"invalid users = nobody" is bad
Michael Simmons
michael at ecel.uwa.edu.au
Tue Mar 23 09:20:20 GMT 1999
Samba 2.0.3 on Solaris 5.5.1 with security=server, NT PDC and several 100 clients.
We recently had lots of intermittent problems with samba.
These included:
Share mounting problems, Locking errors, Access denied errors, Document corruption
and errors related to writing buffers back to the server.
The problems where much worst when Command AntiVirus's dynamic
virus checking was enabled.
After much testing we found that it was caused by shares
having "invalid users = nobody" set.
Originally (from memory) samba had a bug (feature?) where
if a valid account existed on the authenticating server (an NT PDC)
and there was no matching account on the unix box then the account was
mapped to the guest (nobody) account.
At the time the only way to stop this was to make the invalid users list include
the guest account (i.e. nobody).
I believe that "guest ok = no", the default, correctly handles this case now.
I assume there is some kind of race condition within samba when
"invalid users = nobody" is set.
michael at ecel.uwa.edu.au
More information about the samba
mailing list