Configure the guest UNIX user

Contributors

Configuring the guest UNIX user option means that users who log in from untrusted domains are mapped to the guest UNIX user and can connect to the CIFS server. Alternatively, if you want authentication of users from untrusted domains to fail, you should not configure the guest UNIX user. The default is to not allow users from untrusted domains to connect to the CIFS server (the guest UNIX account is not configured).

About this task

You should keep the following in mind when configuring the guest UNIX account:

  • If the CIFS server cannot authenticate the user against a domain controller for the home domain or a trusted domain or the local database and this option is enabled, the CIFS server considers the user as a guest user and maps the user to the specified UNIX user.

  • If this option is set to a null string, the guest UNIX user is disabled.

  • You must create a UNIX user to use as the guest UNIX user in one of the storage virtual machine (SVM) name service databases.

  • A user logged in as a guest user is automatically is a member of the BUILTIN\guests group on the CIFS server.

  • The 'homedirs-public' option applies only to authenticated users. A user logged in as a guest user does not have a home directory and cannot access other users' home directories.

Steps
  1. Perform one of the following actions:

    If you want to…​ Enter…​

    Configure the guest UNIX user

    vserver cifs options modify -guest-unix-user unix_name

    Disable the guest UNIX user

    vserver cifs options modify -guest-unix-user ""

    vserver cifs options modify -guest-unix-user pcuser

  2. Verify that the guest UNIX user is configured correctly: vserver cifs options show -vserver vserver_name

    In the following example, both the default UNIX user and the guest UNIX user on SVM vs1 are configured to use UNIX user “pcuser”:

    vserver cifs options show -vserver vs1

    Vserver: vs1
    
      Client Session Timeout : 900
      Default Unix Group     : -
      Default Unix User      : pcuser
      Guest Unix User        : pcuser
      Read Grants Exec       : disabled
      Read Only Delete       : disabled
      WINS Servers           : -