SAMBA 2.2.8 misc issues.
John E. Malmberg
wb8tyw at qsl.net
Mon Aug 16 17:32:35 GMT 2004
In article <CF0913E9C3D53D4E94DE47FDE25C633D048FD453 at hermes.cofiroute.com>, COLLOT Jean-Yves <jean-yves.collot at cofiroute.fr> writes:
>
>> 2. The smb.conf is referencing an obsolete Pathworks guest account for
>> the guest account. A dedicated account with it's own UIC is needed for
>> this.
>
> Yes again. I'll include the MAKE_SAMBA_GUEST_ACCOUNT.COM from Samba 2.0.6 in
> the next release. Note, however, that, for security reasons, I am not sure
> it is such good idea to have a valid guest account.
It is not really a GUEST account, it is the account that is used for the
security credentials for all remote IPC communications which need to access
the local file system, in addition to what is used for GUEST access to shares.
Which is why it must be a dedicated account that does not have write access to
anything other than it's home directory, and the samba_root:[var] directory.
It is a manditory feature of the LANMAN protocol to have such an account.
It is really mis-named in it's function.
When you disable the "Guest" account on a real Windows box, you in reality are
only disabling it for use with connecting to the file and print shares. The
Guest account is still used for other purposes.
Samba does not currently have a way to follow that model, except to mark the
shares in smb.conf as not accessable by the GUEST account.
For SAMBA on VMS to have the GUEST account behave the same way as on Windows, it
would have to pay attention to the SYSUAF DISUSER flag if it was being used to
access a file or print share. In SAMBA 2.0.6, that could be done through an
easy change in the Frontport wrapper library.
-John
wb8tyw at qsl.net
Personal Opinion Only
More information about the samba-vms
mailing list