Re[2]: [Samba] Domain User access control in the smb.conf

2006-02-17 Thread Don Meyer 
Yes, if you have the "valid users =" line present in a resource's 
config block, then access to that resource is limited to the defined 
set of users.  If not present, then any user can connect to the resource.


-D


At 01:41 PM 2/17/2006, Alex Wang wrote:

Thanks Don, it works.

Another question about that is, do I have to list all the users who need
to access that share folder?

[Test2]
comment = Test
path = /usr/tmp/
valid users = "@Domain Admins"
readonly = Yes
write list = myaccount
Since myaccount is not in Domain Admins, I can't even access those share
folder. Do I have to chagne to

[Test2]
comment = Test
path = /usr/tmp/
valid users = "@Domain Admins", myaccount
readonly = Yes
write list = myaccount

Thanks

Alex



On Fri, 17 Feb 2006 13:29:50 -0600
Don Meyer <[EMAIL PROTECTED]> wrote:

> At 12:52 PM 2/17/2006, Alex Wang wrote:
> >I guess the @"Domain\myaccount" is the wrong format, but I check the
> >manual and can't find anything talk about the user list in smb.conf
> >
> >smb# testparm
> >...
> > winbind use default domain = Yes
>
>
> First off, if "myaccount" is a user account, then drop the "@" --
> that is one of the specials used to designate a group.
>
> Second, with "winbind use default domain" active/enabled, you should
> not have to specify the "DOMAIN\" part.
>
> Also, since you are using the special char "\" as a domain separator,
> you need to be very cognizant of where you need to properly escape
> it.   (I.E., use "\\" instead of just "\")   I'm pretty sure that
> "valid users =" is one of those places...
>
> Cheers,
> -D
>
>
> Don Meyer   <[EMAIL PROTECTED]>
> Network Manager, ACES Academic Computing Facility
> Technical System Manager, ACES TeleNet System
> UIUC College of ACES, Information Technology and Communication Services
>
>"They that can give up essential liberty to obtain a little
> temporary safety,
>  deserve neither liberty or safety." -- Benjamin 
Franklin, 1759


Don Meyer   <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

  "They that can give up essential liberty to obtain a little 
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re[2]: [Samba] Domain User access control in the smb.conf

2006-02-17 Thread Alex Wang 
Thanks Don, it works.

Another question about that is, do I have to list all the users who need
to access that share folder?

[Test2]
comment = Test
path = /usr/tmp/
valid users = "@Domain Admins"
readonly = Yes
write list = myaccount
Since myaccount is not in Domain Admins, I can't even access those share
folder. Do I have to chagne to

[Test2]
comment = Test
path = /usr/tmp/
valid users = "@Domain Admins", myaccount
readonly = Yes
write list = myaccount

Thanks

Alex



On Fri, 17 Feb 2006 13:29:50 -0600
Don Meyer <[EMAIL PROTECTED]> wrote:

> At 12:52 PM 2/17/2006, Alex Wang wrote:
> >I guess the @"Domain\myaccount" is the wrong format, but I check the
> >manual and can't find anything talk about the user list in smb.conf
> >
> >smb# testparm
> >...
> > winbind use default domain = Yes
> 
> 
> First off, if "myaccount" is a user account, then drop the "@" -- 
> that is one of the specials used to designate a group.
> 
> Second, with "winbind use default domain" active/enabled, you should 
> not have to specify the "DOMAIN\" part.
> 
> Also, since you are using the special char "\" as a domain separator, 
> you need to be very cognizant of where you need to properly escape 
> it.   (I.E., use "\\" instead of just "\")   I'm pretty sure that 
> "valid users =" is one of those places...
> 
> Cheers,
> -D
> 
> 
> Don Meyer   <[EMAIL PROTECTED]>
> Network Manager, ACES Academic Computing Facility
> Technical System Manager, ACES TeleNet System
> UIUC College of ACES, Information Technology and Communication Services
> 
>"They that can give up essential liberty to obtain a little 
> temporary safety,
>  deserve neither liberty or safety." -- Benjamin Franklin, 1759 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba