Bug 145 - The domain guest account functions like a map to guest = bad user on other domain members. On the Samba server as a domain member, however the domain guest account requires an explicit connection
Summary: The domain guest account functions like a map to guest = bad user on other do...
Status: RESOLVED LATER
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.0preX
Hardware: Other other
: P3 enhancement
Target Milestone: none
Assignee: Andrew Bartlett
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-06-04 09:49 UTC by Marc Kaplan
Modified: 2005-02-07 08:03 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Kaplan 2003-06-04 09:49:35 UTC 
When the Guest account is enabled on a Windows2000 DC, domain members can log in 
like this net use * \\win2kdc\share1 /u:unknownuser "" and be squashed to guest. 
However, when the Samba server is a domain member, the net use above doesn't 
work, and instead a net use * \\sambadm\share1 /u:guest "" is required.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2003-08-02 11:40:43 UTC 
This is by design.  If you want

   net use * \\win2kdc\share1 /u:unknownuser "" 

to work.  Set "map to guest = bad user"

Closing this bug.
Comment 2 Andrew Bartlett 2003-08-02 18:25:53 UTC 
Not quite - the issue here (as I understand it) is that the DC is giving us a
login - but gives us the guest SID, and we don't cope with the fact that this
does not match the username the user started with.

IE, the DC should be able to do the squashing, not just the member server.  The
user should then become the domain guest, not the local guest.

It's not a showstopper for 3.0, by a long shot, but I will get around to looking
at it sometime...
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-02-07 08:03:47 UTC 
obviously no one is going to get around to this.