dualathlon
n00b
- Joined
- Jul 3, 2011
- Messages
- 13
Did anyone try CIFS guest access in this scenario:
1. Share zfs dataset, guest is allowed: zfs set sharesmb="name=public,guestok=true" poolX/share
2. Create an unix group: groupadd grpB
3. Create an unix user: useradd usrA -G grpB
4. Set password for that user: passwd usrA
5. Create SMB group: smbadm create grpB
6. Add user to SMB group: smbadm add-member -m usrA grpB
7. Add smb mapping: idmap add -d wingroup:grpB unixgroup:grpB
8. Also map guest account to that user: idmap add -d winname:Guest unixuser:usrA
9. Share ACL is everyone@:full_set
If folder ACL of poolX/share is everyone@:full_set, guest can access successfully. ("/bin/chmod -R A=everyone@:full_set:fd:allow poolX/share")
If folder ACL of poolX/share is usrA:full_set, guest cannot access. ("/bin/chmod -R A=user:usrA:full_set:fd:allow poolX/share")
Why guest acc (map to usrA) can't access the folder, which usrA has full permission?
Any help is appreciated.
Thanks.
I am not sure if there is a Windows name if you enable anonymous guest access.
So you need at least everyone@=read
Problem solved:
1. idmap settings will apply after OS reboot. svcadm restart has no effect.
2. Guest mapping:
In default idmap config: Guest account => idmap => ephemeral unix id. ZFS ACL for ephemeral account is everyone@
If using idmap: Guest account => idmap => unix account. ZFS ACL for that unix acc is applied.
3. Guest login:
If guest is mapped to unix account, that account must be no-password. No-password is not the same as empty password.
Empty password:
passwd userxyz
press enter twice
No-password:
passwd -N userxyz OR passwd -d userxyz
4. SMB account password must be synchronized with unix pw, otherwise you can't login.
For no-password unix account, use this command to create no-pw smb account:
smbadm enable-user unixacc