Re: [Samba] Valid users directive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary Dale wrote: Domain users is a Windows group. It should be mapped to a local Unix group. The local Unix group is what you put in smb.conf. This is wrong sorry. Windows groups are support in smb.conf if you are running winbindd. Winbindd exports MAINT\nkassis as a Unix group via NSS. valid users = +MAINT\nkassis, +MAINT\aburns Should work fine. If it is not, then please follow the docs for troubleshooting winbindd and let me know what fails. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEdZ8CIR7qMdg1EfYRAgJCAJ4khr6vAaxB+DVevPegJWnRwcgPMQCgoYXT 1QpjF/NXlSe2yEjand0LYnw= =Yzcm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users directive
-- Forwarded message -- From: Nicolas Kassis [EMAIL PROTECTED] Date: May 23, 2006 11:49 PM Subject: Re: [Samba] Valid users directive To: [EMAIL PROTECTED] Gary Dale wrote: Nicolas Kassis wrote: Hi Everyone I'm new to samba and I have been trying in vein to find a solution to this problem. I am setting up a linux samba server as a domain member server. It is part of the MAINT workgroup. Winbind and Samba authenticate correctly. The issue arises when I try to limit the users who are allowed to use a my share folder. Most of the information I have lookup seem to say that I should set up the Valid Users directive like this : valid users = '@MAINT\nkassis', '@MAINT\aburns' Of course this dosen't work. Can anyone point me to a place where I can find information about this or any indepth explanation of how to define users in this directive ? Nic If you look in the smb.conf man page, you will find (under invalid users) the following: A name starting with a '@' is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database. A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with '' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters '+' and '' may be used at the start of the name in either order so the value /|+group|/ means check the UNIX group database, followed by the NIS netgroup database, and the value /|+group|/ means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix). Since NIS not being used, your valid users group has to be the Unix/Linux group that the Domain group maps to. From what I understand the Group they belong to is Domain Users but specifying the following +Domain Users and also trying again using quotes around it is still incorrect. One thing I should mention. When I list the users with the command wbinfo -u the users are listed only by theyre users name not with the domain like this: MAINT\nkassis is this correct ? Nic -- Nicolas Kassis http://www.nickassis.net http://www.nickassis.net/blog -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users directive
Nicolas Kassis wrote: -- Forwarded message -- From: Nicolas Kassis [EMAIL PROTECTED] Date: May 23, 2006 11:49 PM Subject: Re: [Samba] Valid users directive To: [EMAIL PROTECTED] Gary Dale wrote: Nicolas Kassis wrote: Hi Everyone I'm new to samba and I have been trying in vein to find a solution to this problem. I am setting up a linux samba server as a domain member server. It is part of the MAINT workgroup. Winbind and Samba authenticate correctly. The issue arises when I try to limit the users who are allowed to use a my share folder. Most of the information I have lookup seem to say that I should set up the Valid Users directive like this : valid users = '@MAINT\nkassis', '@MAINT\aburns' Of course this dosen't work. Can anyone point me to a place where I can find information about this or any indepth explanation of how to define users in this directive ? Nic If you look in the smb.conf man page, you will find (under invalid users) the following: A name starting with a '@' is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database. A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with '' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters '+' and '' may be used at the start of the name in either order so the value /|+group|/ means check the UNIX group database, followed by the NIS netgroup database, and the value /|+group|/ means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix). Since NIS not being used, your valid users group has to be the Unix/Linux group that the Domain group maps to. From what I understand the Group they belong to is Domain Users but specifying the following +Domain Users and also trying again using quotes around it is still incorrect. One thing I should mention. When I list the users with the command wbinfo -u the users are listed only by theyre users name not with the domain like this: MAINT\nkassis is this correct ? Nic You're not listening. :) Domain users is a Windows group. It should be mapped to a local Unix group. The local Unix group is what you put in smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users directive
