dfs option, anonymous connect - auth. redirect at server

Gerald (Jerry) Carter jerry at samba.org
Thu Feb 24 15:30:39 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Cody wrote:

| Thanks for the response. I'm confused by your answer though to how dfs
| authenticates. If the authentication is done only once and is from the
| dfs server then why would one need to setup the backend servers with
| complex authentication options -- like winbind?

What I'm saying is that the authentication is done per SMB session.
So when you connect to the dfs root share, you first have to establish
the SMB session which will do the authentication request to the current
server.  So by the time you the tcon to the dfs root, you've already
been authenticated.

You can define in a share that it should be unauthenticated because
you don't know what share the user will connect to until after
authentication has already been done.

If you want an anonymous dfs root share, just setup a guest server for
that share.  I think this is what you want and there are no code
modification necessary.

========smb.conf=================================
[global]
	security = user
	map to guest = bad user
	username  map = /etc/samba/users.map
	host msdfs = yes

[dfs]
	msdfs root = yes
	path = /export/u1/dfs
========smb.conf=================================

==============users.map======================
!foo = *
==============users.map======================





cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCHfMfIR7qMdg1EfYRAik+AJ96pry4QzRh0zMszAL3W/Vbh3taDgCginZ+
WAXhy9m72OxZQwhysUw9wVE=
=kOMw
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list