I currently have a couple of drives shared out in samba for Solaris. I want to create another share so that only "specific users" can get into it, and not everyone on my network. I would also prefer that samba use the WindowsNT authentication for connecting to this specific share. Can anyone help me out? Thanks, Eric
At 10:17 AM 4/10/2002 -0400, Olson Cpl Eric S wrote:>I currently have a couple of drives shared out in samba for Solaris. I want >to create another share so that only "specific users" can get into it, and >not everyone on my network. I would also prefer that samba use the WindowsNT >authentication for connecting to this specific share. Can anyone help me >out? > >Thanks, >EricI don't think "authentication" can be set up on a share-by-share basis, only "permissions" to shares. Look at the smb.conf man page under the "security" parameter: SECURITY = SERVER As far as a share goes, something like this: [priv_share] comment = Privilege Share path = /usr/local/privilege read only = no writeable = yes valid users = +priv_users create mask = 0660 directory mask = 0770 Only users in the group "priv_users" will be able to access the share. Hope this helps. Matthew
Hi Eric, I'm not so sure about Solaris, but I'm using an i386 (Intel-compatible) machine with RedHat Linux 7.2 and Samba 2.2.3a-20020206. I am using winbind and pam to do the authentication with my W2K domain (read the winbind.html that comes with the Samba 2.2.3a version). Then when winbind is working, in your shares you can select individual users by specifying your domain, the connector symbol you specified in your smb.conf for winbind, and the user login name (i.e. CATFISH+JFISHER where CATFISH is your domain, + is your connector, JFISHER is the user). If the User login name has spaces (i.e. DOMAIN USERS, you would specify CATFISH+"DOMAIN USERS" in the smb.conf file and use single quotes to change the permissions for the user or group (i.e. chgrp CATFISH+'DOMAIN USERS' charlie -- assuming your share was named charlie). Capitals for the NT DOMAIN _and_ the NT USER/GROUP are also required, having something to do with how NT sends the names to the Linux box. Hope this helps. Kevin Bramblett