Users can map shares without password in domain-security mode

[Seip Christian]

Hi!

I've got this setup:

My Samba 2.0.7 is clustered by two nodes with RedHat Linux 6.2 and kernel
2.2.16 and a SCSI-RAID as a shared storage. The Samba-server is a member of
domain (add in NT-Server-Manager followed by "smbpasswd -j DOM -r PDC) and
creates its user accounts on the fly with an add user script. This is
necessary because only one node is active at a time and the other one serves
as a stand-by. The active node has the shared storage mounted. All users
have their homes on the shares storage. When a failover happens and the
stand-by node takes over the samba-service, the stand-by node mounts the
storage. The users can't be synchronized between those two nodes but that
doesn't matter because they're created when they're needed.

Now I have two probs:

1. Samba authenticates the users against the PDC, so as far as I have
unterstood the concept, there sohould only be a linux user necessary and not
an user in the smbpasswd. But without an entry in the smbpasswd I can't map
any share. Yep, security-mode is domain and it works. But only with "useradd
%u; smbpasswd -a -n %u".

2. The user-homes on the shared storage are owned by root because I don't
need a local login for any user. This samba-server is really only a
file-server. No remote logins. Since the user list between the two
clusternodes are not synchronized, the user-homes can't be owned by the
users because of different UIDs. If on node A user testuser1 has UID 500 and
on node B user testuser2 UID 500, there will be a problem with the file and
directory permissions depending on which node the shared storage is mounted.
So create mask and directory mask is 777. Now my question: Why can other
users map my home-share (defined by the [homes]-section in smb.conf) without
being asked for a password?

Any suggestions? Thanks in advance and sorry for the long explanation.

Best regards,

Christian