No subject


Mon Dec 1 11:08:19 GMT 2003


nobo
        captain.intern.channel-one.de") by samba.anu.edu.au with ESMTP
	id <S12879848AbPKIObX>; Wed, 10 Nov 1999 01:31:23 +1100
Received: from dhcp-97.intern.channel-one.de (channel-one.de) [192.168.66.97] 
	by captain.intern.channel-one.de with esmtp id 11lCIi-0006sQ-00; Tue, 9 Nov 1999 15:31:12 +0100
Sender: tg
Message-ID: <38283030.C3C8FCFD at channel-one.de>
Date:   Tue, 09 Nov 1999 15:31:12 +0100
From:   Tobias Galitzien <tg at channel-one.de>
X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.13 i586)
X-Accept-Language: en
MIME-Version: 1.0
To:     samba at samba.org
Subject: security=server, users can get admin rights
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8BIT
Return-Path: <tg at channel-one.de>
X-Orcpt: rfc822;samba at samba.org

Hello!

The truoblesome configuration is:

Windows NT 4.0 Terminal Server with Citrix Metaframe connecting to a
Samba 2.0.5a, authenticating against a PDC of Windows NT Server 4.0.
Users are connecting to the WTS by various ICA Clients.

So in smb.conf, I set:

security = server
password server = <the PDC>
encrypt passwords = yes
null passwords = no

Then I have a share for the admins, who will have full control in all
home directories:

[manager]
directory = /home
admin users = @manager
valid users = @manager, at edv

And a (maybe problematic) homes share:

[home]
directory = /home/user/%u
create mask = 700
directory mask = 700

I didn´t use "homes" because my customer wanted to keep the look and
feel of his old Netware server.

Now every user can map his home directory with his password (on the
PDC). That´s good. But when he uses "net use \\samba\manager /USER:<one
of the admins>" he gets the share without a further question for the
admin´s password and has full control in all the home directories. 

What is wrong? The UNIX rights for the home directories are all 700.

Any hints greatly appreciated!

	Tobias


More information about the samba mailing list