Hi, I have a case where I only want to restrict access to SMB shares via filesystem permissions (and POSIX ACLs). Therefore, I do not want Samba to verify security in any way at the SMB level. If the filesystem/ACL permissions allow access to the shared directory, so should Samba. If the filesystem does not allow access to the filesystem, Samba should deny as well.
I thought I had this working correctly, but sometimes it randomly breaks. Here is an example of a share's configuration: [testshare] comment = Test Share path = /test/testshare writeable = yes create mask = 770 directory mask = 770 if the share's directory has the following permissions: drwxrwx--- 2 root DOMAIN\testgroup 4096 Dec 7 14:54 testshare Then, anyone in the "DOMAIN\testgroup" should have read/write access to the share, correct? Instead, when I try to access the share, I get prompted for credentials, and then get denied. The following error is displayed in SMB logs: ==> /var/log/samba/__ffff_172.26.103.175.log <== [2012/12/07 14:57:18.622794, 1] auth/auth_util.c:848(create_token_from_username) lookup_name_smbconf for DOMAIN\testuser failed DOMAIN\testuser is a member of DOMAIN\testgroup. Any help would be greatly appreciated! Thanks, Josh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba