[Samba] access to share without authentication when security=ads

Rowland penny rpenny at samba.org
Thu May 19 15:53:01 UTC 2016


On 19/05/16 16:09, J. Scott Berg wrote:
> I have samba configured with security=ads, and want to keep that so I can
> have properly authenticated access to file shares. However, I also would
> like to have anonymous access, even from non-domain accounts, to a printer.
> This latter part is giving me trouble. My (edited) smb.conf is at the end of
> this message. When I try to connect to the print share (via add printer)
> from a Windows system from a non-domain account, I get error 0x000004d8; if
> I remove the "map to guest" line, I instead get 0x0000052e. Does anyone know
> how to do this, or is unauthenticated access incompatible with security=ads?
> Thanks.
>
> [global]
>      security = ADS
>      realm = blah.blah
>      workgroup = blah
>      netbios name = computer
>      auth methods = guest, sam, winbind, ntdomain
>      machine password timeout = 0
>      passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb
>      kerberos method = secrets and keytab
>      server signing = auto
>      client ntlmv2 auth = yes
>      client use spnego = yes
>      template shell = /bin/bash
>      winbind use default domain = Yes
>      winbind enum users = No
>      winbind enum groups = No
>      winbind nested groups = Yes
>      idmap cache time = 0
>      idmap config * : backend  = tdb
>      idmap config * : range = 1000 - 200000000
>      idmap config * : base_tdb = 0
>      enable core files = false
>      wins server = 10.0.0.1
>      guest ok = yes
>      map to guest = Bad Password
>
> [bwprinter]
>          printer name = bwqueue
>          printable = yes
>          browseable = yes
>          guest ok = yes
>          guest only = yes
>          writable = yes
>          printing = cups
>          path = /var/spool/samba
>
>

Try removing the 'auth methods' line and change 'Bad Password' to 'Bad User'

Rowland




More information about the samba mailing list