[Samba] Valid Users in Samba 3
Lahners, Jeremy
jlahners at schemmer.com
Thu Jan 1 16:17:53 GMT 2004
No joy. In looking thorugh the log, it appears the primary/supplemntary groups may be the problem.
[2004/01/01 10:07:32, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 10054
Primary group is 10009 and contains 2 supplementary groups
Group[ 0]: 10009
Group[ 1]: 10009
Group 10009 is "Domain Users" which is everyone's primary group.
I can change the primary group to "Acct" however this will cause problems with other shares exhibiting the same problems.
Any other suggestions?
-----Original Message-----
From: John H Terpstra [mailto:jht at samba.org]
Sent: Wed 12/31/2003 12:07 AM
To: Lahners, Jeremy
Cc: samba at lists.samba.org
Subject: Re: [Samba] Valid Users in Samba 3
Jeremy,
Please try the following. If you still have trouble let me know.
- John T.
On Tue, 30 Dec 2003, Lahners, Jeremy wrote:
> All -
> I'm having a problem with the "valid users" directive working. I have
> an Accounting share that only the Accounting department should have
> access to. However, I am unable to lock the directory down so only
> they can access it. I am running samba-3.0.0-2 from an RPM on RedHat
> 9.0. Below are details of my trials. This is a pretty urgent need,
> please. Thank you!
>
> smb.conf
> [global]
> workgroup = SCHEMMER
> server string = Project File Server
> security = DOMAIN
> password server = quicksilver.schemmer.com, fs2omaha.schemmer.com
> log level = 10
> log file = /var/log/samba/log.%m
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
> preferred master = No
> dns proxy = No
> wins server = 192.168.100.210
> ldap ssl = no
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
> winbind use default domain = Yes
> oplocks = No
> level2 oplocks = No
>
> [Accounting]
> comment = Accounting Files
> path = /shares/acct
Set the following:
valid users = @"SCHEMMER\Acct", @"SHEMMER\Domain Admins"
> read only = No
Comment these two entries out.
> create mask = 0777
> directory mask = 0777
Execute:
chgrp -R Acct /shares/acct
chmod -R ug+rwx,g+s,o-rwx /shares/acct
>
> Output of "wbinfo -r smicheels"
> 10047
> 10024
> 10009
> 10040
>
> Output of "getent group"
> Acct:x:10047:platham,smicheels,gstoddard,cplum
>
>
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list