An organization runs a Samba server in standalone mode. They want to allow anonymous (guest) access to a public share. Which configuration option enables guest access for a share?
This maps unknown users to the guest account and allows guest access.
Why this answer
Option D is correct because Samba requires both `map to guest = Bad User` (which tells Samba to treat any connection attempt with an invalid username as a guest connection) and `guest ok = yes` (which explicitly permits guest access to the share). Without both, anonymous access will be denied. The `map to guest` directive can also be set to `Bad Password` or `Never`, but `Bad User` is the typical choice for public shares.
Exam trap
The trap here is that candidates often think `security = share` or `guest account = nobody` alone enables guest access, but Samba requires both the global `map to guest` directive and the per‑share `guest ok = yes` to actually allow anonymous connections.
How to eliminate wrong answers
Option A is wrong because `anonymous = yes` is not a valid Samba configuration parameter; Samba uses `guest ok` and `map to guest` instead. Option B is wrong because `security = share` was a legacy Samba security mode (removed in Samba 4.x) that allowed per-share password authentication but did not itself enable guest access; modern Samba uses `security = user` or `security = ads`. Option C is wrong because `guest account = nobody` only specifies which Unix account is used for guest privileges (default is `nobody`), but it does not enable guest access; the share must also have `guest ok = yes` and the global `map to guest` setting must be configured.