[Samba] Grant permission to SQL Server backing up to another domain member

[Mark Foley]

What is the downside of using 'guest account = guest' in the [global] section of
my smb.conf and what would be a better alternative?

Backstory:

Before changing my SERVER2 host to be an AD Domain Member I had the following in
the old/NT4 smb.conf:

[global]
guest account = guest

[SQLbackup]
path = /home/ohprs/SQLserverData
public = yes  
guest ok = yes  
guest only = yes
writeable = yes
browseable= yes
printable = no
create mask = 0660   
directory mask = 0771

The stored procedure on the DBSERVER host used
'SET @NetworkPath = '\\SERVER2\SQLbackup\SQLServerBackup\'
to save database tables to SERVER2. That worked fine for years.

When I changed SERVER2 to be a domain member the 'guest account = guest'
parameter was removed and the procedure failed with "access denied".

I put 'guest account = guest' back into the [global] section of new smb.conf and
the stored procedure started working again. 

This doesn't seem like "best practice". Searches on this topic suggest (among
other ideas):

1. "you should grant permissions to YOURDOMAIN\SERVER1$"

2. "a better option would be to change the service account for SQL Server, using a
domain user for which you grant the appropriate permissions on the share."

With respect to the 1st option, I don't know where or how I would "grant
permissions to YOURDOMAIN\SERVER1$". Would this be in smb.conf? In a SQL Server
host config? The poster didn't say how to accomplish this.

With respect to the 2nd option, I have no idea what the service account for SQL
Server would be. It is running as a service on DBSERVER. If this is a better
option I'd have to do some research to figure that out.

Do sambalist users have insight on these options or alternate/better suggestions
to accomplish this?

Thanks --Mark