[Samba] Valid Users in Samba 3

Lahners, Jeremy jlahners at schemmer.com
Thu Jan 1 16:17:53 GMT 2004


No joy.  In looking thorugh the log, it appears the primary/supplemntary groups may be the problem.  
 
[2004/01/01 10:07:32, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 10054
  Primary group is 10009 and contains 2 supplementary groups
  Group[  0]: 10009
  Group[  1]: 10009
 
Group 10009 is "Domain Users" which is everyone's primary group.  
 
I can change the primary group to "Acct" however this will cause problems with other shares exhibiting the same problems.
 
Any other suggestions?


	-----Original Message----- 
	From: John H Terpstra [mailto:jht at samba.org] 
	Sent: Wed 12/31/2003 12:07 AM 
	To: Lahners, Jeremy 
	Cc: samba at lists.samba.org 
	Subject: Re: [Samba] Valid Users in Samba 3
	
	



	Jeremy,
	
	Please try the following. If you still have trouble let me know.
	
	- John T.
	
	On Tue, 30 Dec 2003, Lahners, Jeremy wrote:
	
	> All -
	>   I'm having a problem with the "valid users" directive working.  I have
	>   an Accounting share that only the Accounting department should have
	>   access to.  However, I am unable to lock the directory down so only
	>   they can access it.  I am running samba-3.0.0-2 from an RPM on RedHat
	>   9.0.  Below are details of my trials.  This is a pretty urgent need,
	>   please.  Thank you!
	>
	> smb.conf
	> [global]
	>         workgroup = SCHEMMER
	>         server string = Project File Server
	>         security = DOMAIN
	>         password server = quicksilver.schemmer.com, fs2omaha.schemmer.com
	>         log level = 10
	>         log file = /var/log/samba/log.%m
	>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
	>         preferred master = No
	>         dns proxy = No
	>         wins server = 192.168.100.210
	>         ldap ssl = no
	>         idmap uid = 10000-20000
	>         idmap gid = 10000-20000
	>         template shell = /bin/bash
	>         winbind use default domain = Yes
	>         oplocks = No
	>         level2 oplocks = No
	>
	> [Accounting]
	>         comment = Accounting Files
	>         path = /shares/acct
	
	Set the following:
	          valid users = @"SCHEMMER\Acct", @"SHEMMER\Domain Admins"
	
	>         read only = No
	
	Comment these two entries out.
	>         create mask = 0777
	>         directory mask = 0777
	
	Execute:
	        chgrp -R Acct /shares/acct
	        chmod -R ug+rwx,g+s,o-rwx /shares/acct
	
	>
	> Output of "wbinfo -r smicheels"
	> 10047
	> 10024
	> 10009
	> 10040
	>
	> Output of "getent group"
	> Acct:x:10047:platham,smicheels,gstoddard,cplum
	>
	>
	>
	
	--
	John H Terpstra
	Email: jht at samba.org 



More information about the samba mailing list