[Samba] Disable AD checking per share in smb.conf [sec=unclassified]
Kym Newbery
kym.newbery at aad.gov.au
Wed Apr 25 19:14:47 MDT 2012
Hi
I tried the 'map to guest = Bad User' option, but the win XP machine reports
"unexpected network error occurred'. Without that option Windows Xp just
reports 'access denied'.
That is even though some of the my shares are 'public = yes' and 'guest ok =
yes' (but others are not - they are for domain credentials only.
I looked in /var/log/messages when the Windows XP machine accessed the server
(with 'map to guest = Bad user')
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID >
base.zonehier Failed to extend object for
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID >
base.zonehier Failed to extend object for
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID >
base.zonehier Failed to extend object for
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adbindd[19083]: INFO samba.adbindd2 Connect to adclient
successfully.
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID >
base.zonehier Failed to extend object for
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID >
base.zonehier Failed to extend object for
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID >
base.zonehier Failed to extend object for
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
Trust,DC=AAD,DC=GOV,DC=AU
So - I'm still stuck to work out if it is at all possible for a server that is
on the domain (using CentrifyDC) to run Samba and have a public read only share
that doesn't require credentials.
Regards
Kym
On 2012/04/24 03:26, Jeremy Allison wrote:
> On Mon, Apr 23, 2012 at 03:50:21PM +1000, Kym Newbery wrote:
>> Hi,
>>
>>
>> Is it possible to have non-authenticating shares on an server with security=ADS ?
>>
>>
>> I have a RHEL server, with Centrify Express, and joined to a domain,
>> but I would like to have a samba share that doesn't request a
>> username/password for machines not on the domain.
>>
>>
>> When I have a plain windows XP machine (not on the domain) attempt
>> to connect, I get asked for a username/password.
>>
>> Is this possible? (to have a public share) whilst also having shares
>> that use AD usernames for other users.
>>
>> I'm using
>>
>> CentrifyDC-adbindproxy-4.5.1-504.i386
>> CentrifyDC-5.0.1-177.i386
>> CentrifyDC-samba-3.5.9-4.5.1.504.i386
>> CentrifyDC-openssh-5.9p1-4.5.2.534.i386
> Try setting "map to guest = Bad User"
> .
>
--
Kym B Newbery, Science Technical Support Electronics Design Engineer
Australian Antarctic Division 203 Channel Highway, Kingston, TASMANIA, 7050.
PHONE +61 3 6232 3329 FAX +61 3 6232 3351
___________________________________________________________________________
Australian Antarctic Division - Commonwealth of Australia
IMPORTANT: This transmission is intended for the addressee only. If you are not the
intended recipient, you are notified that use or dissemination of this communication is
strictly prohibited by Commonwealth law. If you have received this transmission in error,
please notify the sender immediately by e-mail or by telephoning +61 3 6232 3209 and
DELETE the message.
Visit our web site at http://www.antarctica.gov.au/
___________________________________________________________________________
More information about the samba
mailing list