Re: [Samba] security = ads, username map and valid users
Hi there, On Thu, 24 Jan 2013, Rainer Canavan wrote: I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to make some directories accessible as a filesystem to (some of) our developers. However, those directories are read and written by a web server, and all files and directories in there should belong to www-data:www-data. The obvious solution is a username map ... The username map feature is broken in current Samba 3 (although possibly not in your preferred version) and AFAICT it is likely to remain so for the forseeable future: https://bugzilla.samba.org/show_bug.cgi?id=8881 My recommendation would be to avoid relying on the feature, which I know is a royal pain because that's what I'm having to do, but if you do find that you have to upgrade from your currently preferred version then you might get bitten by the bug. If enough people subscribe to the CC list on the bugzilla page maybe it will get onto the radar screen of someone who is capable of doing something about it. -- 73, Ged. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] security = ads, username map and valid users
I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to make some directories accessible as a filesystem to (some of) our developers. However, those directories are read and written by a web server, and all files and directories in there should belong to www-data:www-data. The obvious solution is a username map - just map everyone to www-data - but then "valid users" or "user only" doesn't work anymore, since those are evaluated against the mapped user, not the username that was used to authenticate against ADS. I have found no combination of username map, force user/force group, valid users and/or username + only user that would do exactly what I want. The closest thing so far is a username map plus a (locked) local Unix user and UID of www-data. However I'd prefer not to add local users. Is there any switch that allows meaningful "valid users" together with a username map such as "www-data = *" ? Thanks, rainer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
