On Saturday 17 April 2004 21:26, Wim Bakker wrote: > On Saturday 17 April 2004 20:21, Wim Bakker wrote: > > So I take it that there is no checking whether a user that tries to > > connect to a share is , besides it's default group, the user connects > > with, allso member of the group that is auhorized to connect to > > that share, in this case being the group exact, so I have to set > > force group = exact , so a user that connects to that share, > > connects with default group exact , and is allowed to access the > > share and do it's thing. But apparently there is no checking whether > > that user is actually a member of that group , because when I connect > > as a completely different user, not at all listed in the group exact as a > > member , I get full access allso. Now I add the parameter : > > valid users = @exact > > Wrong , it is being checked but what is being checked? > Output from log: > [2004/04/17 21:08:35, 2] lib/access.c:check_access(324) > Allowed connection from (10.0.0.10) > [2004/04/17 21:08:35, 10] lib/username.c:user_in_list(521) > user_in_list: checking user gerrit in list > [2004/04/17 21:08:35, 10] lib/username.c:user_in_list(525) > user_in_list: checking user |gerrit| against |@exact| > [2004/04/17 21:08:35, 5] lib/username.c:user_in_netgroup_list(310) > Unable to get default yp domain > [2004/04/17 21:08:35, 2] smbd/service.c:make_connection_snum(391) > user 'gerrit' (from session setup) not permitted to access this share > (exact) > [2004/04/17 21:08:35, 3] smbd/error.c:error_packet(134) > > What is this "Unable to get default yp domain" doing?
Problem was in the nsswitch.conf: entry: nss_base_group dc=ahm,dc=nl?one should have been: nss_base_group dc=ahm,dc=nl?sub Thanx WB -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
