samba - Apr 2012 - Disable AD checking per share in smb.conf [sec=unclassified]

Hi,


Is it possible to have non-authenticating shares on an server with security=ADS 
?


I have a RHEL server, with Centrify Express, and joined to a domain, but I would
like to have a samba share that doesn't request a username/password for
machines
not on the domain.


When I have a plain windows XP machine (not on the domain) attempt to connect, I
get asked for a username/password.

Is this possible? (to have a public share) whilst also having shares that use AD
usernames for other users.

I'm using

CentrifyDC-adbindproxy-4.5.1-504.i386
CentrifyDC-5.0.1-177.i386
CentrifyDC-samba-3.5.9-4.5.1.504.i386
CentrifyDC-openssh-5.9p1-4.5.2.534.i386


Regards
Kym


------------------

[global]
security = ADS
realm = XXXX
workgroup = XXXX
netbios name = XXX
server string = Science Technical Support - Development Server

auth methods = guest, sam, winbind, ntdomain
machine password timeout = 0
passdb backend = tdbsam:/etc/samba/private/passdb.tdb

#
# Using kerberos keytab may lead to a serious Samba crash.
# Centrify recommends against using it.
# Kerberos authentication is still supported without it.
#
use kerberos keytab = No
client use spnego principal = true

# If your Samba server only serves to Windows systems, try server signing = 
mandatory.
server signing = auto

template shell = /bin/bash

winbind use default domain = Yes

winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes

ignore syssetgroups error = No

idmap uid = 1000 - 200000000
idmap gid = 1000 - 200000000

enable core files = false

# Disable Logging to syslog, and only write log to Samba standard log files.

syslog = 0

guest account = nobody
map to guest = Bad Uid

[samba-test]
path = /samba-test
  guest ok = yes
read only = yes
browseable = yes
force user = nobody
force group = nobody

--------------------------------------


-- 
Kym B Newbery, Science Technical Support Electronics Design Engineer
Australian Antarctic Division 203 Channel Highway, Kingston, TASMANIA, 7050.
PHONE +61 3 6232 3329  FAX +61 3 6232 3351


___________________________________________________________________________

    Australian Antarctic Division - Commonwealth of Australia
IMPORTANT: This transmission is intended for the addressee only. If you are not
the
intended recipient, you are notified that use or dissemination of this
communication is
strictly prohibited by Commonwealth law. If you have received this transmission
in error,
please notify the sender immediately by e-mail or by telephoning +61 3 6232 3209
and
DELETE the message.
        Visit our web site at http://www.antarctica.gov.au/
___________________________________________________________________________

On Mon, Apr 23, 2012 at 03:50:21PM +1000, Kym Newbery
wrote:
> Hi,
> 
> 
> Is it possible to have non-authenticating shares on an server with
security=ADS  ?
> 
> 
> I have a RHEL server, with Centrify Express, and joined to a domain,
> but I would like to have a samba share that doesn't request a
> username/password for machines not on the domain.
> 
> 
> When I have a plain windows XP machine (not on the domain) attempt
> to connect, I get asked for a username/password.
> 
> Is this possible? (to have a public share) whilst also having shares
> that use AD usernames for other users.
> 
> I'm using
> 
> CentrifyDC-adbindproxy-4.5.1-504.i386
> CentrifyDC-5.0.1-177.i386
> CentrifyDC-samba-3.5.9-4.5.1.504.i386
> CentrifyDC-openssh-5.9p1-4.5.2.534.i386
Try setting "map to guest = Bad User"