If the server is setup with security = ADS password server = * use kerberos keytab = yes encrypt passwords = yes client ntlmv2 auth = no lanman auth = no ntlm auth = no map to guest = Bad User guest access is not working. The below patch should make it work. Regards Markus *** sesssetup.c 2005-05-09 10:35:08.000000000 +0100 --- sesssetup_new.c 2005-05-09 10:34:51.000000000 +0100 *************** *** 253,258 **** --- 253,259 ---- pw = smb_getpwnam( user, real_username, True ); if (!pw) { + if (!NT_STATUS_IS_OK(ret = do_map_to_guest(NT_STATUS_NO_SUCH_USER, &server_info, user, domain))) { DEBUG(1,("Username %s is invalid on this system\n",user)); SAFE_FREE(user); SAFE_FREE(client); *************** *** 260,265 **** --- 261,267 ---- data_blob_free(&session_key); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } + } else { /* setup the string used by %U */ *************** *** 275,280 **** --- 277,283 ---- data_blob_free(&session_key); return ERROR_NT(ret); } + } /* make_server_info_pw does not set the domain. Without this we end up * with the local netbios name in substitutions for %D. */
Created attachment 1209 [details] Patch to allow guest access when kerberos keytab is enabled
I think what you really want is the 2.2 compatioble behavior provided by 'map to guest = bad uid'. 'Bad user' implies that the authentication failed.
Cleaning up versions. There was no 3.0.15 so leaving it in bugzilla is causing some confusion. Moving these nuder 3.0.20. Originally files against 3.0.15preX.