[Samba] Share level vs other ways

Jack Downes jax at nwmt.us
Sat Oct 24 09:53:01 MDT 2009

I read an email in here where Volker replied to a person saying that 
share level was really weird these days, etc.  Here's the full context:


> I have a server that contains share level users , but would like to be
> in  AD domain for any new users.

Not on the same IP.

You are sure that you mean share level? This is really,
really weird these days.

If you want no-password access for certain shares, for a
certain group of hosts or so, there are other ways to
achieve that.


Okay, so fair enough.  Now, I've got a pretty simple setup, a linux 
based printserver using cups to handle about 540 printers.  It's all 
share level.  I'm using samba 3.2.x and getting ready to upgrade into 
the 3.4 mix.  Since there are better ways, I'm very interested in 
this... here are the boundaries I need to work within.

This system is replacing a windows 2003 printserver which keeps choking 
on the various mix of drivers.  Linux doesn't have this issue, so cool
So, one advantage to using linux outside the AD auth system is that I 
can keep the printers available for anyone. In our environment, that's 
actually kind of important as we have clinics who print stuff to us who 
are not on our network.  Used to be rather painful before.

So, I need to keep my anonymous auth in place.

Here's my current smb.conf
This does work, I'm pretty happy with it's peformance overall, and just 
need to know - is moving to 3.4 going to make stuff worse?  What should 
I be reading about for all the other ways to accomplish the same things?


# Samba config file created using SWAT
# from UNKNOWN ()
# Date: 2009/09/09 13:52:14

    workgroup = KRH
    server string = printserver
    security = SHARE
    obey pam restrictions = Yes
    passdb backend = tdbsam
    guest account = samba
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    local master = No
    domain master = No
    dns proxy = No
    wins server =
    ldap ssl = no
    panic action = /usr/share/samba/panic-action %d
    acl check permissions = No
    acl map full control = No
    hosts deny =,

    comment = Cupsys based printers
    path = /var/spool/samba
    create mask = 0700
    guest ok = Yes
    printable = Yes
    browseable = No

    comment = Printer Drivers
    path = /var/lib/samba/KRH_drivers
    valid users = @wheel

More information about the samba mailing list