security = domain

Cole, Timothy D. timothy_d_cole at md.northgrum.com
Thu Aug 31 14:30:06 GMT 2000 

The groups in /etc/group (and the represented memberships; they're analogous
to NT local groups) are the ones that actually apply.  I don't think Samba
(2.0.x, anyway) deals with domain groups at all.

Probably the best approach here is to leverage Unix permissions on the
directories in the share, if possible.

> -----Original Message-----
> From:	Charles Crawford [SMTP:ccrawford at atsengineers.com]
> Sent:	Monday, August 28, 2000 17:16
> To:	Samba-Ntdom Listserve (E-mail)
> Subject:	RE: security = domain
> 
> 
> Ok, 
> 
> after examining the smb.conf file, I found out why everyone had access to
> the share, but not why it is behaving the way it is.
> 
> I want everyone in group 'users' to be able to view the directory
> contents,
> but only those in group 'admin' to be able to write to it.
> 
> First, I set up the groups. Next, I put 'write list = @admin' in the
> /etc/smb.conf file. This did not restrict the writers, however, and I have
> therefore had to use 'valid users = @admin' which prevents everyone else
> from being able to view it.
> 
> Any suggestions?
> 
> Thanks in advance...
> 
> CC
> -----Original Message-----
> From: Nick Austin [mailto:nick at digitalpipe.net]
> Sent: Monday, August 28, 2000 2:25 PM
> To: Charles Crawford
> Cc: Samba-Ntdom
> Subject: Re: security = domain
> 
> 
> This is information taken from the FAQ at 
> http://us4.samba.org/samba/docs/ntdom_faq/page6.html
> 
> "... to create accounts for all your NT users in /etc/passwd on the unix
> box. 
> There are some scripts available to help in the migration. These perl
> scripts
> are available for download from the
> /pub/samba/contributed diretory in one of the Samba ftp mirrors.  The
> tarball
> is named domain_member_scripts.tar.gz. "
> 
> "Accounts created on the unix box are only used to get a valid uid.  They
> are
> not used for validation.  You can therefore set the password field to
> whatever
> lock string for your system is. Under most
> ( if not all ) versions of unix this is the '*' character.  Here is an
> example
> /etc/passwd entry.
> 
> 		jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False
> 
> Once you get to here, you should now be able to mount shares from the
> samba
> server using valid domain accounts."
> 
> The conversion scripts will help you with the groups as well.
> 
> Hope this helps!
> 
> On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said:
> 
> > Hi,
> >  
> >  I have Samba set for security = domain, with the domain controller
> being
> an
> >  NT server. I need to know
> >  how the groups are handled through Samba. Does the group concept even
> apply
> >  when using security = domain?
> >  
> >  How do I restrict which users have access to the resources?
> >  
> >  Thanks,
> >  
> >  CC
> >  
> 
> -----
> Nick Austin		 Systems Administrator
> <nick at digitalpipe.net>	Digital Pipe Communications, Inc.
> Phone: 650-627-5100x5224
> Fax: 650-212-2301

More information about the samba-ntdom mailing list