[Samba] Restricting access to [homes]

NdK ndk.clanbo at gmail.com
Thu Apr 12 03:21:33 MDT 2012


Hi all.

Is it just me or there's no way to restrict access to [homes] share to
members of an AD group? Or is it treated like an ordinary Unix group via
Winbind mapping? If I use "valid users = %S" (to give access to the home
only to the owner), every domain user (worse: every user in any trusted
domain) can access his/her own share... if path exists. That leads to
the second problem: is it possible to automatically create the home dir
if it's missing (w/o requiring the user to log on the server)? Sort of
"pam_mkhomedir" for shares...

I have to handle laboratories w/ a lot of students, and pre-creating
homes would be impractical, while giving access to everybody in the
university is a waste of resources...

TIA,
 Diego.


More information about the samba mailing list