| 1 | <samba:parameter name="map to guest"
|
|---|
| 2 | type="enum"
|
|---|
| 3 | context="G"
|
|---|
| 4 | enumlist="enum_map_to_guest"
|
|---|
| 5 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 6 | <description>
|
|---|
| 7 | <para>This parameter can take four different values, which tell
|
|---|
| 8 | <citerefentry><refentrytitle>smbd</refentrytitle>
|
|---|
| 9 | <manvolnum>8</manvolnum></citerefentry> what to do with user
|
|---|
| 10 | login requests that don't match a valid UNIX user in some way.</para>
|
|---|
| 11 |
|
|---|
| 12 | <para>The four settings are :</para>
|
|---|
| 13 |
|
|---|
| 14 | <itemizedlist>
|
|---|
| 15 | <listitem>
|
|---|
| 16 | <para><constant>Never</constant> - Means user login
|
|---|
| 17 | requests with an invalid password are rejected. This is the
|
|---|
| 18 | default.</para>
|
|---|
| 19 | </listitem>
|
|---|
| 20 |
|
|---|
| 21 | <listitem>
|
|---|
| 22 | <para><constant>Bad User</constant> - Means user
|
|---|
| 23 | logins with an invalid password are rejected, unless the username
|
|---|
| 24 | does not exist, in which case it is treated as a guest login and
|
|---|
| 25 | mapped into the <smbconfoption name="guest account"/>.</para>
|
|---|
| 26 | </listitem>
|
|---|
| 27 |
|
|---|
| 28 | <listitem>
|
|---|
| 29 | <para><constant>Bad Password</constant> - Means user logins
|
|---|
| 30 | with an invalid password are treated as a guest login and mapped
|
|---|
| 31 | into the <smbconfoption name="guest account"/>. Note that
|
|---|
| 32 | this can cause problems as it means that any user incorrectly typing
|
|---|
| 33 | their password will be silently logged on as "guest" - and
|
|---|
| 34 | will not know the reason they cannot access files they think
|
|---|
| 35 | they should - there will have been no message given to them
|
|---|
| 36 | that they got their password wrong. Helpdesk services will
|
|---|
| 37 | <emphasis>hate</emphasis> you if you set the <parameter moreinfo="none">map to
|
|---|
| 38 | guest</parameter> parameter this way :-).</para>
|
|---|
| 39 | </listitem>
|
|---|
| 40 | <listitem>
|
|---|
| 41 | <para><constant>Bad Uid</constant> - Is only applicable when Samba is configured
|
|---|
| 42 | in some type of domain mode security (security = {domain|ads}) and means that
|
|---|
| 43 | user logins which are successfully authenticated but which have no valid Unix
|
|---|
| 44 | user account (and smbd is unable to create one) should be mapped to the defined
|
|---|
| 45 | guest account. This was the default behavior of Samba 2.x releases. Note that
|
|---|
| 46 | if a member server is running winbindd, this option should never be required
|
|---|
| 47 | because the nss_winbind library will export the Windows domain users and groups
|
|---|
| 48 | to the underlying OS via the Name Service Switch interface.</para>
|
|---|
| 49 | </listitem>
|
|---|
| 50 | </itemizedlist>
|
|---|
| 51 |
|
|---|
| 52 | <para>Note that this parameter is needed to set up "Guest"
|
|---|
| 53 | share services. This is because in these modes the name of the resource being
|
|---|
| 54 | requested is <emphasis>not</emphasis> sent to the server until after
|
|---|
| 55 | the server has successfully authenticated the client so the server
|
|---|
| 56 | cannot make authentication decisions at the correct time (connection
|
|---|
| 57 | to the share) for "Guest" shares. </para>
|
|---|
| 58 | </description>
|
|---|
| 59 |
|
|---|
| 60 | <value type="default">Never</value>
|
|---|
| 61 | <value type="example">Bad User</value>
|
|---|
| 62 | </samba:parameter>
|
|---|
