[Samba] valid users %g and %u not behaving properly...
Chris
chrisd at better-investing.org
Fri Jul 23 18:02:25 GMT 2004
Hello.
I have samba working with ADS and winbind (upgrading from nt4/samba-2.0.7 to
w2k3/samba-3.0.4). Everything seems cool, but for one thing.
My old homes share used to look like this:
[homes]
path=%H/sam
valid users = +%G,%U
force user = %U
force group = %G
write list = +%U
create mask = 0770
directory mask = 0770
browseable=no
read only = no
It worked beautifully. But the whold valid users thing isn't working on the
new system. To help troubleshoot, I used "root prexec" to dump the contents
of %U, %u, %G, and %g to a file.
The values of these variables when connecting to the [homes] share as me:
<>%U = username without domain (e.g. chris)
<>%u = username with domain name and domain seperator (e.g. DOMAIN+chris)
<>%G = "users" --- always equal to the group "users" -- I have no clue why!
Sometimes, however, %G = "%G" instead of "users". I think this is true for
users who don't have a local unix account on the system.
<>%g = groupname with domain name and domain seperator (e.g. DOMAIN+chris_)
Here is where it gets weird.
Because %u = DOMAIN+chris it seems I should be able to do this:
valid users = %u
But it doesn't work! Once I add that line, it denies me access to the share.
If I comment it out, I once again have access.
So, because %g = DOMAIN+primary_group I tried this:
valid users = +%g (also tried valid users = @%g)
Same thing. Doesn't grant me access. This makes absolutely no sense to me.
The use of these variables are critical to maintaining the security of the
server shares. Has this changed between versions? Is this a bug? Or am I
missing something all together? How can I do this? I can't find anything on
this in the books (I have 4 samba books...) or on line. It used to work...
I appreciate any help.
Thanks!
Chris
More information about the samba
mailing list