[Samba] restrict what users can log onto each workstation
Matt Skerritt
matt.skerritt at agrav.net
Tue Dec 5 16:40:17 GMT 2006
On 05/12/2006, at 11:12 PM, Toni Casueps wrote:
>
> I've tried it with users and it works, but now I can't set it for
> groups. I've created a Unix group with the denied users and I've
> written in /etc/samba/smbusers:
>
> denied = @denied
>
> also in smb.conf I've set
>
> username map = /etc/samba/smbusers
>
> but I still can't see that group in the "Select user or group"
> dialog on Windows
>
> I use Samba 3.0.13
Oh yes, with an LDAP backend (which I use) you need to give your
groups a Samba SID so that windows can see them - otherwise they're
just Unix groups ... (and I had a very similar problem with windows
being unable to see most of the groups). Now if I can only remember
how I did this again. And I just notice that you don't mention LDAP
anywhere, ...
OH yes, I remember now (after I checked my scripts)
the command
net groupmap add ntgroup="<NT Group Name>" unixgroup="<unix group
name>" type=d
set's the mapping up for you. I think that'll work for any backend
database. and the command
net groupmap list
will show you the current mappings between unix groups and windows
groups.
> Anyway, that isn't so important. Thanks very much.
You're welcome. I'm happy to help :)
--
Matt Skerritt
matt.skerritt at agrav.net
More information about the samba
mailing list