On 05/12/14 23:48, jacek burghardt wrote:> I setup samba domain controller with 4.14 samba. Any workstation that is
> joined to domain can browse shares no problem but other computers cant
> browse them and are prompted for user name password and giving corect user
> name password generates an error message. None of my fire tv can browse
> shares as guest. How I can enable guest user.
> [global]
> passdb backend = tdbsam
> workgroup = hebe
> realm = HEBE.US
> netbios name = zafire
> server string = %h ArchLinux Host
> security = user
> encrypt passwords = yes
> password server = zafire.hebe.us
> guest account = nobody
> map to guest = bad user
> printcap name = cups
> cups options = raw
> usershare allow guests = yes
> idmap config * : backend = rid
> idmap config * : range = 10000-20000
> idmap config SHORTDOMAINNAME:backend = ad
> idmap config SHORTDOMAINNAME:schema_mode = rfc2307
> idmap config SHORTDOMAINNAME:range = 500-40000
>
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nested groups = Yes
> winbind separator = +
> winbind refresh tickets = yes
> winbind nss info = rfc2307
>
> template shell = /bin/bash
> template homedir = /home/%D/%U
> domain master = yes
> os level = 33
> preferred master = auto
> domain master = yes
> local master = yes
> domain logons = yes
> logon path = \\%L\profiles\%U
> logon drive = H:
> dns proxy = no
> wins server = zafire.hebe.us
> wins proxy = no
>
> inherit acls = Yes
> map acl inherit = Yes
> acl group control = yes
> vfs objects = acl_xattr
> store dos attributes = Yes
>
> load printers = no
> debug level = 3
> use sendfile = no
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
OK, you are running an Active Directory Domain Controller (AD DC), only
problem is, most of your smb.conf is not required. I would suggest that
you return it to this:
[global]
workgroup = HEBE
realm = hebe.us
netbios name = ZAFIRE
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
template shell = /bin/bash
template homedir = /home/%D/%U
printcap name = cups
cups options = raw
debug level = 3
[netlogon]
path = /var/lib/samba/sysvol/hebe.us/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
The other problem that you are having is a common one, it would seem
that there is no guest access on an AD DC, see here:
https://lists.samba.org/archive/samba/2013-February/171628.html
Rowland