docs/docbook/smbdotconf/security/maptoguest.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

<samba:parameter xmlns:samba="http://samba.org/common">
		<term><anchor id="MAPTOGUEST"/>map to guest (G)</term>
		<listitem><para>This parameter is only useful in <link linkend="SECURITY">
		security</link> modes other than <parameter moreinfo="none">security = share</parameter> 
		- i.e. <constant>user</constant>, <constant>server</constant>, 
		and <constant>domain</constant>.</para>

		<para>This parameter can take three different values, which tell
		<citerefentry><refentrytitle>smbd</refentrytitle>
		<manvolnum>8</manvolnum></citerefentry> what to do with user 
		login requests that don't match a valid UNIX user in some way.</para>

		<para>The three settings are :</para>

		<itemizedlist>
			<listitem><para><constant>Never</constant> - Means user login 
			requests with an invalid password are rejected. This is the 
			default.</para></listitem>
			
			<listitem><para><constant>Bad User</constant> - Means user
			logins with an invalid password are rejected, unless the username 
			does not exist, in which case it is treated as a guest login and 
			mapped into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">
			guest account</parameter></link>.</para></listitem>

			<listitem><para><constant>Bad Password</constant> - Means user logins 
			with an invalid password are treated as a guest login and mapped 
			into the <link linkend="GUESTACCOUNT">guest account</link>. Note that 
			this can cause problems as it means that any user incorrectly typing 
			their password will be silently logged on as &quot;guest&quot; - and 
			will not know the reason they cannot access files they think
			they should - there will have been no message given to them
			that they got their password wrong. Helpdesk services will
			<emphasis>hate</emphasis> you if you set the <parameter moreinfo="none">map to 
			guest</parameter> parameter this way :-).</para></listitem>
		</itemizedlist>

		<para>Note that this parameter is needed to set up &quot;Guest&quot; 
		share services when using <parameter moreinfo="none">security</parameter> modes other than 
		share. This is because in these modes the name of the resource being
		requested is <emphasis>not</emphasis> sent to the server until after 
		the server has successfully authenticated the client so the server 
		cannot make authentication decisions at the correct time (connection 
		to the share) for &quot;Guest&quot; shares.</para>

		<para>For people familiar with the older Samba releases, this 
		parameter maps to the old compile-time setting of the <constant>
		GUEST_SESSSETUP</constant> value in local.h.</para>

		<para>Default: <command moreinfo="none">map to guest = Never</command></para>
		<para>Example: <command moreinfo="none">map to guest = Bad User</command></para>
		</listitem>
		</samba:parameter>