A Samba share is configured with 'guest ok = yes'. What must also be configured to allow guest access?
This parameter maps authentication failures to the guest account, enabling guest access.
Why this answer
When 'guest ok = yes' is set on a Samba share, the server still requires a mechanism to map unauthenticated or failed authentication attempts to the guest account. The 'map to guest = Bad User' directive tells Samba to treat any connection attempt with an invalid username as a guest connection, which is necessary for guest access to function. Without this mapping, clients presenting a non-existent or incorrect username will be rejected rather than being granted guest privileges.
Exam trap
The trap here is that candidates often assume 'guest ok = yes' alone is sufficient for guest access, overlooking the mandatory 'map to guest' directive that actually enables the mapping of unknown users to the guest account.
How to eliminate wrong answers
Option A is wrong because 'security = share' is a deprecated Samba security mode that was removed in Samba 4.x; it does not control guest mapping and is not required for guest access. Option C is wrong because 'force user = nobody' forces all connections to run as the 'nobody' user, but it does not enable guest access—it only overrides the effective user for file operations after authentication. Option D is wrong because 'guest only = Yes' forces all connections to be treated as guest, but it still requires 'map to guest' to be set appropriately; without it, Samba will reject connections that do not match a valid user.