[Samba] Disable AD checking per share in smb.conf [sec=unclassified]

Jeremy Allison jra at samba.org
Wed Apr 25 19:16:56 MDT 2012 

On Thu, Apr 26, 2012 at 11:14:47AM +1000, Kym Newbery wrote:
> Hi
> 
> I tried the 'map to guest = Bad User' option, but the win XP machine
> reports "unexpected network error occurred'.  Without that option
> Windows Xp just reports 'access denied'.
> 
> That is even though some of the my shares are 'public = yes' and
> 'guest ok = yes' (but others are not - they are for domain
> credentials only.
> 
> I looked in /var/log/messages when the Windows XP machine accessed
> the server  (with 'map to guest = Bad user')
> 
> Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25
> CAPIGetObjectBySID > base.zonehier Failed to extend object for
> CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
> Trust,DC=AAD,DC=GOV,DC=AU
> Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25
> CAPIGetObjectBySID > base.zonehier Failed to extend object for
> CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
> Trust,DC=AAD,DC=GOV,DC=AU
> Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25
> CAPIGetObjectBySID > base.zonehier Failed to extend object for
> CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
> Trust,DC=AAD,DC=GOV,DC=AU
> Apr 26 01:09:23 sts-dev adbindd[19083]: INFO  samba.adbindd2 Connect
> to adclient successfully.
> Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25
> CAPIGetObjectBySID > base.zonehier Failed to extend object for
> CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
> Trust,DC=AAD,DC=GOV,DC=AU
> Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25
> CAPIGetObjectBySID > base.zonehier Failed to extend object for
> CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
> Trust,DC=AAD,DC=GOV,DC=AU
> Apr 26 01:09:23 sts-dev adclient[1412]: WARN <fd:25
> CAPIGetObjectBySID > base.zonehier Failed to extend object for
> CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
> Trust,DC=AAD,DC=GOV,DC=AU
> 
> So - I'm still stuck to work out if it is at all possible for a
> server that is on the domain (using CentrifyDC) to run Samba and
> have a public read only share that doesn't require credentials.

What do you have your guest user set to ? These are Centrify
error messages so you might want to follow up with them.

Jeremy.

More information about the samba mailing list