Thanks for your response.

I'm curious how to enable guest access, in some documentation I had read that the OpenSolaris CIFS implementation explicitly does not permit unauthenticated "guest" access (unlike Linux's samba, etc). I'm aware that the fishworks interface isn't *exactly* the same as OpenSolaris but I don't see any options for guest mode. My first intent was to somehow map all incoming connections to a named user with full permissions on the share.

I have changed the running user for all services I can ( this case is a mail system, imap/pop3/smtpd/etc), but the "svchost.exe" process which runs as "SYSTEM" and afaik cannot be changed gets some calls and ends up trying to read from the share. Using tools like file monitor I can see that this process gets some work to do against the share and when it does permission is denied and the user gets a weird IMAP error. I'd think all work should be handled by the main service processes, and have asked the mail software vendor about this but the storage should allow it.

Interestingly, I ran a packet capture on the active directory servers while I recreated the problem from the mail server. Normally when I open the share from my user in explorer the storage server talks with the AD server to authorize my username, but when the request comes from the mail server (the local system\system account) the storage server does not query the AD server about the user. This leads me to believe that the 7110 CIFS process is trying to use SYSTEM in a local context. Next I'll run a pcap from the mail server to see whats going on between those two boxes, but in the mean time I attempted to create a username called "SYSTEM" but had to set a password so used "SYSTEM" again, and it didn't seem to work with that.

Do you or anyone else have any documentation on enabling guest access on this platform, or have any other suggestions?



On 7/2/2010 8:31 PM, Alan Wright wrote:
Enable guest access, create a local user account called SYSTEM on
your 7110 or...

Dependent on what purpose those SYSTEM owned processes serve, you
may be able to change them on Windows to run under a domain
account, in which case you don't need to do anything on the 7110.
This is a common solution when using over-the-wire backup/archive


On 07/ 1/10 12:43 PM, Alex Ball wrote:
Hello all,

I have a 7110 storage appliance and have successfully integrated it with
the active directory environment. This allows processes running as
active directory users (such as explorer.exe) to open a cifs share with
the set permissions. My problem is that services, running as the
"SYSTEM" user, cannot. I found this post from earlier:

and believe the solution may be similar for me, but I have been unable
to add the "S-1-5-18" user to the permissions list. Basically services
running as the SYSTEM user need access to the share. Does anyone have
any pointers?


cifs-discuss mailing list

cifs-discuss mailing list

cifs-discuss mailing list

Reply via email to