[Samba] 'username = @group' not working correctly

Rene Fleschenberg rene at korteklippe.de
Tue Sep 5 01:08:57 GMT 2006


Gerald (Jerry) Carter wrote:
>>> First question: In the manpage for smb.conf, it is mentioned that
>>> '+group' expands to the Unix group named 'group'. But that does not work
>>> for me. Using the '@group' syntax works. Is this an error in the
>>> documentation?
> That makes no sense unless you are using NIS netgroups.

I do not use NIS (or at least, I did not install or configure any NIS
stuff on the network at all).
The documentation for smb.conf sais that @group will check both the NIS
group and the Unix group (the NIS group first), and that +group will
check the Unix group only. Still, +group does not work for me at all,
while @group "works" for the first two users in the Unix group.

> I'd suggest moving to security = user unless you can
> explain exactly why you need security = share.  Security = share
> is just not well suited for cases where you want to
> provide authorization based on username/password pairs.

The problem I have with security = user is that Windows does not allow
to simultaneously have two or more connections using different usernames
to a given server.

On my network, the following scenario is very common: A user logs into a
Windows machine and accesses a Samba share for which the username and
password match with the username and password he used to login to the
Windows box (a general "staff" account). Some time later, he needs
access to another share requiring another username and password (his
personal share). With security = user, this is not possible. Windows
will complain about conflicting login information.

OpenPGP key id: 0x63B1F5DB
JID: rene.fleschenberg at jabber.ccc.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20060905/b8bf52cc/signature-0001.bin

More information about the samba mailing list