Thanks for your response.
I'm curious how to enable guest access, in some documentation I had read
that the OpenSolaris CIFS implementation explicitly does not permit
unauthenticated "guest" access (unlike Linux's samba, etc). I'm aware
that the fishworks interface isn't *exactly* the same as OpenSolaris but
I don't see any options for guest mode. My first intent was to somehow
map all incoming connections to a named user with full permissions on
the share.
I have changed the running user for all services I can ( this case is a
mail system, imap/pop3/smtpd/etc), but the "svchost.exe" process which
runs as "SYSTEM" and afaik cannot be changed gets some calls and ends up
trying to read from the share. Using tools like file monitor I can see
that this process gets some work to do against the share and when it
does permission is denied and the user gets a weird IMAP error. I'd
think all work should be handled by the main service processes, and have
asked the mail software vendor about this but the storage should allow it.
Interestingly, I ran a packet capture on the active directory servers
while I recreated the problem from the mail server. Normally when I
open the share from my user in explorer the storage server talks with
the AD server to authorize my username, but when the request comes from
the mail server (the local system\system account) the storage server
does not query the AD server about the user. This leads me to believe
that the 7110 CIFS process is trying to use SYSTEM in a local context.
Next I'll run a pcap from the mail server to see whats going on between
those two boxes, but in the mean time I attempted to create a username
called "SYSTEM" but had to set a password so used "SYSTEM" again, and it
didn't seem to work with that.
Do you or anyone else have any documentation on enabling guest access on
this platform, or have any other suggestions?
Thanks,
-Alex
On 7/2/2010 8:31 PM, Alan Wright wrote:
Enable guest access, create a local user account called SYSTEM on
your 7110 or...
Dependent on what purpose those SYSTEM owned processes serve, you
may be able to change them on Windows to run under a domain
account, in which case you don't need to do anything on the 7110.
This is a common solution when using over-the-wire backup/archive
applications.
Alan
On 07/ 1/10 12:43 PM, Alex Ball wrote:
Hello all,
I have a 7110 storage appliance and have successfully integrated it with
the active directory environment. This allows processes running as
active directory users (such as explorer.exe) to open a cifs share with
the set permissions. My problem is that services, running as the
"SYSTEM" user, cannot. I found this post from earlier:
http://www.mail-archive.com/cifs-discuss@opensolaris.org/msg02248.html
and believe the solution may be similar for me, but I have been unable
to add the "S-1-5-18" user to the permissions list. Basically services
running as the SYSTEM user need access to the share. Does anyone have
any pointers?
Thanks!
-Alex
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss