Comment 68 for bug 207072

Renzo,

You're right; if I use the unmodified gvfs-backends package from hardy-updates, then I don't see this problem with AD authentication - it's only introduced when I apply Paul's patch.

I do have an updated version of that patch which restores correct behavior in AD environments.

The only question that remains is, what should the correct behavior be in the absence of kerberos credentials (prompting for username/password, vs. automatically connecting anonymously), given that we don't really want to be architecting a completely new UI in an SRU? You have argued that a username/password prompt should be presented. I'm inclined to agree.

BTW, the reason on the server side that the shares are not displayed at all when connecting to your samba server is that you're using the 'restrict anonymous = 2' option. I don't know why that's part of the Ubuntu AD howto; it's not required for AD integration, its only effect is to prevent one from retrieving a list of shares anonymously. As a workaround, you could remove this option on your samba servers, and the corresponding (and non-default) registry setting on your Windows servers, if you're comfortable with share lists being retrievable without authentication.

In any case this would still be a problem for user home autoshares, so I've attached the patch to gvfs 0.2.4 which implements this fallback sequence (kerberos -> u/p -> anonymous).

Sebastien, since I'm not seeing the issues in the current patch, it would be helpful to have a concrete reference to the problems that upstream finds with it so that we can get those resolved.