[cifs-discuss] Solaris CIFS equivalent toSAMBA guest ok = yes

Afshin Salek Afshin.Ardakani at Sun.COM
Fri Apr 18 09:31:10 PDT 2008 

Not sure that you mean by using their token. Each server has to
authenticate connected users on its own and there's no trust
relationship between CIFS servers so one can use the other.

What you're probably referring to is:

If you login to a Windows workstation let's say as Software\john%john
then when you're connecting to a remote share, the workstation by
default will send this information to the remote server. Now if the
remote server can authenticate Software\john%john you won't be
prompted for user/password but if it cannot then you will be.
This is no different with Solaris CIFS server.

Afshin

David Collier-Brown wrote:
>  I'd suggest that as long as the users log on to the Windows or AD domain,
> then CIFS will use their windows authentication tokens to let them on
> to CIFS shares.  This is what one does with Samba as normal practice.
>  If this isn't the case, something weird is happening...
> 
> --dave
> 
> Tim Thomas wrote:
>> I understand why you did it this way...but I do ISV 
>> testing/certification work and this will make Solaris CIFS harder to 
>> use for at least one of my ISV's when compared with SAMBA based 
>> solutions I have tested and our 5320 NAS (and other NAS appliances 
>> probably) which allow unauthenticated access.
>>
>> It is not a show stopper by any means...but it makes things more 
>> complicated.
>>
>> It would be nice to give users the choice of unauthenticated access.
>>
>> Afshin Salek said the following :
>>
>>> In the old share-mode, users could see the list of shares
>>> on a server and each share could have an optional read-write
>>> or read-only password. In user-mode, users have to be
>>> authenticated before they can see the list of shares.
>>>
>>> Solaris CIFS, intentionally does not provide the old share-mode
>>> because of its inherent weak security. It only provides the
>>> user-mode which means everyone should be authenticated before
>>> they can see the shares exported by the server.
>>>
>>> Afshin
>>>
>>> David Collier-Brown wrote:
>>>  
>>>
>>>> cifs-discuss-request at opensolaris.org wrote:
>>>>   
>>>>> From: Tim Thomas <Tim.Thomas at Sun.COM>
>>>>> Thanks Jeff
>>>>>
>>>>> I have been told that we do not support access to shares by 
>>>>> unauthenticated users.
>>>>>
>>>>> Rgds
>>>>>
>>>>> Tim
>>>>>       
>>>>
>>>>   Guest OK in Samba conveniently reproduces the very old "public 
>>>> share" behavior of SMB 0.1 on a token-ring (;-))
>>>>
>>>>   Perhaps a better question is how do we create a share
>>>> in CIFS which is easily found by everyone and has rwx +t
>>>> permissions for them?
>>>>
>>>>
>>>> --dave
>>>>     
>>>
>>>
>>> _______________________________________________
>>> cifs-discuss mailing list
>>> cifs-discuss at opensolaris.org
>>> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
>>>   
>>
>>
>

More information about the cifs-discuss mailing list