[Samba] "map to guest" in share definition?
Ryan Novosielski
novosirj at umdnj.edu
Thu Nov 29 15:08:25 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apparently not. Much more importantly is the first line of the man page
on this subject:
map to guest (G)
This parameter is only useful in SECURITY = security modes other
than security = share - i.e. user, server, and domain.
This parameter can take four different values, which tell smbd(8)
what to do with user login requests that don't match a valid UNIX
user in some way.
The (G) signifies a global parameter. It appears as if I was mixing up
my use of map to guest (which I have set to "bad user"), and my
combining that directive with "guest ok" and "guest only", which I'm
guessing would do everything you wanted. In my case, we have a share
that we want to work regardless of valid login information. [homes]
obviously will not work if the user does not exist. We also do IP range
restrictions. Is there some special case that is not covered by all of that?
Michael Heydon wrote:
> Are you sure about this?
>
> From the smb.conf man page:
>
>> Note that this parameter is needed to set up "Guest" share services
>> when using security modes other than share. This is because in these
>> modes the name of the resource being requested is not sent to the
>> server until after the server has successfully authenticated the
>> client so the server cannot make authentication decisions at the
>> correct time (connection to the share) for "Guest" shares.
>
> From that it sounds like the authentication must be 100% complete before
> the client can specify which share it is after, how could it decide
> whether or not the authentication request passes if each share has
> different rules for what is acceptable?
>
>
> *Michael Heydon - IT Administrator *
> michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
>
>
> Ryan Novosielski wrote:
> Yes, you can.
>
> Tim Bates wrote:
>
>>>> Is it possible to use "map to guest" in a single share?
>>>> We have 2 or 3 shares where I want this behavior, but for most I would
>>>> like to not use it due to issues with home directories with bad users.
>>>>
>>>> I would simply try moving that line to a share definition to see what
>>>> happens, but I don't want to break a live server to test (and have no
>>>> spare Samba boxes right now).
>>>>
>>>> Tim B
>>>>
>>>> **********************************************************************
>>>> This message is intended for the addressee named and may contain
>>>> privileged information or confidential information or both. If you
>>>> are not the intended recipient please delete it and notify the sender.
>>>> **********************************************************************
>>>>
>
- --
---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHTtXpmb+gadEcsb4RAvUvAKC+7K1FyuUML2OJyjU11RMeBHkXLwCgwCQW
vbCaln9ysqCIKyYU+fo0efc=
=lXfv
-----END PGP SIGNATURE-----
More information about the samba
mailing list