[Samba] not working : valid users = @"DOM+USER"
Charles Bueche
bueche at netnea.com
Mon Jun 7 10:58:14 GMT 2004
Hi,
I have Samba 3.0.4 on Solaris 9, recent patches applied. Samba is
integrated in domain (security = domain). I have compiled and
configured winbind, but not pam and no ldap. Ncsd is stopped.
Winbind works OK, I can connect to share and users get mapped on-the-fly
to UNIX uids and gids in the ranges specified in smb.conf. My config is
included below with some tweaks to protect the innocent.
---
My goal : I want to create a share and restrict its access based on the
membership of a Windows group.
I have successfuly used :
valid users = DOM+user1 DOM+user2 DOM+user3
but when I try :
valid users = @DOM+wingroup
or :
valid users = +DOM+wingroup
It refuses me access to the share, even if I'm member of the Windows
group.
What do I do wrong ? How should I write the groupnames ? Help wanted...
=======================
# smb.conf
[global]
server string = Samba %v on %h
security = domain
domain logons = no
domain master = no
local master = no
preferred master = no
os level = 0
dns proxy = no
wins support = no
load printers = no
workgroup = DOM
encrypt passwords = yes
wins server = IP1 IP2
password server = *
debug level = 4
log file = /var/samba/log.%m
max log size = 1024
# for winbind :
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
# share definitions
[myshare]
comment = mycomment
path = /data/mystuff
browseable = yes
writeable = Yes
# things I have tried to restrict share access
#
# works :
# valid users = DOM+user1 DOM+user2 DOM+user3
#
# broken :
# valid users = +zik
# valid users = @10000
# valid users = @DOM+GROUP1-R
# valid users = +"DOM+Z-GROUP2-W"
=======================
--
Charles Bueche <bueche at netnea.com>
www.netnea.com : your best source for ultra-geeks !
More information about the samba
mailing list