Handling smb requests from Client Machine Identity

Nagaraj Shyam Nagaraj_Shyam at symantec.com
Wed Dec 1 17:05:55 MST 2010



Is there a recommended setup with samba to handle smb requests from
windows client machines, where the principal in the Kerberos ticket is
the windows client machine name.  winbindd in this case will not be able
to map the "user" because it will not be able to find the client machine
name in the "users and groups" container within AD server.  Samba will
deny access to the windows client in this case.


The above is sometimes seen when a logged in user on windows client
browses into the samba server using windows explorer by typing:


\\SambaServerIPAddress <file:///\\SambaServerIPAddress> 


In the Address part of the windows explorer on the client machine.


Unfortunately, I didn't save the samba logs giving more details about
the sequence of smb requests, will do so next time I see this issue, if
that helps.


To work around this issue, would creating an account in the "User"
container with the windows client machine name make sense?  Are there
security holes with this approach?


Thanks for any replies/suggestions.



More information about the samba-technical mailing list