2004-04-07 10:15:11 +00:00
<samba:parameter name= "map to guest"
2015-04-30 23:32:45 +02:00
type="enum"
2004-04-07 10:15:11 +00:00
context="G"
2015-04-28 11:46:21 +02:00
enumlist="enum_map_to_guest"
2015-04-30 23:32:45 +02:00
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
2004-04-07 10:15:11 +00:00
<description >
2005-06-10 19:17:31 +00:00
<para > This parameter can take four different values, which tell
2004-04-07 10:15:11 +00:00
<citerefentry > <refentrytitle > smbd</refentrytitle>
<manvolnum > 8</manvolnum> </citerefentry> what to do with user
login requests that don't match a valid UNIX user in some way.</para>
2005-10-20 11:32:42 +00:00
<para > The four settings are :</para>
2004-04-07 10:15:11 +00:00
<itemizedlist >
<listitem >
<para > <constant > Never</constant> - Means user login
requests with an invalid password are rejected. This is the
default.</para>
</listitem>
<listitem >
<para > <constant > Bad User</constant> - Means user
logins with an invalid password are rejected, unless the username
does not exist, in which case it is treated as a guest login and
2005-07-06 21:23:58 +00:00
mapped into the <smbconfoption name= "guest account" /> .</para>
2004-04-07 10:15:11 +00:00
</listitem>
<listitem >
<para > <constant > Bad Password</constant> - Means user logins
with an invalid password are treated as a guest login and mapped
2005-07-06 21:23:58 +00:00
into the <smbconfoption name= "guest account" /> . Note that
2004-04-07 10:15:11 +00:00
this can cause problems as it means that any user incorrectly typing
their password will be silently logged on as " guest" - and
will not know the reason they cannot access files they think
they should - there will have been no message given to them
that they got their password wrong. Helpdesk services will
<emphasis > hate</emphasis> you if you set the <parameter moreinfo= "none" > map to
guest</parameter> parameter this way :-).</para>
</listitem>
2005-06-08 14:33:39 +00:00
<listitem >
<para > <constant > Bad Uid</constant> - Is only applicable when Samba is configured
in some type of domain mode security (security = {domain|ads}) and means that
2005-06-14 14:33:47 +00:00
user logins which are successfully authenticated but which have no valid Unix
2005-06-08 14:33:39 +00:00
user account (and smbd is unable to create one) should be mapped to the defined
2005-06-14 14:33:47 +00:00
guest account. This was the default behavior of Samba 2.x releases. Note that
if a member server is running winbindd, this option should never be required
because the nss_winbind library will export the Windows domain users and groups
to the underlying OS via the Name Service Switch interface.</para>
2005-06-08 14:33:39 +00:00
</listitem>
2004-04-07 10:15:11 +00:00
</itemizedlist>
<para > Note that this parameter is needed to set up " Guest"
2012-09-04 08:46:06 +10:00
share services. This is because in these modes the name of the resource being
2004-04-07 10:15:11 +00:00
requested is <emphasis > not</emphasis> sent to the server until after
the server has successfully authenticated the client so the server
cannot make authentication decisions at the correct time (connection
2012-09-04 08:46:06 +10:00
to the share) for " Guest" shares. </para>
2004-04-07 10:15:11 +00:00
</description>
<value type= "default" > Never</value>
<value type= "example" > Bad User</value>
</samba:parameter>
