FW: [ActiveDir] OT: Samba guest access?

Mon, 21 Jun 2004 07:42:08 -0700

Title: FW: [ActiveDir] OT: Samba guest access?


Using “guest only” would remove the ability for other users to authenticate using samba, so what would happen is that your users would all have uid of guest.  Therefore, when they tried to browse to a directory that required elevated permissions they would be unable to authenticate.  

What we probably need to look at is what the .Net app and what the effective permissions the application will have.  Does it run as service or is it a desktop application that will run under the context of the logged in user.  Is it a web page? Is it something that was written in house or is it an off-the-shelf application?  Perhaps rather than trying to force a guest login on the app, we can see what context the app is running as and grant it permissions to the share.


From: Kirk Marple <[EMAIL PROTECTED]>
Organization: Agnostic Media, Inc.
Date: Wed, 16 Jun 2004 13:00:49 -0700
To: 'Brent Westmoreland' <[EMAIL PROTECTED]>
Subject: RE: [ActiveDir] OT: Samba guest access?

hi Brent,
we're having trouble getting SSH access to that machine remotely today.  it lives in LA, and i'm up in Seattle now.
when we can get on there, i can get you the info you've asked for.
btw, i've recently noticed the "guest only" option in Samba for a file share.   might that work for our needs, and wouldn't popup the authentication dialog?   basically we want the share to be available to everyone, but we'll be creating subdirectories that have specific perms given for groups/users in AD.
thanks for your help,
Kirk

From: Brent Westmoreland [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 6:38 PM
To: Kirk Marple
Subject: Re: [ActiveDir] OT: Samba guest access?

Can you also send me the output of the command:

ls –lhvT

>From the parent directory of the AppStorage directory?



From: Kirk Marple <[EMAIL PROTECTED]>
Organization: Agnostic Media, Inc.
Date: Tue, 15 Jun 2004 16:49:10 -0700
To: 'Brent Westmoreland' <[EMAIL PROTECTED]>
Subject: RE: [ActiveDir] OT: Samba guest access?

Thanks!

[global]
    security = ADS
   guest account = unknown
   auth methods = guest opendirectory
   use spnego = yes
   map to guest = Bad User
   allow trusted domains = no
   preferred master = no
   client ntlmv2 auth = no
   domain logons = no
   domain master = yes

and for the file share:

[AppStorage]
   oplocks = 0
   map archive = no
   path = /Volumes/[...]
   read >   inherit permissions = 1
   strict locking = 1
   create mask = 0644
   guest ok = 1
   directory mask = 0755

From: Brent Westmoreland [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 11:29 AM
To: Kirk Marple
Subject: Re: [ActiveDir] OT: Samba guest access?

Hey Kirk,

Can you post your /etc/smb.conf file....

Specifically the [global] and the fileshare in question.


From: Kirk Marple <[EMAIL PROTECTED]>
Organization: Agnostic Media, Inc.
Date: Mon, 14 Jun 2004 10:04:55 -0700
To: <[EMAIL PROTECTED]>
Subject: RE: [ActiveDir] OT: Samba guest access?

that'd be awesome, Brent.

i'm pretty stuck without figuring this out, so any help is much appreciated!

thanks,
Kirk

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Friday, June 11, 2004 2:40 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] OT: Samba guest access?

I can put it in the lab on Tuesday and probably have you an answer by that afternoon.  I just need a little time.


From: Kirk Marple <[EMAIL PROTECTED]>
Organization: Agnostic Media, Inc.
Reply-To: <[EMAIL PROTECTED]>
Date: Fri, 11 Jun 2004 09:30:28 -0700
To: <[EMAIL PROTECTED]>
Subject: [ActiveDir] OT: Samba guest access?

(Sorry for the OT post, i just don't know anywhere else to find people that might know the answer to this.  Thanks!)

I've attached an Apple XServe to our Windows domain, and have successfully setup all the Active Directory integration.

I've been able to expose a file share to Windows via Samba from the XServe, but it's still requring a guest account login.

For example, when i try and open \\xserve\Storage <file://\\xserve\Storage> from Windows, it shows a username/pwd dialog.  If i type in 'guest', it lets me in.

Problem is, i want to use a file share from a .NET app, and can't do authentication on the UNC path.  I know the account info gets cached, but this all has to happen automagically w/o user input.

Anybody know if there's a way to not require that authentication popup, and just default to 'guest' access?  Is it a Samba issue or a Windows issue?

Thanks for any help/pointers!
Kirk

-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
Kirk Marple
CTO/VP of Engineering
Agnostic Media, Inc.
e: [EMAIL PROTECTED]
w: www.agnostic-media.com

You can get my Digital ID here: https://digitalid.verisign.com/services/client/index.html <https://digitalid.verisign.com/services/client/index.html>





------ End of Forwarded Message

Reply via email to