samba - Feb 2013 - "map to guest = bad user" ignored in Samba 4?

I would like to migrate some of my Samba 3.x domains to Samba 4. Part of 
the functionality of the current system is allowing some Windows XP Pro 
computers, which are not joined to the domain, access to some public 
shares on the Samba server. I tried using "map to guest = bad user"
with
Samba 4 - but it appears to be completely ignored and the Windows XP 
machine keeps on prompting for username/password when trying to access 
the server share. Has this option been dropped in Samba 4? Is there 
another way to accomplish the same?

Otherwise my Samba 4 domain seems to be working fine - and the Windows 
XP Pro machines which are joined to it can access the share fine.

As a side note, I find it hard to figure out which smb.conf options are 
still available for Samba 4 and which are not. I've googled around and 
can't seem to find a wiki page or authoritative page.

I use Samba 4.1.0pre1

Here is my smb.conf


[global]
workgroup = MYDOMAIN
realm = mydomain.local
netbios name = MY-SERVER
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
map to guest = bad user

[netlogon]
path = /var/lib/samba/sysvol/mydomain.local/scripts
read only = No
public = Yes

Hi Sebastian,
Many of the per share options can now be done using ACL's. In this case you
would open the netlogon share (via windows) start -> run ->
\\MY-SERVER\netlogon (then press enter), then right click on a blank spot
in that folder (not on any other file or folder) and select properties.
Find the security tab and you can make the modifications you want
(specifically adding Everyone with full permissions should give you what
you are looking for, though I have not been able to test this yet). If I
get a chance soon I will do some testing to make sure that the acl change
is all that is needed.

To find out what options are available, samba-tool testparm -v will give
you a nice list (at least for global).

Ricky


On Wed, Feb 13, 2013 at 4:33 AM, Sebastian Arcus <shop at open-t.co.uk>
wrote:
> I would like to migrate some of my Samba 3.x domains to Samba 4. Part of
> the functionality of the current system is allowing some Windows XP Pro
> computers, which are not joined to the domain, access to some public shares
> on the Samba server. I tried using "map to guest = bad user" with
Samba 4 -
> but it appears to be completely ignored and the Windows XP machine keeps on
> prompting for username/password when trying to access the server share. Has
> this option been dropped in Samba 4? Is there another way to accomplish the
> same?
>
> Otherwise my Samba 4 domain seems to be working fine - and the Windows XP
> Pro machines which are joined to it can access the share fine.
>
> As a side note, I find it hard to figure out which smb.conf options are
> still available for Samba 4 and which are not. I've googled around and
> can't seem to find a wiki page or authoritative page.
>
> I use Samba 4.1.0pre1
>
> Here is my smb.conf
>
>
> [global]
> workgroup = MYDOMAIN
> realm = mydomain.local
> netbios name = MY-SERVER
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> map to guest = bad user
>
> [netlogon]
> path = /var/lib/samba/sysvol/**mydomain.local/scripts
> read only = No
> public = Yes
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: 
https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>


--

On Wed, 2013-02-13 at 10:33 +0000, Sebastian Arcus
wrote:
> I would like to migrate some of my Samba 3.x domains to Samba 4. Part of 
> the functionality of the current system is allowing some Windows XP Pro 
> computers, which are not joined to the domain, access to some public 
> shares on the Samba server. I tried using "map to guest = bad
user" with
> Samba 4 - but it appears to be completely ignored and the Windows XP 
> machine keeps on prompting for username/password when trying to access 
> the server share. Has this option been dropped in Samba 4? Is there 
> another way to accomplish the same?
The 'right' way is meant to be that you enable the guest account, but
I'm pretty sure this is all just unimplemented in the AD DC mode right
now.  

Please file a bug, or better still write up a patch :-)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

On Wed, 2013-02-13 at 10:33 +0000, Sebastian Arcus
wrote:
> I would like to migrate some of my Samba 3.x domains to Samba 4. Part of 
> the functionality of the current system is allowing some Windows XP Pro 
> computers, which are not joined to the domain, access to some public 
> shares on the Samba server. I tried using "map to guest = bad
user" with
> Samba 4 - but it appears to be completely ignored and the Windows XP 
> machine keeps on prompting for username/password when trying to access 
> the server share. Has this option been dropped in Samba 4? Is there 
> another way to accomplish the same?
This sounds correct.  This isn't currently supported against the AD DC.
Guest access to the domain should be based on the 'guest' account being
enabled, but this isn't hooked in either. 
> Otherwise my Samba 4 domain seems to be working fine - and the Windows 
> XP Pro machines which are joined to it can access the share fine.
> 
> As a side note, I find it hard to figure out which smb.conf options are 
> still available for Samba 4 and which are not. I've googled around and 
> can't seem to find a wiki page or authoritative page.
You have hit one of the areas where this isn't well documented. 

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org