[Samba] Public share with ADS security
McNamara, Bradley
Bradley.McNamara at seattle.gov
Tue Feb 11 16:56:21 MST 2014
I'm killing myself on this, so I'm going to the list for help solving my issue.
I have a Samba server integrated with AD working on Ubuntu 13.10, Samba 3.6.18. All is good, in that accounts that exist in the password file of the Samba server are automatically authenticated to the shares without need for username/password on the client.
However, I also want to set up a public share so that anyone within the organization can map the share without any input of username/password on the client, even when the username/password does not exist on the Samba server. I've searched and found others with the same needs, but the solutions don't seem to help me. Here's the latest version of the config file that I've been hacking at:
max log size = 50
max protocol = SMB2
dns proxy = No
idmap config * : range =
idmap config * : backend = tdb
follow symlinks = yes
wide links = yes
unix extensions = no
socket options = TCP_NODELAY SO_KEEPALIVE
map to guest = Bad User
guest account = nobody
usershare allow guests = yes
[SPU_KC_GIS]
comment = SPU King County GIS
force user = nobody
path = /mnt
read only = yes
only guest = yes
browsable = yes
Right now if the user tries to map the share on the client, and are prompted for username and password, if they input "nobody" for username they are then granted access to the public share. I don't want any prompting for username/passwords. Is this possible with ADS? Thanks! Also, logfiles show that when users initially browse for the share, and they are without accounts on the Samba server, the following is logged: Username <domain\username> is invalid on this system.
More information about the samba
mailing list