[Samba] Domain User access control in the smb.conf

Alex Wang hadyn_whx at hotmail.com
Fri Feb 17 19:53:46 GMT 2006


Thanks a lot. It's working perfect right now.



ALex


On Fri, 17 Feb 2006 13:48:51 -0600
Don Meyer <dlmeyer at uiuc.edu> wrote:

> Yes, if you have the "valid users =" line present in a resource's 
> config block, then access to that resource is limited to the defined 
> set of users.  If not present, then any user can connect to the resource.
> 
> -D
> 
> 
> At 01:41 PM 2/17/2006, Alex Wang wrote:
> >Thanks Don, it works.
> >
> >Another question about that is, do I have to list all the users who need
> >to access that share folder?
> >
> >[Test2]
> >         comment = Test
> >         path = /usr/tmp/
> >         valid users = "@Domain Admins"
> >         readonly = Yes
> >         write list = myaccount
> >Since myaccount is not in Domain Admins, I can't even access those share
> >folder. Do I have to chagne to
> >
> >[Test2]
> >         comment = Test
> >         path = /usr/tmp/
> >         valid users = "@Domain Admins", myaccount
> >         readonly = Yes
> >         write list = myaccount
> >
> >Thanks
> >
> >Alex
> >
> >
> >
> >On Fri, 17 Feb 2006 13:29:50 -0600
> >Don Meyer <dlmeyer at uiuc.edu> wrote:
> >
> > > At 12:52 PM 2/17/2006, Alex Wang wrote:
> > > >I guess the @"Domain\myaccount" is the wrong format, but I check the
> > > >manual and can't find anything talk about the user list in smb.conf....
> > > >
> > > >smb# testparm
> > > >...
> > > >         winbind use default domain = Yes
> > >
> > >
> > > First off, if "myaccount" is a user account, then drop the "@" --
> > > that is one of the specials used to designate a group.
> > >
> > > Second, with "winbind use default domain" active/enabled, you should
> > > not have to specify the "DOMAIN\" part.
> > >
> > > Also, since you are using the special char "\" as a domain separator,
> > > you need to be very cognizant of where you need to properly escape
> > > it.   (I.E., use "\\" instead of just "\")   I'm pretty sure that
> > > "valid users =" is one of those places...
> > >
> > > Cheers,
> > > -D
> > >
> > >
> > > Don Meyer                                           <dlmeyer at uiuc.edu>
> > > Network Manager, ACES Academic Computing Facility
> > > Technical System Manager, ACES TeleNet System
> > > UIUC College of ACES, Information Technology and Communication Services
> > >
> > >    "They that can give up essential liberty to obtain a little
> > > temporary safety,
> > >          deserve neither liberty or safety."     -- Benjamin 
> > Franklin, 1759
> 
> Don Meyer                                           <dlmeyer at uiuc.edu>
> Network Manager, ACES Academic Computing Facility
> Technical System Manager, ACES TeleNet System
> UIUC College of ACES, Information Technology and Communication Services
> 
>    "They that can give up essential liberty to obtain a little 
> temporary safety,
>          deserve neither liberty or safety."     -- Benjamin Franklin, 1759 





More information about the samba mailing list