hi, we are running several HP-UX 11.23 servers with Samba 2.2.x and are starting a migration to Samba 3 and encounter several problems. As far as I understand this passage: (chapter 24, Upgrading from Samba-2.x to Samba-3.0.20) "The following issues are known changes in behavior between Samba-2.2 and Samba-3 that may affect certain installations of Samba. When operating as a member of a Windows domain, Samba-2.2 would map any users authenticated by the remote DC to the "guest account" if a UID could not be obtained via the getpwnam() call. Samba-3 rejects the connection with the error message "NT_STATUS_LOGON_FAILURE." There is no current workaround to re-establish the Samba-2.2 behavior. " the user nobody is not used anymore, and there is a need having unixuser account for every windowsuser account. I know, this is a general need, but for differerent purposes we configured "guest ok = yes" in some shares to allow the "guest" access to shares where the unixaccount is missung. Is my interpretation of the passage correct ? In case it is, does it refer to security = domain/ads only or is it valid for security = server as well (I know, security = server is not the preferred configuration). regards.... Frank Schifferstein
On Friday 09 December 2005 00:40, Frank Schifferstein wrote:> hi, > > we are running several HP-UX 11.23 servers with Samba 2.2.x and are > starting a migration to Samba 3 and encounter several problems. > > > As far as I understand this passage: (chapter 24, Upgrading from > Samba-2.x to Samba-3.0.20)Please follow the information in chapter 8 of my book "Samba-3 by Example" rather than the brief information in the HOWTO book. "Samba-3 by Example" is the official deployment guide, the HOWTO book is a reference guide on how the facilities of Samba-3 function.> "The following issues are known changes in behavior between Samba-2.2 > and Samba-3 that may affect certain installations of Samba. > > When operating as a member of a Windows domain, Samba-2.2 would map any > users authenticated by the remote DC to the "guest account" if a UID > could not be obtained via the getpwnam() call. Samba-3 rejects the > connection with the error message "NT_STATUS_LOGON_FAILURE." There is no > current workaround to re-establish the Samba-2.2 behavior. "Samba-3 introduced a new parameter, "map to guest," that will permit you to get the old behavior of Samba-2.2.x. Suggest you check the man page for smb.conf.> the user nobody is not used anymore, and there is a need having unixuser > account for every windowsuser account. I know, this is a general need, > but for differerent purposes we configured "guest ok = yes" in some > shares to allow the "guest" access to shares where the unixaccount is > missung. Is my interpretation of the passage correct ? In case it is, > does it refer to security = domain/ads only or is it valid for security > = server as well (I know, security = server is not the preferred > configuration).- John T.
Frank Schifferstein wrote:>hi, > >we are running several HP-UX 11.23 servers with Samba 2.2.x and are >starting a migration to Samba 3 and encounter several problems. > > >As far as I understand this passage: (chapter 24, Upgrading from >Samba-2.x to Samba-3.0.20) > >"The following issues are known changes in behavior between Samba-2.2 >and Samba-3 that may affect certain installations of Samba. > >When operating as a member of a Windows domain, Samba-2.2 would map any >users authenticated by the remote DC to the "guest account" if a UID >could not be obtained via the getpwnam() call. Samba-3 rejects the >connection with the error message "NT_STATUS_LOGON_FAILURE." There is no >current workaround to re-establish the Samba-2.2 behavior. " > > >the user nobody is not used anymore, and there is a need having unixuser >account for every windowsuser account. I know, this is a general need, >but for differerent purposes we configured "guest ok = yes" in some >shares to allow the "guest" access to shares where the unixaccount is >missung. Is my interpretation of the passage correct ? In case it is, >does it refer to security = domain/ads only or is it valid for security >= server as well (I know, security = server is not the preferred >configuration). > > >regards.... Frank Schifferstein > >Hi Frank, Are you using Opensource Samba or HP CIFS Server? HP CIFS Server adds a unix user called smbnull (replacing nobody), and by default "guest account = smbnull". You should not have any problem using "map to guest =" as John suggested. If you are using HP CIFS Server, then there is some support-related information that we should discuss (offline). Eric Roseme Hewlett-Packard