[Samba] guest user prompt for user name password

Rowland Penny rowlandpenny at googlemail.com
Sat Dec 6 03:19:57 MST 2014 

On 05/12/14 23:48, jacek burghardt wrote:
> I setup samba domain controller with 4.14 samba. Any workstation that is
> joined to domain can browse shares no problem but other computers cant
> browse them and are prompted for user name password and giving corect user
> name password generates an error message. None of my fire tv can browse
> shares as guest. How I can enable guest user.
> [global]
>          passdb backend = tdbsam
>          workgroup = hebe
>          realm = HEBE.US
>          netbios name = zafire
>          server string = %h ArchLinux Host
>          security = user
>          encrypt passwords = yes
>          password server = zafire.hebe.us
>          guest account = nobody
>          map to guest = bad user
>          printcap name = cups
>          cups options = raw
>          usershare allow guests = yes
>          idmap config * : backend = rid
>          idmap config * : range = 10000-20000
>          idmap config SHORTDOMAINNAME:backend = ad
>          idmap config SHORTDOMAINNAME:schema_mode = rfc2307
>          idmap config SHORTDOMAINNAME:range = 500-40000
>
>          winbind use default domain = Yes
>          winbind enum users = Yes
>          winbind enum groups = Yes
>          winbind nested groups = Yes
>          winbind separator = +
>          winbind refresh tickets = yes
>          winbind nss info = rfc2307
>
>          template shell = /bin/bash
>          template homedir = /home/%D/%U
>          domain master = yes
>          os level = 33
>          preferred master = auto
>          domain master = yes
>          local master = yes
>          domain logons = yes
>          logon path = \\%L\profiles\%U
>          logon drive = H:
>   dns proxy = no
>          wins server = zafire.hebe.us
>          wins proxy = no
>
>          inherit acls = Yes
>          map acl inherit = Yes
>          acl group control = yes
>          vfs objects = acl_xattr
>          store dos attributes = Yes
>
>          load printers = no
>          debug level = 3
>          use sendfile = no
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
>          idmap_ldb:use rfc2307 = yes

OK, you are running an Active Directory Domain Controller (AD DC), only 
problem is, most of your smb.conf is not required. I would suggest that 
you return it to this:

  [global]
         workgroup = HEBE
         realm = hebe.us
         netbios name = ZAFIRE
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbind, ntp_signd, kcc, dnsupdate
         idmap_ldb:use rfc2307 = yes
         template shell = /bin/bash
         template homedir = /home/%D/%U
         printcap name = cups
         cups options = raw
         debug level = 3

[netlogon]
         path = /var/lib/samba/sysvol/hebe.us/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

The other problem that you are having is a common one, it would seem 
that there is no guest access on an AD DC, see here:

https://lists.samba.org/archive/samba/2013-February/171628.html

Rowland

More information about the samba mailing list