[Samba] 'security = ads' & 'valid users ='

Ryan Frantz RyanFrantz at informed-llc.com
Tue Jan 25 20:02:28 GMT 2005


I don't mind the users being prompted; there are only two of them.  This
is a real pain because they're accessing my site through a dedicated
line and they reside in their own domain...

-----Original Message-----
From: Kaplan, Marc [mailto:marc_kaplan at adaptec.com] 
Sent: Tuesday, January 25, 2005 2:35 PM
To: Ryan Frantz; samba at lists.samba.org
Subject: RE: [Samba] 'security = ads' & 'valid users ='

If you're fine with users being prompted to enter their login
credentials, then yes the passwords can be different. If you want it to
be seamless, keep the passwords synced.

	-Marc

> -----Original Message-----
> From: Ryan Frantz [mailto:RyanFrantz at informed-llc.com]
> Sent: Tuesday, January 25, 2005 11:28 AM
> To: samba at lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
> 
> Would it be feasible to use the options 'guest account' and 'guest ok'
> for shares along with ADS security?
> 
> Or is additional configuration even necessary?  When domain
> authentication fails, Samba will prompt the user for a
username/password
> combination
> (http://www.samba.org/samba/docs/man/smb.conf.5.html#VALIDATIONSECT),
> correct?  The user can then enter credentials I have given them that
> will match UNIX accounts I will create for them.
> 
> ry
> 
> -----Original Message-----
> From: Kaplan, Marc [mailto:marc_kaplan at adaptec.com]
> Sent: Tuesday, January 25, 2005 2:19 PM
> To: Ryan Frantz; samba at lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
> 
> I think as long as the passwords are the same, your approach of
creating
> the domain users you need as local users will work.
> 
> 		-Marc
> 
> > -----Original Message-----
> > From: Ryan Frantz [mailto:RyanFrantz at informed-llc.com]
> > Sent: Tuesday, January 25, 2005 11:04 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] 'security = ads' & 'valid users ='
> >
> > I will be upgrading my Samba server from 2.2.8a to 3.0.10.  I
> currently
> > have security set to 'share' and plan on migrating to 'ads' for
> improved
> > authentication.  I have one snag, though...
> >
> > I have remote users who reside in and are managed by a Windows
domain
> > that is not in my control.  There is no trust relationship at all.
If
> I
> > use 'ads' security, can I add a 'valid users' line for shares they
> need
> > to access?  So that when they fail domain authentication, Samba
would
> > check against UNIX accounts I set up specifically for those (2)
> users...
> >
> > Example smb.conf:
> >
> > [global]
> >   security = ads
> >
> > [share1]
> >   comment = share for local users
> >   path = /some/path/share1
> >   ...
> >
> > [share2]
> >   comment = share for remote users
> >   path = /some/path/share2
> >   valid users = fred,barney
> >   ...
> >
> > ry
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list