Re: [Samba] 'username = @group' not working correctly
Hi Gerald (Jerry) Carter wrote: First question: In the manpage for smb.conf, it is mentioned that '+group' expands to the Unix group named 'group'. But that does not work for me. Using the '@group' syntax works. Is this an error in the documentation? That makes no sense unless you are using NIS netgroups. I do not use NIS (or at least, I did not install or configure any NIS stuff on the network at all). The documentation for smb.conf sais that @group will check both the NIS group and the Unix group (the NIS group first), and that +group will check the Unix group only. Still, +group does not work for me at all, while @group works for the first two users in the Unix group. I'd suggest moving to security = user unless you can explain exactly why you need security = share. Security = share is just not well suited for cases where you want to provide authorization based on username/password pairs. The problem I have with security = user is that Windows does not allow to simultaneously have two or more connections using different usernames to a given server. On my network, the following scenario is very common: A user logs into a Windows machine and accesses a Samba share for which the username and password match with the username and password he used to login to the Windows box (a general staff account). Some time later, he needs access to another share requiring another username and password (his personal share). With security = user, this is not possible. Windows will complain about conflicting login information. -- René OpenPGP key id: 0x63B1F5DB JID: [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 'username = @group' not working correctly
Hello I am running a Samba file server (Version 3.0.22) with 'security = share'. Here is one of my share definitions: [archive] path = /var/smb/archive writeable = Yes username = @staff valid users = @staff First question: In the manpage for smb.conf, it is mentioned that '+group' expands to the Unix group named 'group'. But that does not work for me. Using the '@group' syntax works. Is this an error in the documentation? However, my actual problem is this: I need the 'username = @group' mechanism because some of my clients do not supply a correct username. The problem is that it does not seem to work for most user accounts. It does work for exactly two users. After experimenting and looking at the debug logs, I concluded that Samba only checks the supplied password against the first two users who are listed as members of the group 'staff' in /etc/group. After checking the second user, it aborts. These first two users can connect to the service fine, but all others can not. If the relevant line in /etc/group looks like this: staff:x:1034:foo,bar,baz Then foo and bar can connect, baz can not. If I swap bar and baz in /etc/group, then baz can connect and bar can not. Is this a known problem? How do I fix this? -- René OpenPGP key id: 0x63B1F5DB JID: [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba