[Samba] valid users %g and %u not behaving properly...
Chris
chrisd at better-investing.org
Tue Jul 27 14:24:06 GMT 2004
Okay...
I guess I can find ways around that then...
My thanks to those who read.
Chris
On Friday 23 July 2004 02:02 pm, Chris wrote:
> Hello.
>
> I have samba working with ADS and winbind (upgrading from nt4/samba-2.0.7
> to w2k3/samba-3.0.4). Everything seems cool, but for one thing.
>
> My old homes share used to look like this:
>
> [homes]
> path=%H/sam
> valid users = +%G,%U
> force user = %U
> force group = %G
> write list = +%U
> create mask = 0770
> directory mask = 0770
> browseable=no
> read only = no
>
> It worked beautifully. But the whold valid users thing isn't working on
> the new system. To help troubleshoot, I used "root prexec" to dump the
> contents of %U, %u, %G, and %g to a file.
>
> The values of these variables when connecting to the [homes] share as me:
>
> <>%U = username without domain (e.g. chris)
> <>%u = username with domain name and domain seperator (e.g. DOMAIN+chris)
> <>%G = "users" --- always equal to the group "users" -- I have no clue
> why! Sometimes, however, %G = "%G" instead of "users". I think this is
> true for users who don't have a local unix account on the system.
> <>%g = groupname with domain name and domain seperator (e.g. DOMAIN+chris_)
>
> Here is where it gets weird.
>
> Because %u = DOMAIN+chris it seems I should be able to do this:
> valid users = %u
>
> But it doesn't work! Once I add that line, it denies me access to the
> share. If I comment it out, I once again have access.
>
> So, because %g = DOMAIN+primary_group I tried this:
>
> valid users = +%g (also tried valid users = @%g)
>
> Same thing. Doesn't grant me access. This makes absolutely no sense to
> me.
>
>
>
> The use of these variables are critical to maintaining the security of the
> server shares. Has this changed between versions? Is this a bug? Or am I
> missing something all together? How can I do this? I can't find anything
> on this in the books (I have 4 samba books...) or on line. It used to
> work...
>
> I appreciate any help.
>
> Thanks!
>
> Chris
More information about the samba
mailing list