[Samba] domain memership and security=domain

Julian Pace Ross linux at prisma.com.mt
Mon May 19 21:58:05 GMT 2008

Dear List,

I have successfully deployed my first Samba 3 PDC with LDAP, and I have 
several XP pro workstations successfully joined to the domain. There are 
some other XP pro workstations that are not  joined to the domain yet, but 
are on the same network.

Now I have another Linux (Suse 9.2) PC (separate from the PDC) that is 
acting as a file server, with it's own shares.
This PC has no local user accounts, and I set this with security = domain, 
passwd server = SambaPDC and successfully joined it to the domain with net 
rpc join etc..

On each share I specify which users can access that share (valid users = )

My question is somewhat conceptual (and i suspect, rather basic):
Once the file server is joined to the domain and is authenticating 
everything with the Samba3 PDC, should security = domain mean that only 
workstations already joined to the domain can have access to the file server 
I would imagine this to be the concept behind security = domain, but until 
now, I can still access the shares even from the non-domain workstations).

In other words, can a Samba3 domain member limit access to its shares only 
to other PCs that are also domain members?
Or, even better, can this be specified specifically per share?

Thanks and regards


More information about the samba mailing list