Re: [LIH]Samba permissions

Thu, 19 Jan 2006 09:11:07 -0800 

Ajitabh Pandey wrote:


Hi,


<snip>


valid users = domain\adsuser01, domain\adsuser02


it works. 


For share2 - I want members of a linux_grp01 and
linux_grp02 to have access to this share. I have to
manually edit the /etc/group file to add user-ids from
AD to respective group as usermod command does not
work because it is not finding corresponding userid
entry in /etc/passwd.(Rightso as the user is not a
linux user). This also does not work, however if I do
the same thing for sudo access it works, sudo accepts
the AD user even though it does not have a /etc/passwd
file.

I dont want to create accounts for these users in the
linux server. Is there a way by which secure SAMBA
shares can be created by -

(1.) Specifying a list of AD users not preeceeded by
their domain names.

 


</snip>

winbind use default domain = yes

I have it set to no.


(2.) specifying a linux group which has AD users as
its members.

 




Also, why do you want to define your groups on the linux server? Make 
samba lookup a group on the AD server and configure all your share 
groups centrally. Have you tried using @ instead of "+" in your share 
definition?


For basic share access, I have this in my smb.conf -

--------------------------------------
[finance]
  comment = Finance
  path = /home/ISHISYSTEMS/samba/shared/finance
  guest ok = no
  writable = yes
  create mask = 0770
  directory mask = 0770
  valid users = @ISHISYSTEMS\store-finance
--------------------------------------

getent group gives me this -

ISHISYSTEMS\store-finance:x:16777268:ISHISYSTEMS\usera,ISHISYSTEMS\user2,ISHISYSTEMS\user3,ISHISYSTEMS\user4

On the filesystem level -


drwxrws---   6 root ISHISYSTEMS\store-finance          4096 Jan 19 09:52 
finance



Once you have this basic setup done, you can use ACLs to give finer 
permissions.


HTH.

--
VaibhaV
http://vsharma.net



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
linux-india-help mailing list
linux-india-help@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-india-help






















					Reply via email to