"valid users = domain_user" without specifying domain
Johann Hanne
jhml at gmx.net
Sun Apr 29 11:40:32 GMT 2007
Hi,
I've got a long time configuration wish where I was never sure if it's
actually doable. Maybe somebody can give me some hint...
My samba configuration is rather simple: It's a Windows ADS domain member with
a www share that's mainly accessed by Windows users:
---
[global]
netbios name = MYSERVER
workgroup = MYDOMAIN
realm = MYDOMAIN.DE
security = ADS
idmap domains = MYDOMAIN
idmap config MYDOMAIN:default = yes
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:range = 500 - 999
idmap config MYDOMAIN:schema_mode = rfc2307
winbind uid = 500 - 999
winbind gid = 500 - 999
winbind use default domain = yes
--
So far, everything is working fine, but the share configuration is not how I'd
like:
--
[www]
comment = Web
path = /var/www
valid users = MYDOMAIN/user1 MYDOMAIN/user2 MYDOMAIN/user3
; does NOT work:
;valid users = user1 user2 user3
; what I'd like to put in is:
;valid users = +apache
--
My problem is that I have to specify the domain ("MYDOMAIN/") in front of each
user, otherwise it won't work (Permission denied). It's not that I hate the
extra typing in front of each user, it's that I already have a Unix group
in /etc/group listing the authorized users:
--
apache::81:user1,user2,user3
--
So actually I'd like to use "valid users = +apache" in smb.conf, but this does
not work either, probably because it's also missing the domain name
information.
I also don't want to make apache a domain group, as I want to keep it separate
on each web server.
Shouldn't this be a configuration that works? user1, user2 and user3 are
actually winbind/nss mapped users, so why do I have to specify the domain
name here?
If somebody can give me hint which part in the source code must be modified,
I'd also give it a try myself...
Cheers, Johann
More information about the samba-technical
mailing list