[Samba] 'security = ads' & 'valid users ='

Ryan Frantz RyanFrantz at informed-llc.com
Tue Jan 25 19:27:45 GMT 2005

Would it be feasible to use the options 'guest account' and 'guest ok'
for shares along with ADS security?

Or is additional configuration even necessary?  When domain
authentication fails, Samba will prompt the user for a username/password
correct?  The user can then enter credentials I have given them that
will match UNIX accounts I will create for them.


-----Original Message-----
From: Kaplan, Marc [mailto:marc_kaplan at adaptec.com] 
Sent: Tuesday, January 25, 2005 2:19 PM
To: Ryan Frantz; samba at lists.samba.org
Subject: RE: [Samba] 'security = ads' & 'valid users ='

I think as long as the passwords are the same, your approach of creating
the domain users you need as local users will work.


> -----Original Message-----
> From: Ryan Frantz [mailto:RyanFrantz at informed-llc.com]
> Sent: Tuesday, January 25, 2005 11:04 AM
> To: samba at lists.samba.org
> Subject: [Samba] 'security = ads' & 'valid users ='
> I will be upgrading my Samba server from 2.2.8a to 3.0.10.  I
> have security set to 'share' and plan on migrating to 'ads' for
> authentication.  I have one snag, though...
> I have remote users who reside in and are managed by a Windows domain
> that is not in my control.  There is no trust relationship at all.  If
> use 'ads' security, can I add a 'valid users' line for shares they
> to access?  So that when they fail domain authentication, Samba would
> check against UNIX accounts I set up specifically for those (2)
> Example smb.conf:
> [global]
>   security = ads
> [share1]
>   comment = share for local users
>   path = /some/path/share1
>   ...
> [share2]
>   comment = share for remote users
>   path = /some/path/share2
>   valid users = fred,barney
>   ...
> ry
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list