[Samba] Disable AD checking per share in smb.conf [sec=unclassified]
Kym Newbery
kym.newbery at aad.gov.au
Wed Apr 25 19:38:57 MDT 2012
On 2012/04/26 11:16, Jeremy Allison wrote:
> On Thu, Apr 26, 2012 at 11:14:47AM +1000, Kym Newbery wrote:
>> Hi
>>
>> I tried the 'map to guest = Bad User' option, but the win XP machine
>> reports "unexpected network error occurred'. Without that option
>> Windows Xp just reports 'access denied'.
>>
>> That is even though some of the my shares are 'public = yes' and
>> 'guest ok = yes' (but others are not - they are for domain
>> credentials only.
>>
>> I looked in /var/log/messages when the Windows XP machine accessed
>> the server (with 'map to guest = Bad user')
>>
>> Apr 26 01:09:23 sts-dev adclient[1412]: WARN<fd:25
>> CAPIGetObjectBySID> base.zonehier Failed to extend object for
>> CN=427802e411ed46798fe049b8c9439a7c,CN=Foreign User,CN=One Way
>> Trust,DC=AAD,DC=GOV,DC=AU
>>
>> So - I'm still stuck to work out if it is at all possible for a
>> server that is on the domain (using CentrifyDC) to run Samba and
>> have a public read only share that doesn't require credentials.
> What do you have your guest user set to ? These are Centrify
> error messages so you might want to follow up with them.
I set 'guest account = nobody'
My previous attempts at sorting out this problem haven't been too successful on
the Centrify Express Community forum ..:
Quoted:-
**************
Here is the latest update from our dev group:
1. The only security mode we support is security = ADS
Unfortunately in ADS mode things like username map only apply AFTER
authentication completes so these are not possibilities.
2. The workaround that was provided earlier appears to be also an issue with
stock samba.
Typically we test the same with stock samba just to make sure Centrify is not
the cause of behavior changes. Unfortunately, in this scenario, Stock Samba
seems to have made some changes in the newer releases which is leading to this bug.
You will have to pursue this issue further with Samba experts through their
forum support.
**************
I also tried
1. Edit /etc/samba/smb.conf and add the following to the [globals] section
guest account = nobody
map to guest = Bad Uid
2. Add the following to public shares
guest ok = yes
but, the same 'access is denied' is present.
Even if I remove all the shares that require AD credentials and only have one share
[Global]
<snipped same as previously>
map to guest = Bad Uid
guest account = nobody
[samba-test]
path = /samba-test
public = yes
guest ok = yes
writable = yes
on windows XP
c:\net view \\sts-dev
System Error 5 occurred
access denied.
c:\
Kym
>
> Jeremy.
> .
>
--
Kym B Newbery, Science Technical Support Electronics Design Engineer
Australian Antarctic Division 203 Channel Highway, Kingston, TASMANIA, 7050.
PHONE +61 3 6232 3329 FAX +61 3 6232 3351
___________________________________________________________________________
Australian Antarctic Division - Commonwealth of Australia
IMPORTANT: This transmission is intended for the addressee only. If you are not the
intended recipient, you are notified that use or dissemination of this communication is
strictly prohibited by Commonwealth law. If you have received this transmission in error,
please notify the sender immediately by e-mail or by telephoning +61 3 6232 3209 and
DELETE the message.
Visit our web site at http://www.antarctica.gov.au/
___________________________________________________________________________
More information about the samba
mailing list