[Samba] Allow access to a share for only one machine account
steve.lcb
steve.lcb at gmail.com
Mon Apr 21 06:15:26 MDT 2014
On Mon, 2014-04-21 at 04:23 -0700, Danny Fedor wrote:
> Thank you for your replies.
>
> As for hosts allow -- if I'm not wrong this works only in the global section
> of smb.conf and limits access to all shares. I need to limit access only to
> one of them.
>
> I have tried to set permissions of the share to allow r/w only for the
> "Domain Controllers" group, but it doesn't work; I think it expects the
> connecting user to be a member of the group, not the connecting machine. Is
> it even possible to limit access to a share based on a computer the user is
> connecting from? As far as I know, using NTFS permissions, it isn't.
>
> But in the link I've posted, they managed to achieve that through "valid
> users" directive in smb.conf which for me should look something like this:
>
> [share]
> valid users = UBUNTU1$
>
> However, when they run klist on their machine (in their case rhls64$), it
> shows the machine has ticket with its credentials. When I run klist on my
> UBUNTU1 (or even UBUNTU2) it shows nothing.
>
> If I run "kinit UBUNTU1$" kerberos replies with:
> Client 'UBUNTU1$@MY.DOMAIN' not found in Kerberos database while getting
> initial credentials.
That's odd. The DC can't kinit itself?
kinit UBUNTU1$
should ask you for a password
UBUNTU1$ and UBUNTU2$ are replicating DCs? Is DNS setup OK? What do you
have at:
/etc/krb5.conf
?
Cheers,
Steve
More information about the samba
mailing list