On Thu, Nov 10, 2011 at 2:24 AM, Andrew Lyon <andrew.lyon at gmail.com>
wrote:> Hi,
>
> I have a Microsoft application (SCCM) which I need to grant access to
> a samba share, however the service which reads the files can only
> authenticate using the computer account, there is option to configure
> it to use a domain account.
do you mean to say that it's a windows service that's Log On tab is
set to local system? because "authenticate using the computer
account" isn't a "thing". A windows service running as local
system
does not have permissions to access network resources at all. This is
a windows restriction, you have to have the account log on as a local
or domain user if you want it to be able to access the network.
>
> Is there any way to grant a computer account access to a share? On
> windows I can simply add computer$ to the permissions but this doesn't
> seem to be possible.
without reading "man smb.conf" again, there used to be an option that
you could set allowed and denied client IP addresses, and basically
make the share public otherwise. I don't know if the option still
exists in recent versions, my understanding is that it is trivially
easy to spoof.