dfs option, anonymous connect - auth. redirect at server

Adam Cody ajcody at gmail.com
Thu Feb 10 01:09:45 GMT 2005

I don't believe there's a current way for a samba server (member
server , security = domain) to have it's dfs share setup for
anonymous/guest connection unless one was to setup a NT guest account
on the controller or use a "force user" mode...which isn't a solution
for obvious reasons. If I missed the solution, I apologizes now for
intruding on the tech-list for this.

Is there a way to have the dfs share on a samba server to allow
anonymous/guest type access but then have the authentication done on
the server when the client goes to the actually share point?

something like this: 
security = domain
dfs guest = ok
redirected authentication = yes
path = /dfsroot
guest ok = yes

ls -ls /dfsroot

group > msdfs:nt-serverb\group,nt-servera\group
unix > msdfs:unix-a\project,unix-b\project

Viewing dfs-head\dfs , the client sees the two shares group and unix .
It's a local guest/anonymous connection that isn't redirected to the
NT4 domain.
When they goto the group or unix share they then pass their
credentials to the targeted server for authentication. It's important
that the redirected server uses the person credentials on that machine
and not an anonymous/guest account.

Even a possible mode of security = dfs would be acceptable, at least
for my puposes of HA heads that will not do anything else.

Adam Cody

P.S. Reasons for this....
1.To prevent having to create unix accounts for ALL my NT users and
users of trusted domains
2. To beat the NT team in setting up DFS server that will provide the
central location for our file-services.
3. Allows a good transition for moving over our backend file-services
from windows to samba+linux....rather than "everything at once",.

More information about the samba-technical mailing list