[Samba] Domain User access control in the smb.conf
Alex Wang
hadyn_whx at hotmail.com
Fri Feb 17 18:52:13 GMT 2006
Hi All
My system is Freebsd 5.4 and Samba 3.0.21a. I am using ADS for system
security. In my smb.conf, I create a share like that.
[Test2]
comment = Test
path = /usr/tmp/
valid users = @"Domain Admins",@"Domain\myaccount"
The domain administrator can access the share folder, but I can't. It
keeps asking me the username and password.
The samba is joined to the domain and auth is working fine. I can auth
my account under the shell without any problem.
**************************************************************
samba# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: administrator at DOMAIN.COM
Issued Expires Principal
Feb 15 17:38:15 >>>Expired<<< krbtgt/DOMAIN.COM at DOMAIN.COM
Feb 15 18:29:51 >>>Expired<<< domaincontrol$@DOMAIN.COM
**************************************************************
smb# wbinfo -a myaccount%"*******"
plaintext password authentication succeeded
challenge/response password authentication succeeded
smb#
I guess the @"Domain\myaccount" is the wrong format, but I check the
manual and can't find anything talk about the user list in smb.conf....
smb# testparm
Load smb config files from /usr/local/etc/smb.conf
Processing section "[Test]"
Processing section "[Test2]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Samba Server
security = ADS
allow trusted domains = No
password server = dc
syslog only = Yes
log file = /var/log/samba/log.%m
max log size = 50
dns proxy = No
wins server = 192.168.0.100
passdb expand explicit = No
idmap backend = idmap_rid:DOMAIN=500-100000000
idmap uid = 500-100000000
idmap gid = 500-100000000
template homedir = /usr/samba/%U
template shell = /bin/sh
winbind cache time = 3600
winbind use default domain = Yes
winbind nested groups = Yes
hosts allow = 192.168.0.
[Test]
path = /usr/samba
read only = No
[Test2]
comment = Test
path = /usr/tmp/
valid users = "@Domain Admins", @"DOMAIN\myaccount"
Thanks
Alex
More information about the samba
mailing list