[Samba] Grant permission to SQL Server backing up to another domain member
Mark Foley
mfoley at novatec-inc.com
Mon Jun 24 03:49:37 UTC 2024
What is the downside of using 'guest account = guest' in the [global] section of
my smb.conf and what would be a better alternative?
Backstory:
Before changing my SERVER2 host to be an AD Domain Member I had the following in
the old/NT4 smb.conf:
[global]
guest account = guest
[SQLbackup]
path = /home/ohprs/SQLserverData
public = yes
guest ok = yes
guest only = yes
writeable = yes
browseable= yes
printable = no
create mask = 0660
directory mask = 0771
The stored procedure on the DBSERVER host used
'SET @NetworkPath = '\\SERVER2\SQLbackup\SQLServerBackup\'
to save database tables to SERVER2. That worked fine for years.
When I changed SERVER2 to be a domain member the 'guest account = guest'
parameter was removed and the procedure failed with "access denied".
I put 'guest account = guest' back into the [global] section of new smb.conf and
the stored procedure started working again.
This doesn't seem like "best practice". Searches on this topic suggest (among
other ideas):
1. "you should grant permissions to YOURDOMAIN\SERVER1$"
2. "a better option would be to change the service account for SQL Server, using a
domain user for which you grant the appropriate permissions on the share."
With respect to the 1st option, I don't know where or how I would "grant
permissions to YOURDOMAIN\SERVER1$". Would this be in smb.conf? In a SQL Server
host config? The poster didn't say how to accomplish this.
With respect to the 2nd option, I have no idea what the service account for SQL
Server would be. It is running as a service on DBSERVER. If this is a better
option I'd have to do some research to figure that out.
Do sambalist users have insight on these options or alternate/better suggestions
to accomplish this?
Thanks --Mark
More information about the samba
mailing list