[Samba] more cleanup: mis-named AD user

Stefan G. Weichinger lists at xunil.at
Wed Aug 7 09:11:54 UTC 2019


Am 06.08.19 um 16:42 schrieb L.P.H. van Belle via samba:
> Ahh, yes good one, totaly forgot about that one.
> That also possible. 

Solved. He had the main network share connected via Administrator.

The changed password let it fail ... now he uses his own user.

nice "smbstatus" now: great


> Just one more thing.. And I dont understand this... Because.. 
> And im sorry to say.. 
> 
> You .. Should .. Know .. This .. 

Yes, I do.

> This share. 
> 
>> [rsnapshots]
>> 	path = /mnt/rsnapshots
>> 	read only = Yes
>> 	valid users = problem-user, sgw
> 
> Now, you tell my, why are you using valid users here and explain also why your not using groups..  
> Let me me guess. Because that was the quick solution.. And later on you never changed it.. 

exactly. These shares are >10 yrs old ... come from NT4-domain-style-times.

> Use groups... Always, even it its for only 1 users. 
> 
> So change that : valid users = @YourGroup
> Or "@Your Group"
> And use a group from the AD not local linux. 
> 
> * you can combine these without problems. 
> I have local linux groups and windows groups for allowing ssh access for example. 
> Everthing is in the windows groups, except the special linux user that has local group rights. 
> 
> 
> Im saying this because it will lower the pressure of maintaining the network. 
> And that is a thing you want.
> 
> USE GROUPS EVERYWHERE. Best advice i can give here. 

ay, sir, will edit.

I even *have* a group for that (for the GPO ...)



More information about the samba mailing list