On 03/11/2014 08:12 PM, Ken Dibble wrote:
OK. You have [ security = Domain ], which requires all samba logins
to be coordinated with the Windows Primary Domain Controller, and
then you override that by setting the share to public, which implies
everyone can access the share regardless of username and password,
thus avoiding coordination with the Windows Primary Domain Controller.
What would happen if you went to [ security = user ] and had the share
set to public? That might result in nobody being able to access the
share, so I'd research that suggestion very carefully before taking
any action. LOL It was just a thought. Also, you might explore how
using the guest user might eliminate the problem of needing to add and
maintain hundreds of users. That might be equivalent to making the
share public, which also avoid having each user enter a name and
password.
Hm.
Well Guest used to be enabled. That let the Mac user access the
/Public share. (The actual name of the share is "Public"; not wanting
to have any confusion between the share name and its access designation.)
Problem with Guest being enabled is, ANYBODY could then come in and
connect to the share and access its contents, including any casual Mac
(and who knows what other device) user who comes within WiFi range of
the network. Not acceptable.
Again, I need to have all domain users access the share without me
having to manually add in all of the domain user names, and then
constantly have to remove them when people leave, and add new ones
when new people are hired.
It's like a database. Remember databases? It's a listserv about
databases....
A major normalization principle of databases is, one piece of
information gets stored in one place one time only. That's what domain
security does. It lets me store the user credentials in one place, one
time only, and then as many machines as I add to the network, they all
can refer back to that one place to authenticate users. That's what I
need this thing to do for me. Having to re-enter the same stuff into a
bunch of different servers and/or shares to enable the same user to
access more than one resource completely defeats the purpose of a domain.
Is there not some level of access for a share that equates to "Any and
all domain users, AND/OR somebody who submits valid credentials
manually, BUT nobody else?"
Thinking outside the box here:
1) Install a VM in the Mac user(s) computer and run a window guest OS
in the VM, Then the Mac users could access the CentOS samba share just
like all the other windows users.
2) Have the Mac OS X user(s) access the shares using NFS. OS X is a
variant of the UNIX OS. Most NIX like OS(s) share files over NFS. Both
samba clients, (eg Windows), and NFS clients, (eg OS X, Linus, and
UNIX) can access the share simultaneously with no problem. Do a search
on setting up a CentOS NFS server and setting up a Mac OS X NFS client.
NFS must be running on both the client and the server.
3 Move the info to a CentOS Apache Web Server. Have the info in a web
directory protected by a .htaccess password. Then just about anyone
could access the info with the .htaccess password, regardless of their
computer or OS type.
Regards,
LelandJ
Ken Dibble
www.stic-cil.org
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
