samba - Oct 1999 - "map to guest" parameter

samba defaults to "never" which the developers believe is a good idea.
however, i believe the default for NT4 is "Bad Password". would it not
make more sense to make the default the same as NT4 as most of the other
options do?

in our case, we had a user at home with a direct ISDN connection into
the office. he logs into his computer with a different password than the
domain passwd here at work. with WINS set up properly, he could use
"find computer" to find all the computers at the office except the
samba
box. it just wouldn't show itself. so after some experimentation, we
found the "map to guest" parameter to be at fault.

default as 'Never': 
1) non-domain user cannot see samba
2) domain user, wrong passwd cannot see samba
3) domain user, correct passwd can see samba, access shares

'Bad User':
1) non-domain user sees samba, prompted for passwd on share access
2) domain user, wrong passwd cannot see samba
3) domain user, correct passwd can see samba, access shares

'Bad Password':
1) non-domain user sees samba, prompted for passwd on share access
2) domain user, wrong passwd sees samba, prompted for passwd on share
access
3) domain user, correct passwd sees samba, access shares

"bad password" seems to be the type that all the windows boxen on the
network are using b/c our home user can see them all, including our NT4
servers. so, i would propose that the default be set to "bad password"
though "never" would be the recommended option for admins that do not
need samba to look like NT4 server or who don't get repeated phone calls
and emails about not being able to see the server. :)


--
stephen waters
internal sysadmin
amicus, inc.

Sounds good, except...

Please don't change defaults in a stable series.  -masses on l-k

This cannot correctly apply to samba as it's been getting lots of new
features.  But I would like to simply do: "rpm -Uvh samba" when the
next
version comes out, especially when newer versions are stressed as security
patches.  If defaults change, I hope they are stressed in an -Upgrading
Section- of the release notes.  

2cents


On Thu, 21 Oct 1999, Stephen Waters wrote:
> samba defaults to "never" which the developers believe is a good
idea.
> however, i believe the default for NT4 is "Bad Password". would
it not
> make more sense to make the default the same as NT4 as most of the other
> options do?
> 
> in our case, we had a user at home with a direct ISDN connection into
> the office. he logs into his computer with a different password than the
> domain passwd here at work. with WINS set up properly, he could use
> "find computer" to find all the computers at the office except
the samba
> box. it just wouldn't show itself. so after some experimentation, we
> found the "map to guest" parameter to be at fault.
> 
> default as 'Never': 
> 1) non-domain user cannot see samba
> 2) domain user, wrong passwd cannot see samba
> 3) domain user, correct passwd can see samba, access shares
> 
> 'Bad User':
> 1) non-domain user sees samba, prompted for passwd on share access
> 2) domain user, wrong passwd cannot see samba
> 3) domain user, correct passwd can see samba, access shares
> 
> 'Bad Password':
> 1) non-domain user sees samba, prompted for passwd on share access
> 2) domain user, wrong passwd sees samba, prompted for passwd on share
> access
> 3) domain user, correct passwd sees samba, access shares
> 
> "bad password" seems to be the type that all the windows boxen on
the
> network are using b/c our home user can see them all, including our NT4
> servers. so, i would propose that the default be set to "bad
password"
> though "never" would be the recommended option for admins that do
not
> need samba to look like NT4 server or who don't get repeated phone
calls
> and emails about not being able to see the server. :)
> 
> 
> --
> stephen waters
> internal sysadmin
> amicus, inc.
>