Samba errors?

Spiros B. spiros at elefsina.timeplex.com
Tue Aug 12 13:38:13 GMT 1997 

> 
> this is a little confusing, however i think i follow you.  the access 
> that you are seeing, namely, C->A->PC is correct.  your server A is 
> exporting a directory on C.  therefore, the PC, when connecting to A, 
> will cause A to contact C.
> 
> there are two ways round this:
> 
> 1) upgrade samba to "DFS-aware"; upgrade your clients to "DFS-aware".  
>    this will involve some code writing in samba.
> 
> 2) use the (new) automap features (that i don't fully understand) which 
> will allow you to mount the user's home directory from the NIS auto.home 
> map.  this specifies the host as well as the directory.  you will need to 
> be running a samba server on _every_ host referred to in the auto.home 
> map.  i suspect that there is more work to do in this area.
>   
	Thank you very much for replying to my post Luke.
	
I am already using the auto.home  NIS map in all of our systems and I have used 
the nis homedir = Yes flag as well. What I do not understand is why would we 
have to use samba on _every_ host in the automounter entries. Shouldn't samba 
deny access to untrusted hosts?

Suppose the following :

3 Solaris machines... 1,2 & 3

If 1 is running an automounter , then 2 can mount from 1 no prob as long as it 
is allowed to export the filesystem. Now, if 3 wants to mount that same 
filesystem that 2 is mounting from 1, but being served by the 2 machine, the 
cross mount will not work.

So, shouldn't samba by default not mount a filesystem that is not explicitly 
exported as a local filesystem on a machine the server is running on?

> > Furthermore in this release, the following flags are not working as stated:
> > 
> > wide links = No ( you have called it an Service specific attribute, while it 
> > only gets read by the program if placed on the global section ) and it is 
> > mounting the link point but does not follow it... Is there a reason to mount 
if 
> > you won't follow the link?
> 
> don't know about this one.
> 
> > invalid users = root, sys, daemon, anonymous, sync, nobody, guest 
> > but yet I can do the following and mount with no problem:
> > 
> > //A/root
> 
> that depends on whether you have allowed guest access or not (which, 
> amongst other things, is a compilation option).
> 
> you will probably find that "invalid users", with the right kind of guest 
> access compiled in, will be mapped to the guest account.  set "guest ok 
> = no" in each share that you do not wish to allow guest access.  and 
> check the guest compilation options.
> 

I set guest ok = no , and I can still mount \\A\root . As far as compilation is 
concerned, GUESTACCOUNT = nobody like default on the Makefile. One more thing...
In this distribution, people with the acc compiler will experience some internal 
compiler errors; therefore, not being able to compile...An easy and necessary 
workaround is to disable FLAGS1 in the Makefile or any other optimization flag 
they may be using.... ( Found out the hard way ).

> > Also, invalid users is a (S) feature and not global according to the manual, 
but 
> > both services have to be placed on the global section in order to be read by 
the 
> > daemon. testparm executable program shows me that fact as soon as I place 
the 
> > services in [Global].
> 

Thank you for this tip Luke,

Regards,

Spiros

More information about the samba mailing list