dfs option, anonymous connect - auth. redirect at server

Gerald (Jerry) Carter jerry at samba.org
Thu Feb 24 15:30:39 GMT 2005

Hash: SHA1

Adam Cody wrote:

| Thanks for the response. I'm confused by your answer though to how dfs
| authenticates. If the authentication is done only once and is from the
| dfs server then why would one need to setup the backend servers with
| complex authentication options -- like winbind?

What I'm saying is that the authentication is done per SMB session.
So when you connect to the dfs root share, you first have to establish
the SMB session which will do the authentication request to the current
server.  So by the time you the tcon to the dfs root, you've already
been authenticated.

You can define in a share that it should be unauthenticated because
you don't know what share the user will connect to until after
authentication has already been done.

If you want an anonymous dfs root share, just setup a guest server for
that share.  I think this is what you want and there are no code
modification necessary.

	security = user
	map to guest = bad user
	username  map = /etc/samba/users.map
	host msdfs = yes

	msdfs root = yes
	path = /export/u1/dfs

!foo = *

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba-technical mailing list