[Samba] "map to guest = bad user" ignored in Samba 4?

Sebastian Arcus shop at open-t.co.uk
Fri Feb 15 09:35:53 MST 2013

Hi Ricky,

Thanks for the reply. I have tried changing the permissions on the 
netlogon share and the strange thing is that none of the changes I do in 
the Security/ACL tab from the Windows XP machine which is joined to the 
domain (but on the netlogon share which is on the server) actually 
stick. I can access the shares fine with that machine, but if I change 
the permissions, it seems to just ignore the changes - no error message. 
I am logged in as the domain Administrator - so it seems like a bit of a 
mystery. Then again - maybe I've done something silly when I've setup 
this Samba AD DC - although I've followed all the instructions on the 
Samba wiki and everything else seems to be working fine.


On 14/02/13 05:31, Ricky Nance wrote:
> Hi Sebastian,
> Many of the per share options can now be done using ACL's. In this case
> you would open the netlogon share (via windows) start -> run ->
> \\MY-SERVER\netlogon (then press enter), then right click on a blank
> spot in that folder (not on any other file or folder) and select
> properties. Find the security tab and you can make the modifications you
> want (specifically adding Everyone with full permissions should give you
> what you are looking for, though I have not been able to test this yet).
> If I get a chance soon I will do some testing to make sure that the acl
> change is all that is needed.
> To find out what options are available, samba-tool testparm -v will give
> you a nice list (at least for global).
> Ricky
> On Wed, Feb 13, 2013 at 4:33 AM, Sebastian Arcus <shop at open-t.co.uk
> <mailto:shop at open-t.co.uk>> wrote:
>     I would like to migrate some of my Samba 3.x domains to Samba 4.
>     Part of the functionality of the current system is allowing some
>     Windows XP Pro computers, which are not joined to the domain, access
>     to some public shares on the Samba server. I tried using "map to
>     guest = bad user" with Samba 4 - but it appears to be completely
>     ignored and the Windows XP machine keeps on prompting for
>     username/password when trying to access the server share. Has this
>     option been dropped in Samba 4? Is there another way to accomplish
>     the same?
>     Otherwise my Samba 4 domain seems to be working fine - and the
>     Windows XP Pro machines which are joined to it can access the share
>     fine.
>     As a side note, I find it hard to figure out which smb.conf options
>     are still available for Samba 4 and which are not. I've googled
>     around and can't seem to find a wiki page or authoritative page.
>     I use Samba 4.1.0pre1
>     Here is my smb.conf
>     [global]
>     workgroup = MYDOMAIN
>     realm = mydomain.local
>     netbios name = MY-SERVER
>     server role = active directory domain controller
>     idmap_ldb:use rfc2307 = yes
>     map to guest = bad user
>     [netlogon]
>     path = /var/lib/samba/sysvol/__mydomain.local/scripts
>     read only = No
>     public = Yes
>     --
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/__mailman/options/samba
>     <https://lists.samba.org/mailman/options/samba>
> --

Linux vehicle CCTV - www.open-t.co.uk/iroko

More information about the samba mailing list