[Samba] 'security = ads' & 'valid users ='
Ryan Frantz
RyanFrantz at informed-llc.com
Tue Jan 25 20:02:28 GMT 2005
I don't mind the users being prompted; there are only two of them. This
is a real pain because they're accessing my site through a dedicated
line and they reside in their own domain...
-----Original Message-----
From: Kaplan, Marc [mailto:marc_kaplan at adaptec.com]
Sent: Tuesday, January 25, 2005 2:35 PM
To: Ryan Frantz; samba at lists.samba.org
Subject: RE: [Samba] 'security = ads' & 'valid users ='
If you're fine with users being prompted to enter their login
credentials, then yes the passwords can be different. If you want it to
be seamless, keep the passwords synced.
-Marc
> -----Original Message-----
> From: Ryan Frantz [mailto:RyanFrantz at informed-llc.com]
> Sent: Tuesday, January 25, 2005 11:28 AM
> To: samba at lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
>
> Would it be feasible to use the options 'guest account' and 'guest ok'
> for shares along with ADS security?
>
> Or is additional configuration even necessary? When domain
> authentication fails, Samba will prompt the user for a
username/password
> combination
> (http://www.samba.org/samba/docs/man/smb.conf.5.html#VALIDATIONSECT),
> correct? The user can then enter credentials I have given them that
> will match UNIX accounts I will create for them.
>
> ry
>
> -----Original Message-----
> From: Kaplan, Marc [mailto:marc_kaplan at adaptec.com]
> Sent: Tuesday, January 25, 2005 2:19 PM
> To: Ryan Frantz; samba at lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
>
> I think as long as the passwords are the same, your approach of
creating
> the domain users you need as local users will work.
>
> -Marc
>
> > -----Original Message-----
> > From: Ryan Frantz [mailto:RyanFrantz at informed-llc.com]
> > Sent: Tuesday, January 25, 2005 11:04 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] 'security = ads' & 'valid users ='
> >
> > I will be upgrading my Samba server from 2.2.8a to 3.0.10. I
> currently
> > have security set to 'share' and plan on migrating to 'ads' for
> improved
> > authentication. I have one snag, though...
> >
> > I have remote users who reside in and are managed by a Windows
domain
> > that is not in my control. There is no trust relationship at all.
If
> I
> > use 'ads' security, can I add a 'valid users' line for shares they
> need
> > to access? So that when they fail domain authentication, Samba
would
> > check against UNIX accounts I set up specifically for those (2)
> users...
> >
> > Example smb.conf:
> >
> > [global]
> > security = ads
> >
> > [share1]
> > comment = share for local users
> > path = /some/path/share1
> > ...
> >
> > [share2]
> > comment = share for remote users
> > path = /some/path/share2
> > valid users = fred,barney
> > ...
> >
> > ry
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list