[Samba] Help needed: valid users

[Gary Dale]

Chris Osicki wrote:
> Hi 
>
> I'm using Samba 3.0.33 on Solaris10 and have the following problem.
> In the smb.conf I have 
>
>     workgroup = CORPROOT
>     security = domain
>
> and users authenticated to CORPROOT domain can connect shares
> w/o problems, [homes] for example.
> Now I would like to create a share and restrict access to it just 
> to a dozen of users or so.
>
> I tried 
>   
>   valid users = +docs
>   force user = usodocs
>
> where docs is a group in /etc/group and it didn't work.
> Looks like Samba is trying to look up the group docs on the domain
> controller in the CORPROOT domain.
>
> So, I tried this
>
>   valid users = CORPROOT\user
>   force user = usodocs
>
> it works. 
> According to man page 
>    valid users = +docs
> should work.
> I must be missing something, but what?
>
> Is there any better/nicer way to achieve what I'm looking for?
> That is, to give a group of users full control over content of 
> a share.
> I have several Linux Samba servers where I use POSIX ACLs to control
> read/write rights on the OS level and it works fine. 
>
> I tried the same on the Solaris10 box with ZFS and its ACLs and it
> didn't work as expected (posted about it few weeks ago, no answers though)
>
> I would be very thankful for any help.
>
> BTW, anyone any idea how to attract attention to a post on this list?
> Virtual beer as attachment? ;-)
> My success rate is by now close to nothing.
>
> Thanks for your time.
>
> Regards,
> Chris
>   
Don't use "force user" unless you really want everyone to look like that 
user when accessing the share. Quick documentation on the various 
options is available via SWAT.