Yes, I agree it is a Samba configuration challenge, but the fact that this is done in conjunction with Centrify complicates things. I've tried this question in the Samba forums, with no real success.
Setting up a share for authenticated users works fine, and it does the uid map properly.
There was a similar discussion a few years back on a similar subject (guest access to shares + authenticated access to other shares), but there was no solution at the time. Maybe things haven't changed.
From what I'm reading security=ads is the right way to do things (the aforementioned posts indicated this was the only "supported" configuration), but I suspect that's also where the problem comes in. Is there a better "security" and/or "server role" option to use in this configuration? In principle it looks like one of the "map to guest" values, possibly in combination with "guest ok," should do the trick, but that doesn't seem to work, it still wants to authenticate before it will do anything.
By the way, if I first authenticate with my domain credentials, then everything works. But I need to avoid that step.
So I'm ultimately trying to find whether anyone knows the right configuration option to have things properly configured in Samba to with Centrify (printers unauthenticated, some file shares authenticated), or whether this is actually not possible.
Thanks.