[Samba] Allow access to a share for only one machine account

Rowland Penny rowlandpenny at googlemail.com
Mon Apr 21 06:04:53 MDT 2014


On 21/04/14 12:23, Danny Fedor wrote:
> Thank you for your replies.
>
> As for hosts allow -- if I'm not wrong this works only in the global section
> of smb.conf and limits access to all shares. I need to limit access only to
> one of them.
>
> I have tried to set  permissions of the share to allow r/w only for the
> "Domain Controllers" group, but it doesn't work; I think it expects the
> connecting user to be a member of the group, not the connecting machine. Is
> it even possible to limit access to a share based on a computer the user is
> connecting from? As far as I know, using NTFS permissions, it isn't.

Samba 4 AD is supposed to be a drop in replacement for windows AD, so 
samba 4 works just like windows.
If it works with windows AD, it is supposed to work with samba 4 (if it 
doesn't, file a bug) and if it doesn't work with windows then it 
shouldn't work with samba 4. In this case, you already know the answer, 
what you are trying to do will not work with windows, so why do you 
expect it to work with samba 4 AD ??

Rowland
>
> But in the link I've posted, they managed to achieve that through "valid
> users" directive in smb.conf which for me should look something like this:
>
> [share]
> valid users = UBUNTU1$
>
> However, when they run klist on their machine (in their case rhls64$), it
> shows the machine has ticket with its credentials. When I run klist on my
> UBUNTU1 (or even UBUNTU2) it shows nothing.
>
> If I run "kinit UBUNTU1$" kerberos replies with:
> Client 'UBUNTU1$@MY.DOMAIN' not found in Kerberos database while getting
> initial credentials.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Allow-access-to-a-share-for-only-one-machine-account-tp4664550p4664560.html
> Sent from the Samba - General mailing list archive at Nabble.com.



More information about the samba mailing list