[Samba] Samba + AD Authentication: Restricting access to shares
Rowland penny
rpenny at samba.org
Tue Jun 11 20:12:47 UTC 2019
On 11/06/2019 20:45, Goetz, Patrick G via samba wrote:
> Because most of our servers are restricted to specific user groups and
> the AD domain covers the entire university, I need to find a way to
> limit access to samba shares, preferably using AD security groups; i.e.
> I want to do something like:
>
> [EMdata]
> comment = TEM Data
> path = /EMdata
> valid users = @cns-cryo-emusers
> guest ok = no
> writeable = yes
>
>
> where cns-cryo-emusers is an AD security group. Has this been
> implemented in any version of Samba? Otherwise, is there any way to
> limit access when doing AD authentication? We don't have any local
> users to limit access to; it's all domain users. The local accounts are
> strictly used for administrative purposes.
>
>
Then do it the way Windows does it, set permissions on the share from
the 'security' tab on Windows, see here:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Set your share like this:
[EMdata]
comment = TEM Data
path = /EMdata
read only = no
Rowland
More information about the samba
mailing list