[Samba] "map to guest" in share definition?

Ryan Novosielski novosirj at umdnj.edu
Thu Nov 29 15:08:25 GMT 2007

Hash: SHA1

Apparently not. Much more importantly is the first line of the man page
on this subject:

map to guest (G)
       This parameter is only useful in SECURITY = security modes other
       than security = share - i.e. user, server, and domain.

       This parameter can take four different values, which tell smbd(8)
       what to do with user login requests that don't match a valid UNIX
       user in some way.

The (G) signifies a global parameter. It appears as if I was mixing up
my use of map to guest (which I have set to "bad user"), and my
combining that directive with "guest ok" and "guest only", which I'm
guessing would do everything you wanted. In my case, we have a share
that we want to work regardless of valid login information. [homes]
obviously will not work if the user does not exist. We also do IP range
restrictions. Is there some special case that is not covered by all of that?

Michael Heydon wrote:
> Are you sure about this?
> From the smb.conf man page:
>> Note that this parameter is needed to set up "Guest" share  services
>> when using security modes other than share. This is because in these
>> modes the name of the resource being requested is not  sent  to  the
>> server  until  after  the  server has successfully authenticated the
>> client so the server cannot make  authentication  decisions  at  the
>> correct time (connection to the share) for "Guest" shares.
> From that it sounds like the authentication must be 100% complete before
> the client can specify which share it is after, how could it decide
> whether or not the authentication request passes if each share has
> different rules for what is acceptable?
> *Michael Heydon - IT Administrator *
> michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
> Ryan Novosielski wrote:
> Yes, you can.
> Tim Bates wrote:
>>>> Is it possible to use "map to guest" in a single share?
>>>> We have 2 or 3 shares where I want this behavior, but for most I would
>>>> like to not use it due to issues with home directories with bad users.
>>>> I would simply try moving that line to a share definition to see what
>>>> happens, but I don't want to break a live server to test (and have no
>>>> spare Samba boxes right now).
>>>> Tim B
>>>> **********************************************************************
>>>> This message is intended for the addressee named and may contain
>>>> privileged information or confidential information or both. If you
>>>> are not the intended recipient please delete it and notify the sender.
>>>> **********************************************************************

- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list