security = domain
Charles Crawford
ccrawford at atsengineers.com
Mon Aug 28 21:16:22 GMT 2000
Ok,
after examining the smb.conf file, I found out why everyone had access to
the share, but not why it is behaving the way it is.
I want everyone in group 'users' to be able to view the directory contents,
but only those in group 'admin' to be able to write to it.
First, I set up the groups. Next, I put 'write list = @admin' in the
/etc/smb.conf file. This did not restrict the writers, however, and I have
therefore had to use 'valid users = @admin' which prevents everyone else
from being able to view it.
Any suggestions?
Thanks in advance...
CC
-----Original Message-----
From: Nick Austin [mailto:nick at digitalpipe.net]
Sent: Monday, August 28, 2000 2:25 PM
To: Charles Crawford
Cc: Samba-Ntdom
Subject: Re: security = domain
This is information taken from the FAQ at
http://us4.samba.org/samba/docs/ntdom_faq/page6.html
"... to create accounts for all your NT users in /etc/passwd on the unix
box.
There are some scripts available to help in the migration. These perl
scripts
are available for download from the
/pub/samba/contributed diretory in one of the Samba ftp mirrors. The
tarball
is named domain_member_scripts.tar.gz. "
"Accounts created on the unix box are only used to get a valid uid. They
are
not used for validation. You can therefore set the password field to
whatever
lock string for your system is. Under most
( if not all ) versions of unix this is the '*' character. Here is an
example
/etc/passwd entry.
jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False
Once you get to here, you should now be able to mount shares from the samba
server using valid domain accounts."
The conversion scripts will help you with the groups as well.
Hope this helps!
On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said:
> Hi,
>
> I have Samba set for security = domain, with the domain controller being
an
> NT server. I need to know
> how the groups are handled through Samba. Does the group concept even
apply
> when using security = domain?
>
> How do I restrict which users have access to the resources?
>
> Thanks,
>
> CC
>
-----
Nick Austin Systems Administrator
<nick at digitalpipe.net> Digital Pipe Communications, Inc.
Phone: 650-627-5100x5224
Fax: 650-212-2301
More information about the samba-ntdom
mailing list