[cross-posted to Samba & Samba-NTdom.] I'm proposing Samba as a solution for several problems in an enterprise environment. However, high availability is absolutely critical to some applications, hence the question... Since Samba apparently can't serve up "local" accounts when it's using domain-level security (couldn't this be made an option?!?), I need to know if a domain-member configured Samba server will allow "guest" access (assuming it's configured properly) even when all the NT domain controllers are completely unavailable. Or, does the domain security call upon the domain's guest account, and therefore not work when the domain is gone? Will there be a time delay (timeout contacting domain controllers) before Samba allows the guest login? Has anyone really tested and proved this? Thanks for your input! ~eric w. wallace national semiconductor/maine i.s. infrastructure systems engineer
Gerald (Jerry) Carter
2001-Oct-31 05:56 UTC
Guest access even when domain is out of service?
On 30 Oct 2001, Eric Wallace wrote:> I'm proposing Samba as a solution for several problems in an > enterprise environment. However, high availability is absolutely > critical to some applications, hence the question... > > Since Samba apparently can't serve up "local" accounts when it's using > domain-level security (couldn't this be made an option?!?), I need toSure it can. When using "security = domain", smbd will fall back to smbpasswd is the authentication fails.> know if a domain-member configured Samba server will allow "guest" > access (assuming it's configured properly) even when all the NT domain > controllers are completely unavailable. Or, does the domain security > call upon the domain's guest account, and therefore not work when the > domain is gone? Will there be a time delay (timeout contacting domain > controllers) before Samba allows the guest login? Has anyone really > tested and proved this?Try "map to gues = Bad User" (but be very careful). It is going to very hard, if not impossible, to distinguish between a valid domain user with an unavailable DC and some unknown user. cheers, jerry --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org --"I never saved anything for the swim back." Ethan Hawk in Gattaca--