[Samba] Domain users are not able to login through ftp.

subramanian.ponnusamy at iflexsolutions.com subramanian.ponnusamy at iflexsolutions.com
Mon Jan 31 18:49:08 GMT 2005

I have successfully setup a Solaris 8 server that allows Windows AD Users to login to it (through winbind).  The problem is
that ALL such users can now do so.  Is there a way to control which users are allowed to login while others are denied access?

I have tried adding 
valid users = user
and  deny to specific users via

invalid users = user
It's not working.  
One more problem is Domain users are able to login through telnet but domain users are not able to login through ftp. Please help me to resolve these problems
Please find my smb.conf and pam.conf 
bash-2.03# /usr/local/samba/bin/testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Press enter to see a dump of your service definitions
# Global parameters
        workgroup = EX-DOM
        realm = EX.EXAMPLE.COM
        server string = Samba Server
        security = ADS
        obey pam restrictions = Yes
        password server =
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        dns proxy = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /export/home/%U
        template shell = /bin/bash
        winbind separator = #
        winbind cache time = 10
        winbind use default domain = Yes
        comment = Home Directories
        read only = No
        browseable = No
        comment = All Printers
        path = /usr/spool/samba
        printable = Yes
        browseable = No

bash-2.03# cat /etc/pam.conf
#ident  "@(#)pam.conf   1.14    99/09/16 SMI"
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
# PAM configuration
# Authentication management
login   auth required   /usr/lib/security/pam_winbind.so
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass
rlogin  auth sufficient /usr/lib/security/pam_winbind.so
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /usr/lib/security/pam_winbind.so
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
# Account management
login   account sufficient      /usr/lib/security/pam_winbind.so
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
dtlogin account sufficient      /usr/lib/security/pam_winbind.so
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
other   account sufficient      /usr/lib/security/pam_winbind.so
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
other   account required        /usr/lib/security/$ISA/pam_unix.so.1
# Session management
other   session required        /usr/lib/security/$ISA/pam_unix.so.1
# Password management
#other   password sufficient     /usr/lib/security/pam_winbind.so
other   password required       /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass

Thanks & Regards

This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.

More information about the samba mailing list