FW: added/new functionality?
ccoupal at justice.gov.sk.ca
ccoupal at justice.gov.sk.ca
Wed Mar 8 21:56:11 GMT 2000
> -----Original Message-----
> From: Dan Kaminsky [SMTP:effugas at best.com]
> Sent: Wednesday, March 08, 2000 3:54 PM
> To: ccoupal at justice.gov.sk.ca
> Subject: Re: added/new functionality?
>
> > - Samba knows how to authenticate with an NT domain.
> > - Samba suid's to the UNIX account before performing file operations, so
> > what if we map user groups to specific samba/unix accounts (removing the
> > requirement for individual user groups) through another map file
> >
> > for example:
> >
> > We map 1 NT user group to 1 samba account such that on a user's request
> for
> > access to a share, samba checks the user's group membership to see if
> the
> > user's membership includes a group which matches a mapping, and then all
> > access to the share is provided as that account. (Notice that with this,
> > there would be no authentication between the client and samba/unix).
>
> No problem. Use an include parameter to select the default user that
> connects to a share. So you create a bunch of files:
>
> smb.conf.group1
> smb.conf.group2
> smb.conf.group3
>
> then use
>
> include = smb.conf.%G
>
> to make Samba use the correct group name. Then it's just a matter of:
>
> # cat smb.conf.group1
>
> guest user = acct_in_group1
>
> This isn't as clean as a true Include-By-Execute interface, but it works.
>
> Yours Truly,
>
> Dan Kaminsky
> DoxPara Research
> http://www.doxpara.com
More information about the samba-technical
mailing list