[Samba] access to share without authentication when security=ads
Rowland penny
rpenny at samba.org
Thu May 19 15:53:01 UTC 2016
On 19/05/16 16:09, J. Scott Berg wrote:
> I have samba configured with security=ads, and want to keep that so I can
> have properly authenticated access to file shares. However, I also would
> like to have anonymous access, even from non-domain accounts, to a printer.
> This latter part is giving me trouble. My (edited) smb.conf is at the end of
> this message. When I try to connect to the print share (via add printer)
> from a Windows system from a non-domain account, I get error 0x000004d8; if
> I remove the "map to guest" line, I instead get 0x0000052e. Does anyone know
> how to do this, or is unauthenticated access incompatible with security=ads?
> Thanks.
>
> [global]
> security = ADS
> realm = blah.blah
> workgroup = blah
> netbios name = computer
> auth methods = guest, sam, winbind, ntdomain
> machine password timeout = 0
> passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb
> kerberos method = secrets and keytab
> server signing = auto
> client ntlmv2 auth = yes
> client use spnego = yes
> template shell = /bin/bash
> winbind use default domain = Yes
> winbind enum users = No
> winbind enum groups = No
> winbind nested groups = Yes
> idmap cache time = 0
> idmap config * : backend = tdb
> idmap config * : range = 1000 - 200000000
> idmap config * : base_tdb = 0
> enable core files = false
> wins server = 10.0.0.1
> guest ok = yes
> map to guest = Bad Password
>
> [bwprinter]
> printer name = bwqueue
> printable = yes
> browseable = yes
> guest ok = yes
> guest only = yes
> writable = yes
> printing = cups
> path = /var/spool/samba
>
>
Try removing the 'auth methods' line and change 'Bad Password' to 'Bad User'
Rowland
More information about the samba
mailing list