security = domain

Kevin Colby kevinc at grainsystems.com
Mon Aug 28 22:32:49 GMT 2000 

If these groups (admin & users) exist as Unix groups,
you can use the underlying filesystem permissions
to accomplish this.  Simply set the valid users to
"users" in the smb.conf, the unix group on the
directory to "admin", and then group-write permissions
on the directory at the Unix level will do nicely.

You may need to watch the "inherit permissions",
though.  Will this need to be set or is this the default?

	- Kevin Colby
	  kevinc at grainsystems.com


Charles Crawford wrote:
> 
> Ok,
> 
> after examining the smb.conf file, I found out why everyone had access to
> the share, but not why it is behaving the way it is.
> 
> I want everyone in group 'users' to be able to view the directory contents,
> but only those in group 'admin' to be able to write to it.
> 
> First, I set up the groups. Next, I put 'write list = @admin' in the
> /etc/smb.conf file. This did not restrict the writers, however, and I have
> therefore had to use 'valid users = @admin' which prevents everyone else
> from being able to view it.
> 
> Any suggestions?
> 
> Thanks in advance...
> 
> CC
> -----Original Message-----
> From: Nick Austin [mailto:nick at digitalpipe.net]
> Sent: Monday, August 28, 2000 2:25 PM
> To: Charles Crawford
> Cc: Samba-Ntdom
> Subject: Re: security = domain
> 
> This is information taken from the FAQ at
> http://us4.samba.org/samba/docs/ntdom_faq/page6.html
> 
> "... to create accounts for all your NT users in /etc/passwd on the unix
> box.
> There are some scripts available to help in the migration. These perl
> scripts
> are available for download from the
> /pub/samba/contributed diretory in one of the Samba ftp mirrors.  The
> tarball
> is named domain_member_scripts.tar.gz. "
> 
> "Accounts created on the unix box are only used to get a valid uid.  They
> are
> not used for validation.  You can therefore set the password field to
> whatever
> lock string for your system is. Under most
> ( if not all ) versions of unix this is the '*' character.  Here is an
> example
> /etc/passwd entry.
> 
>                 jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False
> 
> Once you get to here, you should now be able to mount shares from the samba
> server using valid domain accounts."
> 
> The conversion scripts will help you with the groups as well.
> 
> Hope this helps!
> 
> On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said:
> 
> > Hi,
> >
> >  I have Samba set for security = domain, with the domain controller being
> an
> >  NT server. I need to know
> >  how the groups are handled through Samba. Does the group concept even
> apply
> >  when using security = domain?
> >
> >  How do I restrict which users have access to the resources?
> >
> >  Thanks,
> >
> >  CC
> >
> 
> -----
> Nick Austin              Systems Administrator
> <nick at digitalpipe.net>  Digital Pipe Communications, Inc.
> Phone: 650-627-5100x5224
> Fax: 650-212-2301

More information about the samba-ntdom mailing list