Heath Kehoe
2004-Oct-08 16:07 UTC
[Samba] (retry) 3.0.7: 'map to guest' incomplete behavior
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (my first attempt got mangled because of the attachments, so I'm reposting) I have a 3.0.7 server that is part of an active directory domain, and I have a problem where 'map to guest = Bad User' doesn't do what I expect. On this system, unix users are a subset of AD users. Those users who have accounts on both unix and AD can access the Samba server; but users who have an AD account but not a unix account can not. What I want is for those users without a unix account to still be able to access the world-readable shares as 'guest'. In my smb.conf, I have 'map to guest = Bad User' and 'guest account = guest'. But even with those settings, we still get an error in the smb log: "Username DOMAIN\blah is invalid on this system". However, if a user specifies a bogus username when setting up the drive map (i.e., a username that does not exist in AD) then Samba will proceed to connect that user as 'guest'. In other words, 'map to guest' only works if the given username is not in AD. I modified reply_spnego_kerberos() in smbd/sesssetup.c so that it would use the guest user if the user is not in the unix password db and 'map to guest' is on. The patch is available here: http://www.avalon.net/~hakehoe/diff2.txt If the developers have a problem with extending the 'map to guest' functionality in this way, then I suggest you add a new option ('unix map to guest' or something). I know that there's a hook to have smbd create user accounts on the fly, but that is not an acceptable solution in my environment. I need to have unknown (but valid) AD accounts map to 'guest'. - - heath -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBZrsh4uXPAG0A1J4RAtW2AKDEsOTml5wkHaZQLqn7TtODEO5EHwCgi8O9 A39HNsOJIeCwUI12hMsMyVo=kj+J -----END PGP SIGNATURE-----
Possibly Parallel Threads
- (retry) 3.0.7: username map doesn't work with security=ADS
- Problem retrieving data from R2InBUGS
- [PATCH] net: virtio_net: use new api ethtool_{get|set}_link_ksettings
- [PATCH] net: virtio_net: use new api ethtool_{get|set}_link_ksettings
- [PATCH 2] net: virtio_net: use new api ethtool_{get|set}_link_ksettings