[Samba] 'security = ads' & 'valid users ='

Kaplan, Marc marc_kaplan at adaptec.com
Tue Jan 25 19:34:59 GMT 2005


If you're fine with users being prompted to enter their login
credentials, then yes the passwords can be different. If you want it to
be seamless, keep the passwords synced.

	-Marc

> -----Original Message-----
> From: Ryan Frantz [mailto:RyanFrantz at informed-llc.com]
> Sent: Tuesday, January 25, 2005 11:28 AM
> To: samba at lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
> 
> Would it be feasible to use the options 'guest account' and 'guest ok'
> for shares along with ADS security?
> 
> Or is additional configuration even necessary?  When domain
> authentication fails, Samba will prompt the user for a
username/password
> combination
> (http://www.samba.org/samba/docs/man/smb.conf.5.html#VALIDATIONSECT),
> correct?  The user can then enter credentials I have given them that
> will match UNIX accounts I will create for them.
> 
> ry
> 
> -----Original Message-----
> From: Kaplan, Marc [mailto:marc_kaplan at adaptec.com]
> Sent: Tuesday, January 25, 2005 2:19 PM
> To: Ryan Frantz; samba at lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
> 
> I think as long as the passwords are the same, your approach of
creating
> the domain users you need as local users will work.
> 
> 		-Marc
> 
> > -----Original Message-----
> > From: Ryan Frantz [mailto:RyanFrantz at informed-llc.com]
> > Sent: Tuesday, January 25, 2005 11:04 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] 'security = ads' & 'valid users ='
> >
> > I will be upgrading my Samba server from 2.2.8a to 3.0.10.  I
> currently
> > have security set to 'share' and plan on migrating to 'ads' for
> improved
> > authentication.  I have one snag, though...
> >
> > I have remote users who reside in and are managed by a Windows
domain
> > that is not in my control.  There is no trust relationship at all.
If
> I
> > use 'ads' security, can I add a 'valid users' line for shares they
> need
> > to access?  So that when they fail domain authentication, Samba
would
> > check against UNIX accounts I set up specifically for those (2)
> users...
> >
> > Example smb.conf:
> >
> > [global]
> >   security = ads
> >
> > [share1]
> >   comment = share for local users
> >   path = /some/path/share1
> >   ...
> >
> > [share2]
> >   comment = share for remote users
> >   path = /some/path/share2
> >   valid users = fred,barney
> >   ...
> >
> > ry
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list