security = domain
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Thu Aug 31 14:30:06 GMT 2000
The groups in /etc/group (and the represented memberships; they're analogous
to NT local groups) are the ones that actually apply. I don't think Samba
(2.0.x, anyway) deals with domain groups at all.
Probably the best approach here is to leverage Unix permissions on the
directories in the share, if possible.
> -----Original Message-----
> From: Charles Crawford [SMTP:ccrawford at atsengineers.com]
> Sent: Monday, August 28, 2000 17:16
> To: Samba-Ntdom Listserve (E-mail)
> Subject: RE: security = domain
>
>
> Ok,
>
> after examining the smb.conf file, I found out why everyone had access to
> the share, but not why it is behaving the way it is.
>
> I want everyone in group 'users' to be able to view the directory
> contents,
> but only those in group 'admin' to be able to write to it.
>
> First, I set up the groups. Next, I put 'write list = @admin' in the
> /etc/smb.conf file. This did not restrict the writers, however, and I have
> therefore had to use 'valid users = @admin' which prevents everyone else
> from being able to view it.
>
> Any suggestions?
>
> Thanks in advance...
>
> CC
> -----Original Message-----
> From: Nick Austin [mailto:nick at digitalpipe.net]
> Sent: Monday, August 28, 2000 2:25 PM
> To: Charles Crawford
> Cc: Samba-Ntdom
> Subject: Re: security = domain
>
>
> This is information taken from the FAQ at
> http://us4.samba.org/samba/docs/ntdom_faq/page6.html
>
> "... to create accounts for all your NT users in /etc/passwd on the unix
> box.
> There are some scripts available to help in the migration. These perl
> scripts
> are available for download from the
> /pub/samba/contributed diretory in one of the Samba ftp mirrors. The
> tarball
> is named domain_member_scripts.tar.gz. "
>
> "Accounts created on the unix box are only used to get a valid uid. They
> are
> not used for validation. You can therefore set the password field to
> whatever
> lock string for your system is. Under most
> ( if not all ) versions of unix this is the '*' character. Here is an
> example
> /etc/passwd entry.
>
> jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False
>
> Once you get to here, you should now be able to mount shares from the
> samba
> server using valid domain accounts."
>
> The conversion scripts will help you with the groups as well.
>
> Hope this helps!
>
> On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said:
>
> > Hi,
> >
> > I have Samba set for security = domain, with the domain controller
> being
> an
> > NT server. I need to know
> > how the groups are handled through Samba. Does the group concept even
> apply
> > when using security = domain?
> >
> > How do I restrict which users have access to the resources?
> >
> > Thanks,
> >
> > CC
> >
>
> -----
> Nick Austin Systems Administrator
> <nick at digitalpipe.net> Digital Pipe Communications, Inc.
> Phone: 650-627-5100x5224
> Fax: 650-212-2301
More information about the samba-ntdom
mailing list