment = Information Systems
         path = /var/local/fileshare/IS
         nt acl support = no
         create mask = 777
         directory mask = 0777
         read only = No
         group = IS
         valid users = @IS, at ISAnalyst, at SupportAnalyst, at SystemAdmin

[updates]
         comment = Software Updates
         path = /var/local/fileshare/admin/updates
         browsable = no
         create mask = 774
         group = SystemAdmin
         directory mask = 0775
         nt acl support = no
         read only = yes
         guest ok = yes

More information about the samba mailing list