Luke Kenneth Casson Leighton
lkcl at cb1.com
Mon Aug 11 19:27:04 GMT 1997
On Tue, 12 Aug 1997, Spiros B. wrote:
> Assuming the existance of 2 Unix systems that are exporting filesystems between
> them, and 1 PC that requests home dirs from one of the systems, samba allows
> mounting of any home directory even if it is not on the server that the smbd
> daemon is running from.
> For example: My Home dir is on server A which runs the smbd daemon as well,
> while a user B is having his home directory on Server C.
> Server A, exports the home dirs of C as well. A & C are both Unix machines.
> If I go onto my PC which is called D, I can request the following network map
> //A/spiros which is a legal operation for my home.
> if I do a //A/B i am again allowed to mount User B's home dir eventhough I do
> not explicitly state the transition of C->A->PC.
this is a little confusing, however i think i follow you. the access
that you are seeing, namely, C->A->PC is correct. your server A is
exporting a directory on C. therefore, the PC, when connecting to A,
will cause A to contact C.
there are two ways round this:
1) upgrade samba to "DFS-aware"; upgrade your clients to "DFS-aware".
this will involve some code writing in samba.
2) use the (new) automap features (that i don't fully understand) which
will allow you to mount the user's home directory from the NIS auto.home
map. this specifies the host as well as the directory. you will need to
be running a samba server on _every_ host referred to in the auto.home
map. i suspect that there is more work to do in this area.
> Furthermore in this release, the following flags are not working as stated:
> wide links = No ( you have called it an Service specific attribute, while it
> only gets read by the program if placed on the global section ) and it is
> mounting the link point but does not follow it... Is there a reason to mount if
> you won't follow the link?
don't know about this one.
> invalid users = root, sys, daemon, anonymous, sync, nobody, guest
> but yet I can do the following and mount with no problem:
that depends on whether you have allowed guest access or not (which,
amongst other things, is a compilation option).
you will probably find that "invalid users", with the right kind of guest
access compiled in, will be mapped to the guest account. set "guest ok
= no" in each share that you do not wish to allow guest access. and
check the guest compilation options.
> Also, invalid users is a (S) feature and not global according to the manual, but
> both services have to be placed on the global section in order to be read by the
> daemon. testparm executable program shows me that fact as soon as I place the
> services in [Global].
thank you for pointing this out.
More information about the samba