[Samba] "map to guest = bad user" ignored in Samba 4?

Fri Feb 15 11:00:45 MST 2013

Have you taken a look at
https://wiki.samba.org/index.php/Samba_4/OS_Requirements#File_System_Support to
ensure your file system will handle ACL's?

Ricky

On Fri, Feb 15, 2013 at 10:35 AM, Sebastian Arcus <shop at open-t.co.uk> wrote:

> Hi Ricky,
>
> Thanks for the reply. I have tried changing the permissions on the
> netlogon share and the strange thing is that none of the changes I do in
> the Security/ACL tab from the Windows XP machine which is joined to the
> domain (but on the netlogon share which is on the server) actually stick. I
> can access the shares fine with that machine, but if I change the
> permissions, it seems to just ignore the changes - no error message. I am
> logged in as the domain Administrator - so it seems like a bit of a
> mystery. Then again - maybe I've done something silly when I've setup this
> Samba AD DC - although I've followed all the instructions on the Samba wiki
> and everything else seems to be working fine.
>
>
> Sebastian
>
>
>
> On 14/02/13 05:31, Ricky Nance wrote:
>
>> Hi Sebastian,
>> Many of the per share options can now be done using ACL's. In this case
>> you would open the netlogon share (via windows) start -> run ->
>> \\MY-SERVER\netlogon (then press enter), then right click on a blank
>> spot in that folder (not on any other file or folder) and select
>> properties. Find the security tab and you can make the modifications you
>> want (specifically adding Everyone with full permissions should give you
>> what you are looking for, though I have not been able to test this yet).
>> If I get a chance soon I will do some testing to make sure that the acl
>> change is all that is needed.
>>
>> To find out what options are available, samba-tool testparm -v will give
>> you a nice list (at least for global).
>>
>> Ricky
>>
>>
>> On Wed, Feb 13, 2013 at 4:33 AM, Sebastian Arcus <shop at open-t.co.uk
>> <mailto:shop at open-t.co.uk>> wrote:
>>
>>     I would like to migrate some of my Samba 3.x domains to Samba 4.
>>     Part of the functionality of the current system is allowing some
>>     Windows XP Pro computers, which are not joined to the domain, access
>>     to some public shares on the Samba server. I tried using "map to
>>     guest = bad user" with Samba 4 - but it appears to be completely
>>     ignored and the Windows XP machine keeps on prompting for
>>     username/password when trying to access the server share. Has this
>>     option been dropped in Samba 4? Is there another way to accomplish
>>     the same?
>>
>>     Otherwise my Samba 4 domain seems to be working fine - and the
>>     Windows XP Pro machines which are joined to it can access the share
>>     fine.
>>
>>     As a side note, I find it hard to figure out which smb.conf options
>>     are still available for Samba 4 and which are not. I've googled
>>     around and can't seem to find a wiki page or authoritative page.
>>
>>     I use Samba 4.1.0pre1
>>
>>     Here is my smb.conf
>>
>>
>>     [global]
>>     workgroup = MYDOMAIN
>>     realm = mydomain.local
>>     netbios name = MY-SERVER
>>     server role = active directory domain controller
>>     idmap_ldb:use rfc2307 = yes
>>     map to guest = bad user
>>
>>     [netlogon]
>>     path = /var/lib/samba/sysvol/__**mydomain.local/scripts
>>
>>     read only = No
>>     public = Yes
>>     --
>>     To unsubscribe from this list go to the following URL and read the
>>     instructions: https://lists.samba.org/__**mailman/options/samba<https://lists.samba.org/__mailman/options/samba>
>>     <https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>> >
>>
>>
>>
>>
>> --
>>
>>
>
> --
> Linux vehicle CCTV - www.open-t.co.uk/iroko
>

--