[Samba] access to share without authentication when security=ads

J. Scott Berg jsberg-bnl at outlook.com
Thu May 19 15:09:25 UTC 2016

I have samba configured with security=ads, and want to keep that so I can
have properly authenticated access to file shares. However, I also would
like to have anonymous access, even from non-domain accounts, to a printer.
This latter part is giving me trouble. My (edited) smb.conf is at the end of
this message. When I try to connect to the print share (via add printer)
from a Windows system from a non-domain account, I get error 0x000004d8; if
I remove the "map to guest" line, I instead get 0x0000052e. Does anyone know
how to do this, or is unauthenticated access incompatible with security=ads?

    security = ADS
    realm = blah.blah
    workgroup = blah
    netbios name = computer
    auth methods = guest, sam, winbind, ntdomain
    machine password timeout = 0
    passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb
    kerberos method = secrets and keytab
    server signing = auto
    client ntlmv2 auth = yes
    client use spnego = yes
    template shell = /bin/bash
    winbind use default domain = Yes
    winbind enum users = No
    winbind enum groups = No
    winbind nested groups = Yes
    idmap cache time = 0
    idmap config * : backend  = tdb
    idmap config * : range = 1000 - 200000000
    idmap config * : base_tdb = 0
    enable core files = false
    wins server =
    guest ok = yes
    map to guest = Bad Password

        printer name = bwqueue
        printable = yes
        browseable = yes
        guest ok = yes
        guest only = yes
        writable = yes
        printing = cups
        path = /var/spool/samba

More information about the samba mailing list