[Samba] access to share without authentication when security=ads
J. Scott Berg
jsberg-bnl at outlook.com
Thu May 19 15:09:25 UTC 2016
I have samba configured with security=ads, and want to keep that so I can
have properly authenticated access to file shares. However, I also would
like to have anonymous access, even from non-domain accounts, to a printer.
This latter part is giving me trouble. My (edited) smb.conf is at the end of
this message. When I try to connect to the print share (via add printer)
from a Windows system from a non-domain account, I get error 0x000004d8; if
I remove the "map to guest" line, I instead get 0x0000052e. Does anyone know
how to do this, or is unauthenticated access incompatible with security=ads?
Thanks.
[global]
security = ADS
realm = blah.blah
workgroup = blah
netbios name = computer
auth methods = guest, sam, winbind, ntdomain
machine password timeout = 0
passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb
kerberos method = secrets and keytab
server signing = auto
client ntlmv2 auth = yes
client use spnego = yes
template shell = /bin/bash
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
idmap cache time = 0
idmap config * : backend = tdb
idmap config * : range = 1000 - 200000000
idmap config * : base_tdb = 0
enable core files = false
wins server = 10.0.0.1
guest ok = yes
map to guest = Bad Password
[bwprinter]
printer name = bwqueue
printable = yes
browseable = yes
guest ok = yes
guest only = yes
writable = yes
printing = cups
path = /var/spool/samba
More information about the samba
mailing list