On 11/20/08 16:04, Bill Shannon wrote: > Afshin Salek wrote: >> Bill Shannon wrote: >>> Afshin Salek wrote: >>>> Guest authentication is not supported by CIFS server. >>>> We haven't had any plans to support it so the data is still new :) >>> Sigh. >>> >>> I guess that means I'm back to Samba for my home network. >>> Getting authenticated access to work is just too painful. >>> >> Samba might have this as a share property but when a CIFS >> server runs in user mode, the user is authenticated first >> regardless which shares (s)he wants to access. Access to shares >> and directories is then restricted using ACLs. So whether >> guest authentication is allowed or not is a system wide property >> not a share property. > > I don't understand. When I use guest access to a share there's no > authentication occurring, and the access is done as user "nobody". > >>> Is guest access really hard to implement, or is it just not considered >>> important? >>> >> It's not a matter of implementation, it is a matter of security. >> If you're going to say, well Samba does it so why don't you? My >> answer is that Samba doesn't need to get PSARC approval :) > > Double sigh... > > Haven't we gotten over this nonsense yet? > > Did you actually *ask* for permission to implement guest access? > Or are you just assuming it would be refused?
It was explicitly discussed during the CIFS ARC case review and I, on behalf of the project team, explicitly agreed not to support anonymous access. > And note that this has nothing to do with Samba. *Windows* supports > this, and isn't the point of adding CIFS support to Solaris to be > more compatible with Windows? And not supporting anonymous access does not make the CIFS service incompatible with Windows. Microsoft has issued several security bulletins related to anonymous connections (also known as null sessions) and this mode of operation is generally viewed as undesirable. Microsoft has a huge legacy install base to deal with and their requirements for supporting deprecated behavior don't necessarily apply to the CIFS service. If you truly believe this is a valuable mode of operation, please feel free to submit an ARC case. >>>> Even if it was supported, I'm wondering why were you trying to enable it >>>> using a file system command!? >>> Isn't that one of the cool features of zfs, that I can tell it to manage >>> SMB or NFS shares for me? I use zfs set to set the SMB share name, and >>> the man page clearly says I can use it to pass other options to the >>> sharemgr command (although it doesn't really explain it). >>> >> I didn't know you can pass other share options using zfs sharesmb, >> can you really do that? Personally, I prefer to use sharemgr :) > > Yup, the man page says you can. The only example it gives is something like: > > zfs set sharesmb=name=MyShare tank I believe that's the only additional format you can specify via the zfs command. Alan _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
