"Access denied" errors when using anonymous login for CIFS

  • 7015070
  • 16-May-2014
  • 16-May-2014


NFAP/CIFS is enabled on the OES server


When attempting to access the file system on an OES server from a workstation where both the Novell Client for Windows (using NCP) and the Microsoft Client (using SMB/CIFS) are being used, the user is being denied access.

The process accessing the Novell file system does not involve first authenticating as an eDirectory user, even though the Novell Client is installed on the workstation.


If using anonymous login for CIFS, the [Public] trustee must be granted whatever rights are necessary to complete the file operations being requested by the user/application.


In the case where the file access is being denied, the user is accessing the file system without having first authenticated as an eDirectory user. They are therefore using an "anonymous" login, which is granted whatever rights the [Public] trustee has been granted. Typically, the [Public] trustee has limited rights, as a security precaution.

Additional Information

When the user authenticates to eDirectory, they access the file system using whatever rights they have been granted, either directly though a trustee assignment, or by virtue of group membership, etc.

However, when accessing the server without eDirectory authentication, the users does so "anonymously" which uses a guest account. This account has whatever rights have been granted to the [Public] user.

As is stated in section 6.2.6 of the OES 11 SP2: Novell CIFS for Linux Administration Guide:

Anonymous Login for CIFS
... If a user attempts to log in to a CIFS server with a user name that does not exist in eDirectory, he or she will be logged in as a guest user. The guest user will be granted rights applicable for a Public Trustee.