[Samba] "map to guest = bad user" ignored in Samba 4?

Sebastian Arcus shop at open-t.co.uk
Mon Feb 18 02:23:00 MST 2013


Thanks Ricky. I've enabled the file system requirements in fstab and 
checked the kernel supports them (not sure how I managed to skip that 
step during installation). Now the permissions changes do stick. 
However, as per Andrew's email (part of this thread) - the server still 
prompts for credentials on the workgroup machine when trying to access 
the public/full permissions share, although I allowed full access to 
Guests and Everyone. It seems there is no way to provide unauthenticated 
access to shares at this moment in Samba 4.

It would have been rather useful with migrating workgroups to domains 
gradually, instead of in one step - but one must be happy with one's 
blessings :-) - so I'll make do the way things are.

Cheers,

Sebastian


On 15/02/13 18:00, Ricky Nance wrote:
> Have you taken a look at
> https://wiki.samba.org/index.php/Samba_4/OS_Requirements#File_System_Support to
> ensure your file system will handle ACL's?
>
> Ricky
>
>
> On Fri, Feb 15, 2013 at 10:35 AM, Sebastian Arcus <shop at open-t.co.uk
> <mailto:shop at open-t.co.uk>> wrote:
>
>     Hi Ricky,
>
>     Thanks for the reply. I have tried changing the permissions on the
>     netlogon share and the strange thing is that none of the changes I
>     do in the Security/ACL tab from the Windows XP machine which is
>     joined to the domain (but on the netlogon share which is on the
>     server) actually stick. I can access the shares fine with that
>     machine, but if I change the permissions, it seems to just ignore
>     the changes - no error message. I am logged in as the domain
>     Administrator - so it seems like a bit of a mystery. Then again -
>     maybe I've done something silly when I've setup this Samba AD DC -
>     although I've followed all the instructions on the Samba wiki and
>     everything else seems to be working fine.
>
>
>     Sebastian
>
>
>
>     On 14/02/13 05:31, Ricky Nance wrote:
>
>         Hi Sebastian,
>         Many of the per share options can now be done using ACL's. In
>         this case
>         you would open the netlogon share (via windows) start -> run ->
>         \\MY-SERVER\netlogon (then press enter), then right click on a blank
>         spot in that folder (not on any other file or folder) and select
>         properties. Find the security tab and you can make the
>         modifications you
>         want (specifically adding Everyone with full permissions should
>         give you
>         what you are looking for, though I have not been able to test
>         this yet).
>         If I get a chance soon I will do some testing to make sure that
>         the acl
>         change is all that is needed.
>
>         To find out what options are available, samba-tool testparm -v
>         will give
>         you a nice list (at least for global).
>
>         Ricky
>
>
>         On Wed, Feb 13, 2013 at 4:33 AM, Sebastian Arcus
>         <shop at open-t.co.uk <mailto:shop at open-t.co.uk>
>         <mailto:shop at open-t.co.uk <mailto:shop at open-t.co.uk>>> wrote:
>
>              I would like to migrate some of my Samba 3.x domains to
>         Samba 4.
>              Part of the functionality of the current system is allowing
>         some
>              Windows XP Pro computers, which are not joined to the
>         domain, access
>              to some public shares on the Samba server. I tried using
>         "map to
>              guest = bad user" with Samba 4 - but it appears to be
>         completely
>              ignored and the Windows XP machine keeps on prompting for
>              username/password when trying to access the server share.
>         Has this
>              option been dropped in Samba 4? Is there another way to
>         accomplish
>              the same?
>
>              Otherwise my Samba 4 domain seems to be working fine - and the
>              Windows XP Pro machines which are joined to it can access
>         the share
>              fine.
>
>              As a side note, I find it hard to figure out which smb.conf
>         options
>              are still available for Samba 4 and which are not. I've googled
>              around and can't seem to find a wiki page or authoritative
>         page.
>
>              I use Samba 4.1.0pre1
>
>              Here is my smb.conf
>
>
>              [global]
>              workgroup = MYDOMAIN
>              realm = mydomain.local
>              netbios name = MY-SERVER
>              server role = active directory domain controller
>              idmap_ldb:use rfc2307 = yes
>              map to guest = bad user
>
>              [netlogon]
>              path = /var/lib/samba/sysvol/____mydomain.local/scripts
>
>              read only = No
>              public = Yes
>              --
>              To unsubscribe from this list go to the following URL and
>         read the
>              instructions:
>         https://lists.samba.org/____mailman/options/samba
>         <https://lists.samba.org/__mailman/options/samba>
>              <https://lists.samba.org/__mailman/options/samba
>         <https://lists.samba.org/mailman/options/samba>>
>
>
>
>
>         --
>
>
>
>     --
>     Linux vehicle CCTV - www.open-t.co.uk/iroko
>     <http://www.open-t.co.uk/iroko>
>
>
>
>
> --
>


-- 
Linux vehicle CCTV - www.open-t.co.uk/iroko


More information about the samba mailing list