From: [email protected] [[email protected]] on behalf of Jorell [[email protected]] Sent: Saturday, February 04, 2012 5:22 PM To: [email protected] Subject: Re: [Samba] Share-based security
On 2/4/2012 3:22 AM, Bruno Martins wrote: > Hello guys, > > I am using Samba version 3.5.6~dfsg-3squeeze6 and it is running very well > with winbind authentication on our internal network. > Now I want to expose one share and one printer to another network > (192.168.2.0/24), so now this server is configured with two NICs. > > My smb.conf is as follows: > > [global] > workgroup = GALILEU-F > realm = GALILEU-F.GALILEU.PT > server string = Samba Server Version %v > security = ADS > auth methods = winbind > password server = 192.168.0.2 > username map = /etc/samba/smbusers > log file = /var/log/samba/log.%m > max log size = 50 > printcap name = cups > local master = No > dns proxy = No > ldap ssl = no > idmap backend = tdb > idmap alloc backend = tdb > idmap uid = 5000-6000 > idmap gid = 5000-6000 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > guest ok = Yes > hosts allow = 127., 192.168.0., 10.150.21., 192.168.2. > cups options = raw > guest account = nobody > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > [dropbox] > comment = Partilha das Galileus > path = /home/joe/Dropbox > admin users = ghelpdesk, a230w > write list = ghelpdesk, a230w > read only = No > acl group control = Yes > create mask = 0777 > directory mask = 0777 > inherit permissions = Yes > inherit acls = Yes > inherit owner = Yes > guest ok = No > map acl inherit = Yes > > [print$] > comment = Printer Drivers > guest only = yes > path = /var/lib/samba/drivers > write list = ghelpdesk, a230w > > [sharpdesk] > comment = Sharpdesk > path = /home/fotocopiadora/sharpdesk > write list = "@domain users" > read only = No > > [formacao] > comment = Partilha Formacao > path = /home/joe/Formacao > guest ok = yes > browseable = yes > read only = no > write list = bmartins, amoreira > > Share to expose is 'formacao' but I want it to be only writable by two AD > users and read-only for everyone else. Also, users on 192.168.2.0 network > should not be able to even list other shares/printers. > With the smb.conf above mentioned, Windows keeps asking me for authentication. > > Can you please help me on this? Is this possible to do with Samba/CUPS? > > Also if you could give me some security tips or documentation to read on > this, it would be helpful. > > Best regards, > > Bruno Martins Do those users have write access to that directory in Linux? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hello Jorell, Thanks for your cooperation. Which users? The ones I want to give write access, yes they have. Everyone else should only be able to read contents of share 'formacao'. I don't even want authentication, guest should be OK. But still ... It's asking me for credentials. Kindly, Bruno Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
