[Samba] 3.0.7: 'map to guest' incomplete behavior

Thu, 07 Oct 2004 12:32:02 -0700 

I have a 3.0.7 server that is part of an active directory domain, and I
have a problem where 'map to guest = Bad User' doesn't do what I expect.

On this system, unix users are a subset of AD users.  Those users who
have accounts on both unix and AD can access the Samba server; but users
who have an AD account but not a unix account can not.  What I want is
for those users without a unix account to still be able to access the
world-readable shares as 'guest'.

In my smb.conf, I have 'map to guest = Bad User' and
'guest account = guest'.  But even with those settings, we still
get an error in the smb log: "Username DOMAIN\blah is invalid on this
system".

However, if a user specifies a bogus username when setting up the drive
map (i.e., a username that does not exist in AD) then Samba will
proceed to connect that user as 'guest'.  In other words, 'map to guest'
only works if the given username is not in AD.

I modified reply_spnego_kerberos() in smbd/sesssetup.c so that it would
use the guest user if the user is not in the unix password db and
'map to guest' is on.  The patch is attached.

If the developers have a problem with extending the 'map to guest'
functionality in this way, then I suggest you add a new option
('unix map to guest' or something).

I know that there's a hook to have smbd create user accounts on the
fly, but that is not an acceptable solution in my environment.  I
need to have unknown (but valid) AD accounts map to 'guest'.

--- sesssetup.c.dist    2004-10-07 14:08:16.137991470 -0500
+++ sesssetup.c 2004-10-07 14:11:04.425105686 -0500
@@ -247,6 +247,14 @@
        pw = smb_getpwnam( user, real_username, True );
        
        if (!pw) {
+               if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) || 
+                   (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
+                       DEBUG(3,("No such unix user %s - using guest account\n",
+                                user));
+                       pw = smb_getpwnam( lp_guestaccount(), real_username, False );
+               }
+       }
+       if (!pw) {
                DEBUG(1,("Username %s is invalid on this system\n",user));
                SAFE_FREE(user);
                SAFE_FREE(client);




Attachment:
PGP.sig

Description: This is a digitally signed message part


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to