[Samba] DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
Marco Gaiarin
gaio at sv.lnf.it
Tue Oct 2 15:00:43 UTC 2018
Mandi! Rowland Penny via samba
In chel di` si favelave...
> No, but what I do know is this, you should not use guest access on a
> domain member, Windows turns it off by default. Also 'Guest' doesn't
> exist on a Unix domain member, you would have to map it to the Unix
> domain user 'nobody'
No, this is not exactly true. You forget the 'guest account' option,
that have the default value 'nobody'.
So, even not specifying guest mapping, guest account are mapped to
'nobody'.
> If you have 'winbind use default domain = yes' in smb.conf, winbind
> will basically just strip off the leading 'DOMAIN\' from user and group
> names. so the user 'DOMAIN\fred' will become 'fred'.
> Okay so far ?
> Now, if you have two domains in smb.conf 'DOMAINA' & 'DOMAINB' and
> there is a user called 'fred' in both domains and you have 'winbind use
> default domain = yes', you will end up with two users called 'fred'.
Ok, perfectly clear. But manpage seems to me say something different:
This parameter specifies whether the winbindd(8) daemon should operate
on users without domain component in their username. Users without a
domain component are treated as is part of the winbindd server's own domain.
'own domain' for me is 'workgroup'. And really i don't understand why
an option like that have to strip ALL domain part, and not only the
'own' one...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list