diff options
Diffstat (limited to 'docs/smbdotconf/security/maptoguest.xml')
-rw-r--r-- | docs/smbdotconf/security/maptoguest.xml | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/docs/smbdotconf/security/maptoguest.xml b/docs/smbdotconf/security/maptoguest.xml new file mode 100644 index 0000000000..f4753617c2 --- /dev/null +++ b/docs/smbdotconf/security/maptoguest.xml @@ -0,0 +1,63 @@ +<samba:parameter name="map to guest" + type="enum" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<description> + <para>This parameter is only useful in <link linkend="SECURITY"> + security</link> modes other than <parameter moreinfo="none">security = share</parameter> + - i.e. <constant>user</constant>, <constant>server</constant>, + and <constant>domain</constant>.</para> + + <para>This parameter can take three different values, which tell + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> what to do with user + login requests that don't match a valid UNIX user in some way.</para> + + <para>The three settings are :</para> + + <itemizedlist> + <listitem> + <para><constant>Never</constant> - Means user login + requests with an invalid password are rejected. This is the + default.</para> + </listitem> + + <listitem> + <para><constant>Bad User</constant> - Means user + logins with an invalid password are rejected, unless the username + does not exist, in which case it is treated as a guest login and + mapped into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none"> + guest account</parameter></link>.</para> + </listitem> + + <listitem> + <para><constant>Bad Password</constant> - Means user logins + with an invalid password are treated as a guest login and mapped + into the <link linkend="GUESTACCOUNT">guest account</link>. Note that + this can cause problems as it means that any user incorrectly typing + their password will be silently logged on as "guest" - and + will not know the reason they cannot access files they think + they should - there will have been no message given to them + that they got their password wrong. Helpdesk services will + <emphasis>hate</emphasis> you if you set the <parameter moreinfo="none">map to + guest</parameter> parameter this way :-).</para> + </listitem> + </itemizedlist> + + <para>Note that this parameter is needed to set up "Guest" + share services when using <parameter moreinfo="none">security</parameter> modes other than + share. This is because in these modes the name of the resource being + requested is <emphasis>not</emphasis> sent to the server until after + the server has successfully authenticated the client so the server + cannot make authentication decisions at the correct time (connection + to the share) for "Guest" shares.</para> + + <para>For people familiar with the older Samba releases, this + parameter maps to the old compile-time setting of the <constant> + GUEST_SESSSETUP</constant> value in local.h.</para> +</description> + +<value type="default">Never</value> +<value type="example">Bad User</value> +</samba:parameter> |