[Samba] Domain User access control in the smb.conf

Alex Wang hadyn_whx at hotmail.com
Fri Feb 17 18:52:13 GMT 2006


Hi All

My system is Freebsd 5.4 and Samba 3.0.21a. I am using ADS for system
security. In my smb.conf, I create a share like that.

[Test2]
        comment = Test
        path = /usr/tmp/
        valid users = @"Domain Admins",@"Domain\myaccount"

The domain administrator can access the share folder, but I can't. It
keeps asking me the username and password.

The samba is joined to the domain and auth is working fine. I can auth
my account under the shell without any problem.

**************************************************************
samba# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: administrator at DOMAIN.COM

  Issued           Expires        Principal                       
Feb 15 17:38:15  >>>Expired<<<  krbtgt/DOMAIN.COM at DOMAIN.COM
Feb 15 18:29:51  >>>Expired<<<  domaincontrol$@DOMAIN.COM
**************************************************************

smb# wbinfo -a myaccount%"*******"
plaintext password authentication succeeded
challenge/response password authentication succeeded
smb# 

I guess the @"Domain\myaccount" is the wrong format, but I check the
manual and can't find anything talk about the user list in smb.conf....

smb# testparm
Load smb config files from /usr/local/etc/smb.conf
Processing section "[Test]"
Processing section "[Test2]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
        workgroup = DOMAIN
        realm = DOMAIN.COM
        server string = Samba Server
        security = ADS
        allow trusted domains = No
        password server = dc
        syslog only = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        dns proxy = No
        wins server = 192.168.0.100
        passdb expand explicit = No
        idmap backend = idmap_rid:DOMAIN=500-100000000
        idmap uid = 500-100000000
        idmap gid = 500-100000000
        template homedir = /usr/samba/%U
        template shell = /bin/sh
        winbind cache time = 3600
        winbind use default domain = Yes
        winbind nested groups = Yes
        hosts allow = 192.168.0.

[Test]
        path = /usr/samba
        read only = No

[Test2]
        comment = Test
        path = /usr/tmp/
        valid users = "@Domain Admins", @"DOMAIN\myaccount"


Thanks



Alex




More information about the samba mailing list