[Samba] samba 4, openldap and an public folder

Romain Pelissier romain.pelissier at gmail.com
Fri Jan 8 18:47:48 UTC 2016

I have tried and spend some times to find the answer myself but it couldn't
find anything that could solve my issue, so I hope someone could help me
with this, and I am sure this could benefit to other samba users also.
OK, here is the story:
I currently use samba (smbd -V: Version 4.2.4-6.3-3503-SUSE-SLE_12-x86_64)
I have a server where samba is installed and another one where openldap is
running (on a opensuse 42.1). It works as a workgroup and wins server.
Everything works find. Now my goal is to add a public folder where
everybody on the network (even people that do not have an account on the
openldap server) could use.
Unfortunalty, it seems that I could have a public folder where no
authentication is required, a users/profiles folder where authenticated
users are redirected to there user's home folder but not both at the same
time using the configuration below:

(note that I have added manually the "Public" section, other part of the
config have mostly been created by yast at installation time, I have only
tweak some settings)

        workgroup = DOMAIN.LAN
        passdb backend = ldapsam:ldap://server01.domain.lan
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = No
        add machine script = /sbin/yast
/usr/share/YaST2/data/add_machine.rb %m$
        domain logons = No
        domain master = No
        idmap backend = ldap:ldap://server01.domain.lan
        ldap admin dn = cn=Administrator,dc=domain,dc=lan
        ldap group suffix = ou=group
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Machines
        ldap passwd sync = Yes
        ldap suffix = dc=domain,dc=lan
        ldap user suffix = ou=people
        netbios name = DOMAIN
        security = user
        wins support = Yes
        log level = 3
        guest account = pcguest
        interfaces =
        name resolve order = wins bcast host lmhosts
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes
        hide dot files = yes
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/
        hide dot files = yes
        comment = All groups
        path = /home/groups
        read only = No
        inherit acls = Yes
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

        comment = Dossier public
        writeable = yes
        path = /public
        guest ok = Yes
        create mask = 0770
        directory mask = 2770
        read only = No

Can you help?
Any idea and advice will be greatly appreciated :)


More information about the samba mailing list