[Samba] Valid users directive
garydale at torfree.net
Wed May 24 13:40:33 GMT 2006
Nicolas Kassis wrote:
> ---------- Forwarded message ----------
> From: Nicolas Kassis <nic.kassis at gmail.com>
> Date: May 23, 2006 11:49 PM
> Subject: Re: [Samba] Valid users directive
> To: gary at extremeground.com
> Gary Dale wrote:
>> Nicolas Kassis wrote:
>>> Hi Everyone
>>> I'm new to samba and I have been trying in vein to find a solution to
>>> this problem. I am setting up a linux samba server as a domain member
>>> server. It is part of the MAINT workgroup. Winbind and Samba
>>> authenticate correctly. The issue arises when I try to limit the
>>> users who are allowed to use a my share folder.
>>> Most of the information I have lookup seem to say that I should set
>>> up the Valid Users directive like this :
>>> valid users = '@MAINT\nkassis', '@MAINT\aburns'
>>> Of course this dosen't work. Can anyone point me to a place where I
>>> can find information about this or any indepth explanation of how to
>>> define users in this directive ?
>> If you look in the smb.conf man page, you will find (under invalid
>> users) the following:
>> A name starting with a '@' is interpreted as an NIS netgroup first (if
>> your system supports NIS), and then as a UNIX group if the name was
>> not found in the NIS netgroup database.
>> A name starting with '+' is interpreted only by looking in the UNIX
>> group database. A name starting with '&' is interpreted only by
>> looking in the NIS netgroup database (this requires NIS to be working
>> on your system). The characters '+' and '&' may be used at the start
>> of the name in either order so the value /|+&group|/ means check the
>> UNIX group database, followed by the NIS netgroup database, and the
>> value /|&+group|/ means check the NIS netgroup database, followed by
>> the UNIX group database (the same as the '@' prefix).
>> Since NIS not being used, your valid users group has to be the
>> Unix/Linux group that the Domain group maps to.
>> From what I understand the Group they belong to is Domain Users but
> specifying the following +Domain Users and also trying again using
> quotes around it is still incorrect. One thing I should mention. When I
> list the users with the command wbinfo -u the users are listed only by
> theyre users name not with the domain like this: MAINT\nkassis is this
> correct ?
You're not listening. :)
"Domain users" is a Windows group. It should be mapped to a local Unix
group. The local Unix group is what you put in smb.conf.
More information about the samba