Mark Foley
2024-Jun-24 03:49 UTC
[Samba] Grant permission to SQL Server backing up to another domain member
What is the downside of using 'guest account = guest' in the [global] section of my smb.conf and what would be a better alternative? Backstory: Before changing my SERVER2 host to be an AD Domain Member I had the following in the old/NT4 smb.conf: [global] guest account = guest [SQLbackup] path = /home/ohprs/SQLserverData public = yes guest ok = yes guest only = yes writeable = yes browseable= yes printable = no create mask = 0660 directory mask = 0771 The stored procedure on the DBSERVER host used 'SET @NetworkPath = '\\SERVER2\SQLbackup\SQLServerBackup\' to save database tables to SERVER2. That worked fine for years. When I changed SERVER2 to be a domain member the 'guest account = guest' parameter was removed and the procedure failed with "access denied". I put 'guest account = guest' back into the [global] section of new smb.conf and the stored procedure started working again. This doesn't seem like "best practice". Searches on this topic suggest (among other ideas): 1. "you should grant permissions to YOURDOMAIN\SERVER1$" 2. "a better option would be to change the service account for SQL Server, using a domain user for which you grant the appropriate permissions on the share." With respect to the 1st option, I don't know where or how I would "grant permissions to YOURDOMAIN\SERVER1$". Would this be in smb.conf? In a SQL Server host config? The poster didn't say how to accomplish this. With respect to the 2nd option, I have no idea what the service account for SQL Server would be. It is running as a service on DBSERVER. If this is a better option I'd have to do some research to figure that out. Do sambalist users have insight on these options or alternate/better suggestions to accomplish this? Thanks --Mark