Hi, Sometime back I setup one of my linux server to authenticate against the existing Windows Active Directory servers. Everything is working fine, I no longer need to create account for managers or application support groups as they do their work mostly through samba shares and even if they need shell access they can still have it.
When a user connects to the samba shares using windows then he sees his home directory and is able to perform read and write operations well. The problem comes in when I try to setup a share and try to restrict read-access to only some users and write-access to some. Following is what I try to use in smb.conf file: ------------------------------<snip>------------------------------------ [share1] comment = Shared directory path = /samba-shares/myshare valid users = adsuser01, adsuser02 write list = adsuser02 force group = linux_grp01 read only = No create mask = 0774 force create mode = 0774 directory mask = 0775 force directory mode = 0775 [share2] comment = Shared directory 2 path = /samba-shares/myshare2 valid users = +linux_grp01, +linux_grp02 force user = linux_user01 force group = linux_grp01 read only = No ------------------------------</snip>------------------------------------ This does not work. For share1 - The adsuser01 and adsuser02 when try to access the share1 they are prompted by windows for username and password and even entering correct details preeceded by the domain name does not help. However at the same time they can access their home directories on linux server perfectly fine. the adsuser01, adsuser02 only exists on AD server and they are mapped by winbind service. Now if I change the "valid users" line in share1 definition to valid users = domain\adsuser01, domain\adsuser02 it works. For share2 - I want members of a linux_grp01 and linux_grp02 to have access to this share. I have to manually edit the /etc/group file to add user-ids from AD to respective group as usermod command does not work because it is not finding corresponding userid entry in /etc/passwd.(Rightso as the user is not a linux user). This also does not work, however if I do the same thing for sudo access it works, sudo accepts the AD user even though it does not have a /etc/passwd file. I dont want to create accounts for these users in the linux server. Is there a way by which secure SAMBA shares can be created by - (1.) Specifying a list of AD users not preeceeded by their domain names. (2.) specifying a linux group which has AD users as its members. If I am not able to explain my problem properly please feel free to get back. Regards. Ajitabh Pandey __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ linux-india-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-india-help
