[Samba] Proposal to change security=share in Samba 4.0

Andrew Bartlett abartlet at samba.org
Tue Feb 28 17:53:35 MST 2012


On Tue, 2012-02-28 at 16:34 -0800, Jeremy Allison wrote:
> On Wed, Feb 29, 2012 at 01:00:00AM +0100, Volker Lendecke wrote:
> > Andrew,
> > 
> > On Wed, Feb 29, 2012 at 10:53:47AM +1100, Andrew Bartlett wrote:
> > > On Tue, 2012-02-28 at 07:30 -0500, Mike Rambo wrote:
> > > 
> > > >  From what I saw in the rest of the thread it looks like there will 
> > > > still be a way to do this but I thought I'd chime in since the subject 
> > > > has come up and we do use security=share to accomplish this at present.
> > > 
> > > There will always be a way to allow guest access to a Samba server.  We
> > > may change the smb.conf option, but this facility will always remain.
> > 
> > to support your proposal, could you start documentation on
> > wiki.samba.org (if it's not already there) how to do the
> > closest possible equivalent to the public security=share
> > server using alternatives? I think we need a precise
> > to-the-point reference we can reply with when confused users
> > enter the mailing lists that is very available to everyone.
> 
> +1 for that. We need to make it *really obvious* how
> people can do the transition..

I'm about to write that up.  For the original proposal, public smb
servers would be unchanged (as guest access was to be retained).  

However, the view of the list seems to be to remove security=share
entirely, so I'm about to write up test such a page.  (The change boils
down to 'map to guest = bad user', but I'll fully explain it, including
the 'guest ok = yes' on each share, required unix permission etc). 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba mailing list