[Samba] domain memership and security=domain

Jason Waters jwaters at h2os.com
Tue May 20 17:57:05 GMT 2008 

I think security = domain just has that samba box look at the PDC for
authentication.  I don't think accessing a share has anything to do with
if the workstation is a part of the domain or not.  If you try to connect
to that share \\sambafileserver\testshare it should prompt you for a
username and password.  If it doesn't that means you are logged in with a
valid username already.  You can check smsbstatus to see how you are
connected.  If you have two domain users, user1, user2, you can make a
share on available to one user by doing valid users = user1

Are you trying to restrict machine from accessing a share?  I'm not sure
if you can use the hosts allow per share.  Am I understanding you
correctly?

Jason Waters


-----Original Message-----
From: samba-bounces+jwaters=h2os.com at lists.samba.org
[mailto:samba-bounces+jwaters=h2os.com at lists.samba.org] On Behalf Of
Julian Pace Ross
Sent: Tuesday, May 20, 2008 1:18 PM
To: samba at lists.samba.org
Subject: Re: [Samba] domain memership and security=domain


I apologise for re-posting, but I'll try summarise just in case my
original 
message was confusing...

I have successfully deployed my first Samba 3 PDC with LDAP.

I have another Linux PC (separate from the PDC) that is  acting as a file 
server, with it's own shares.

This PC has no local user accounts, and I set this with security = domain,

passwd server = SambaPDC.
It successfully joined it to the domain with net  rpc join etc..

On each share I specify which users can access that share (valid users = )

Should security = domain mean that only  workstations already joined to
the 
domain can have access to the file server shares?
Until now, I can still access the shares even from the non-domain 
workstations.
In other words, can a Samba3 domain member limit access to its shares only

to other PCs that are also domain members?
Or, even better, can this be specified specifically per share?

Thanks and regards
Julian
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list