Gary Dale wrote: Nicolas Kassis wrote: -- Forwarded message -- From: Nicolas Kassis [EMAIL PROTECTED] Date: May 23, 2006 11:49 PM Subject: Re: [Samba] Valid users directive To: [EMAIL PROTECTED] Gary Dale wrote: Nicolas Kassis wrote: Hi Everyone I'm new to samba and I have been trying in vein to find a solution to this problem. I am setting up a linux samba server as a domain member server. It is part of the MAINT workgroup. Winbind and Samba authenticate correctly. The issue arises when I try to limit the users who are allowed to use a my share folder. Most of the information I have lookup seem to say that I should set up the Valid Users directive like this : valid users = '@MAINT\nkassis', '@MAINT\aburns' Of course this dosen't work. Can anyone point me to a place where I can find information about this or any indepth explanation of how to define users in this directive ? Nic If you look in the smb.conf man page, you will find (under invalid users) the following: A name starting with a '@' is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database. A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with '' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters '+' and '' may be used at the start of the name in either order so the value /|+group|/ means check the UNIX group database, followed by the NIS netgroup database, and the value /|+group|/ means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix). Since NIS not being used, your valid users group has to be the Unix/Linux group that the Domain group maps to. From what I understand the Group they belong to is Domain Users but specifying the following +Domain Users and also trying again using quotes around it is still incorrect. One thing I should mention. When I list the users with the command wbinfo -u the users are listed only by theyre users name not with the domain like this: MAINT\nkassis is this correct ? Nic You're not listening. :) Domain users is a Windows group. It should be mapped to a local Unix group. The local Unix group is what you put in smb.conf. oooh!!! I thought that was done automagically by winbind ? Nic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users directive
Gary Dale wrote: Nicolas Kassis wrote: -- Forwarded message -- From: Nicolas Kassis [EMAIL PROTECTED] Date: May 23, 2006 11:49 PM Subject: Re: [Samba] Valid users directive To: [EMAIL PROTECTED] Gary Dale wrote: Nicolas Kassis wrote: Hi Everyone I'm new to samba and I have been trying in vein to find a solution to this problem. I am setting up a linux samba server as a domain member server. It is part of the MAINT workgroup. Winbind and Samba authenticate correctly. The issue arises when I try to limit the users who are allowed to use a my share folder. Most of the information I have lookup seem to say that I should set up the Valid Users directive like this : valid users = '@MAINT\nkassis', '@MAINT\aburns' Of course this dosen't work. Can anyone point me to a place where I can find information about this or any indepth explanation of how to define users in this directive ? Nic If you look in the smb.conf man page, you will find (under invalid users) the following: A name starting with a '@' is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database. A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with '' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters '+' and '' may be used at the start of the name in either order so the value /|+group|/ means check the UNIX group database, followed by the NIS netgroup database, and the value /|+group|/ means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix). Since NIS not being used, your valid users group has to be the Unix/Linux group that the Domain group maps to. From what I understand the Group they belong to is Domain Users but specifying the following +Domain Users and also trying again using quotes around it is still incorrect. One thing I should mention. When I list the users with the command wbinfo -u the users are listed only by theyre users name not with the domain like this: MAINT\nkassis is this correct ? Nic You're not listening. :) Domain users is a Windows group. It should be mapped to a local Unix group. The local Unix group is what you put in smb.conf. I didn't set the behaviour. I just read the documentation.:) I don't know why smb.conf expects the Unix group instead of doing a lookup, but I'm sure there's a good reason. The Samba developers know a lot more about this than I do and they are very, very good at it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Valid users directive
Hi Everyone I'm new to samba and I have been trying in vein to find a solution to this problem. I am setting up a linux samba server as a domain member server. It is part of the MAINT workgroup. Winbind and Samba authenticate correctly. The issue arises when I try to limit the users who are allowed to use a my share folder. Most of the information I have lookup seem to say that I should set up the Valid Users directive like this : valid users = '@MAINT\nkassis', '@MAINT\aburns' Of course this dosen't work. Can anyone point me to a place where I can find information about this or any indepth explanation of how to define users in this directive ? Nic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
