[Samba] Access to shares for authenticated domain users only

Andrew Bartlett abartlet at samba.org
Thu Mar 27 07:11:55 GMT 2003

On Thu, Mar 27, 2003 at 12:31:08PM +0700, Kevin wrote:
> I am running several samba servers (2.2.3a and 2.2.7) in various places as
> pdcs. Everything seems to be running smoothly, but I can't find any way of
> restricting access to only those uses who have logged on to the domain. Is
> this possible? ie at the moment, any user can map a drive to \\server\share,
> put in a valid user/password pair and have access to that share without
> going through any logon script or pol files. This is what I would like to
> avoid. I believe that if I can do this, it would also stop any unauthorised
> machines from accessing the shares, as these machines would not be joined to
> the domain.
> Is this sort of authorisation possible?

While 'hacks' might be possible, shares are authenticated seperatly to the 
domain logon, and there is no linkage apart from the fact that the domain
logon sets up the default username/pw pair.

Fundementally, any restriction imposed by logon script/.pol files can be
avoided - you must never trust the client to actually follow their directions...

Andrew Bartlett

More information about the samba mailing list