There's something really wrong with this situation. Macs work fine in mixed
networks of Windows and Linux machines and even simulated Windows networks
using Samba. Samba works fine as a substitute for a "real" Windows
network, even though MS isn't very good about sharing the details of their
protocols.
You said that at one time the Guest access was allowed, and I had the
impression that the Mac could at one time access the network share, but
can't any more. Is that correct, or did I misunderstand?
Yes, that's correct. It worked great. The user could create, open, delete
files there. I disabled it in the file server's smb.conf:
[Public]
....
invalid users = guest
because it would have allowed anyone with a Mac laptop (maybe even a
high-end iPad or, perhaps, some high-end Android device) who comes into the
building to access the share. I only want one specific authorized user to
be able to do that.
The fact that anyone can "see" that there are shares on the network when
they access the wireless, whether they are authenticated members of the
domain or not, is a feature of the Windows protocol stacks. There is little
harm in this, as they can't see what's in the shares without
authentication, but the fact that the servers (and printers, and public
shares) are there is something broadcast over the wire. Otherwise, the
"Browse Network" features of most OSes would be useless. It is a leakage
of information, however, and other networking protocols handle it
differently.
The Mac user can see the other shares on the server, but Guest does not
allow him to access them, because they are configured only to let a small
number of specific users in. We didn't set up /Public this way because then
I would have to manually maintain a list of nearly 100 (and growing) users
for that server. That's what a domain is for.
This Mac is running Maverick and it has been suggested that Maverick's
implementation of smb2 is buggy. This morning I have confirmation of that.
http://www.zdnet.com/mavericks-smb2-problem-and-fixes-7000022519/
The article suggests workarounds, which we may attempt.
Any other thoughts are welcome.
Thanks.
Ken Dibble
www.stic-cil.org
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
