Domain users accessing resources

Martin martin at
Wed Nov 15 00:43:38 GMT 2000

I may have been asking the wrong questions and/or not providing enough 
information, so I'm going to re-ask my prior questions, I hope a little 
more lucidly.

My situation is that I have a domain controlled (currently) by Windows 
NT 4.0, which will eventually become an Active Directory domain. I can 
keep the NT4 compatibility running on my Active Directory domain when I 
do get around to converting, however.

I have a Redhat Linux 6.2 system which I've locked down to a certain 
degree; The only remotely-connectable services running on the system are 
proftpd, sshd, samba, and swat. Swat will probably be removed at a later 
date, or at least protected via wrappers or xinetd so that it can only 
be connected to from certain addresses.

The purpose of this system is for outside users to be able to FTP into 
it, and upload or download files. We have some employees who work 
outside of the office, and VPN is not a reasonable solution for us. 
Hence, we need these users to be able to upload their files to an FTP 
server, and then the files should be copyable via windows networking 
once they're inside the network here.

I don't want to maintain seperate passwords for everyone on the FTP 
server, as it would be a big pain in my backside. Consequently, I want 
to use domain security to allow users to log in with their domain 
username and password, being mapped to a unix user and/or group if 
necessary, and then able to manipulate files inside the pub and incoming 
directories of the FTP servers to varying degrees; All users should have 
full control over all files in incoming, and write access to pub. I will 
delete any files which have been present for longer than N days by 
virtue of some seperate process.

Is there any way, with any combination of free software, to allow this 
scenario? I have samba 2.0.7 installed, and have been playing with the 
latest pam_smb module. I haven't yet been able to come up with the 
results I'm looking for. A number of the options in the body of samba 
documentation which indicate that they should be able to give me the 
results I'm looking for either no longer exist, or do not yet exist, so 
I can't use them. I don't even mind mapping all usernames to a single 
username (since all users will have the same rights) if that's what it 
takes; So what does it take?

More information about the samba mailing list