Samba errors?

Luke Kenneth Casson Leighton lkcl at cb1.com
Mon Aug 11 19:27:04 GMT 1997 


On Tue, 12 Aug 1997, Spiros B. wrote:

> Assuming the existance of 2 Unix systems that are exporting  filesystems between 
> them, and 1 PC that requests home dirs from one of the systems, samba allows 
> mounting of any home directory even if it is not on the server that the smbd 
> daemon is running from.
> 
> For example: My Home dir is on server A which runs the smbd daemon as well, 
> while a user B is having his home directory on Server C.
> 
> Server A, exports the home dirs of C as well. A & C are both Unix machines.
> 
> If I go onto my PC which is called D, I can request the following network map 
> drive:
> 
> //A/spiros which is a legal operation for my home.
> if I do a //A/B i am again allowed to mount User B's home dir eventhough I do 
> not explicitly state the transition of C->A->PC.

this is a little confusing, however i think i follow you.  the access 
that you are seeing, namely, C->A->PC is correct.  your server A is 
exporting a directory on C.  therefore, the PC, when connecting to A, 
will cause A to contact C.

there are two ways round this:

1) upgrade samba to "DFS-aware"; upgrade your clients to "DFS-aware".  
   this will involve some code writing in samba.

2) use the (new) automap features (that i don't fully understand) which 
will allow you to mount the user's home directory from the NIS auto.home 
map.  this specifies the host as well as the directory.  you will need to 
be running a samba server on _every_ host referred to in the auto.home 
map.  i suspect that there is more work to do in this area.
  
> Furthermore in this release, the following flags are not working as stated:
> 
> wide links = No ( you have called it an Service specific attribute, while it 
> only gets read by the program if placed on the global section ) and it is 
> mounting the link point but does not follow it... Is there a reason to mount if 
> you won't follow the link?

don't know about this one.

> invalid users = root, sys, daemon, anonymous, sync, nobody, guest 
> but yet I can do the following and mount with no problem:
> 
> //A/root

that depends on whether you have allowed guest access or not (which, 
amongst other things, is a compilation option).

you will probably find that "invalid users", with the right kind of guest 
access compiled in, will be mapped to the guest account.  set "guest ok 
= no" in each share that you do not wish to allow guest access.  and 
check the guest compilation options.

> Also, invalid users is a (S) feature and not global according to the manual, but 
> both services have to be placed on the global section in order to be read by the 
> daemon. testparm executable program shows me that fact as soon as I place the 
> services in [Global].

thank you for pointing this out.

regards,

luke

More information about the samba mailing list