[Samba] Samba tuning - ldapsam:trusted

Adam Tauno Williams adamtaunowilliams at gmail.com
Fri Aug 24 15:05:18 GMT 2007


On Fri, 2007-08-24 at 11:30 -0300, Guilherme Sperb Machado wrote:
> but this account called "pcnet" need to have any relation to LDAP
> server? 

It needs to be a valid account.

> I mean... LDAP server processes must be running with pcnet
> account?!

No?  Where did you get this idea?  it is just a user context to map
anonymous connections to.

>  If no, I do not set any kind of password?!

Nope,

> and guest account should be set to "guest account = pcnet" ?!?

Yep, or whatever account you use.

guest account = pcnet

Note this section from the smb.conf man page:
-------------------------------------------------
Note that the name of the resource being requested is  not  sent
to  the server until after the server has successfully authenti‐
cated the client. This is why guest shares don't  work  in  user
level  security without allowing the server to automatically map
unknown users into the guest  account.  See  the  map  to  guest
parameter for details on doing this.

And the "map to guest" directive:
---------------------------------
Note  that this parameter is needed to set up "Guest" share ser‐
vices when using  security  modes  other  than  share.  This  is
because  in these modes the name of the resource being requested
is not sent to the server until after the  server  has  success‐
fully authenticated the client so the server cannot make authen‐
tication decisions at the correct time (connection to the share)
for "Guest" shares.

You probably want:
map to guest = Bad  User
 - if you are actually running guest access shares.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org



More information about the samba mailing list