[Samba] Disable AD checking per share in smb.conf [sec=unclassified]

Kym Newbery kym.newbery at aad.gov.au
Wed Apr 25 19:14:47 MDT 2012


Hi

I tried the 'map to guest = Bad User' option, but the win XP machine reports 
"unexpected network error occurred'.  Without that option Windows Xp just 
reports 'access denied'.

That is even though some of the my shares are 'public = yes' and 'guest ok = 
yes' (but others are not - they are for domain credentials only.

I looked in /var/log/messages when the Windows XP machine accessed the server  
(with 'map to guest = Bad user')

Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID > 
base.zonehier Failed to extend object for 
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way 
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID > 
base.zonehier Failed to extend object for 
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way 
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID > 
base.zonehier Failed to extend object for 
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way 
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adbindd[19083]: INFO  samba.adbindd2 Connect to adclient 
successfully.
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID > 
base.zonehier Failed to extend object for 
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way 
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID > 
base.zonehier Failed to extend object for 
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way 
Trust,DC=AAD,DC=GOV,DC=AU
Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25 CAPIGetObjectBySID > 
base.zonehier Failed to extend object for 
CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way 
Trust,DC=AAD,DC=GOV,DC=AU

So - I'm still stuck to work out if it is at all possible for a server that is 
on the domain (using CentrifyDC) to run Samba and have a public read only share 
that doesn't require credentials.

Regards
Kym


On 2012/04/24 03:26, Jeremy Allison wrote:
> On Mon, Apr 23, 2012 at 03:50:21PM +1000, Kym Newbery wrote:
>> Hi,
>>
>>
>> Is it possible to have non-authenticating shares on an server with security=ADS  ?
>>
>>
>> I have a RHEL server, with Centrify Express, and joined to a domain,
>> but I would like to have a samba share that doesn't request a
>> username/password for machines not on the domain.
>>
>>
>> When I have a plain windows XP machine (not on the domain) attempt
>> to connect, I get asked for a username/password.
>>
>> Is this possible? (to have a public share) whilst also having shares
>> that use AD usernames for other users.
>>
>> I'm using
>>
>> CentrifyDC-adbindproxy-4.5.1-504.i386
>> CentrifyDC-5.0.1-177.i386
>> CentrifyDC-samba-3.5.9-4.5.1.504.i386
>> CentrifyDC-openssh-5.9p1-4.5.2.534.i386
> Try setting "map to guest = Bad User"
> .
>

-- 
Kym B Newbery, Science Technical Support Electronics Design Engineer
Australian Antarctic Division 203 Channel Highway, Kingston, TASMANIA, 7050.
PHONE +61 3 6232 3329  FAX +61 3 6232 3351


___________________________________________________________________________

    Australian Antarctic Division - Commonwealth of Australia
IMPORTANT: This transmission is intended for the addressee only. If you are not the
intended recipient, you are notified that use or dissemination of this communication is
strictly prohibited by Commonwealth law. If you have received this transmission in error,
please notify the sender immediately by e-mail or by telephoning +61 3 6232 3209 and
DELETE the message.
        Visit our web site at http://www.antarctica.gov.au/
___________________________________________________________________________


More information about the samba mailing list