OK. You have [ security = Domain ], which requires all samba logins to be
coordinated with the Windows Primary Domain Controller, and then you
override that by setting the share to public, which implies everyone can
access the share regardless of username and password, thus avoiding
coordination with the Windows Primary Domain Controller.
What would happen if you went to [ security = user ] and had the share set
to public? That might result in nobody being able to access the share, so
I'd research that suggestion very carefully before taking any
action. LOL It was just a thought. Also, you might explore how using the
guest user might eliminate the problem of needing to add and maintain
hundreds of users. That might be equivalent to making the share public,
which also avoid having each user enter a name and password.
Hm.
Well Guest used to be enabled. That let the Mac user access the /Public
share. (The actual name of the share is "Public"; not wanting to have any
confusion between the share name and its access designation.)
Problem with Guest being enabled is, ANYBODY could then come in and connect
to the share and access its contents, including any casual Mac (and who
knows what other device) user who comes within WiFi range of the network.
Not acceptable.
Again, I need to have all domain users access the share without me having
to manually add in all of the domain user names, and then constantly have
to remove them when people leave, and add new ones when new people are hired.
It's like a database. Remember databases? It's a listserv about databases....
A major normalization principle of databases is, one piece of information
gets stored in one place one time only. That's what domain security does.
It lets me store the user credentials in one place, one time only, and then
as many machines as I add to the network, they all can refer back to that
one place to authenticate users. That's what I need this thing to do for
me. Having to re-enter the same stuff into a bunch of different servers
and/or shares to enable the same user to access more than one resource
completely defeats the purpose of a domain.
Is there not some level of access for a share that equates to "Any and all
domain users, AND/OR somebody who submits valid credentials manually, BUT
nobody else?"
Ken Dibble
www.stic-cil.org
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
