[Samba] Samba 3.0.22: share be r/w for LDAP-authenticated users, r/o for anonymous

Michael Gasch gasch at eva.mpg.de
Mon Jun 26 10:20:53 GMT 2006


hi,

some hints:
- unauthenticated can be treated as guests (map to guest =, read list = 
<guestaccount>)
- there´re several threads about plaintext password support and samba v3
you should try to play with encrypt passwords = no and may be pam (obey 
pam restrictions = yes)

just my 2 cents

greez


Ralf G. R. Bergs wrote:
> Hi there,
> 
> we need to implement the following scenario:
> 
> - Samba server 3.0.22 (NOT acting as a domain controller; we don't use
> Windows networking domains)
> - users use Linux and Windoze
> - anonymous users accessing a certain share should be granted read-only
> access
> - successfully authenticated users should be given read-write access
> - authentication should be performed against an LDAP that contains
> entries like this:
> 
> dn: cn=rb,dc=intra,dc=ourdom,dc=de
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: jabberuser
> jid: rb at intra.ourdom.de
> o: ourcompany
> cn: rb
> sn: Bergs
> givenName: Ralf
> telephoneNumber: +49xxxxxxx
> mobile: +49xxxxxxxx
> userPassword: secret
> roomNumber: 4711
> 
> The "userPassword" key contains the password that is to be checked, the
> "cn" key the username for the respective user.
> 
> Can this be accomplished? Is there anyone who would like to share some
> config snippets with me?
> 
> I did some search on Google and found something pertaining to Samba 2.x,
> but this doesn't work anymore since LDAP support seems to have changed
> much since then.
> 
> Thanks for any help you can give.
> 
> Cheers,
> 
> Ralf

-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
        49 (0)341 - 3550 374

Fax:   49 (0)341 - 3550 399



More information about the samba mailing list