[Samba] Public share with ADS security

McNamara, Bradley Bradley.McNamara at seattle.gov
Tue Feb 11 16:56:21 MST 2014

I'm killing myself on this, so I'm going to the list for help solving my issue.

I have a Samba server integrated with AD working on Ubuntu 13.10, Samba 3.6.18.  All is good, in that accounts that exist in the password file of the Samba server are automatically authenticated to the shares without need for username/password on the client.

However, I also want to set up a public share so that anyone within the organization can map the share without any input of username/password on the client, even when the username/password does not exist on the Samba server.  I've searched and found others with the same needs, but the solutions don't seem to help me.  Here's the latest version of the config file that I've been hacking at:

  max log size = 50
   max protocol = SMB2
   dns proxy = No
   idmap config * : range =
   idmap config * : backend = tdb
   follow symlinks = yes
   wide links = yes
   unix extensions = no
   socket options = TCP_NODELAY SO_KEEPALIVE
   map to guest = Bad User
   guest account = nobody
   usershare allow guests = yes

        comment = SPU King County GIS
        force user = nobody
        path = /mnt
        read only = yes
        only guest = yes
        browsable = yes

Right now if the user tries to map the share on the client, and are prompted for username and password, if they input "nobody" for username they are then granted access to the public share.  I don't want any prompting for username/passwords.  Is this possible with ADS?  Thanks!  Also, logfiles show that when users initially browse for the share, and they are without accounts on the Samba server, the following is logged:  Username <domain\username> is invalid on this system.

More information about the samba mailing list