We have a FreeBSD webserver with Samba 2.2.8. It has been set up as a
member-server of our active directory domain, and all seems good so
far.
What I want is to let a set of users access a share (www) as the
www-user, and they should authenticate against AD, and they should not
need an account on the BSD machine at all. I don't want any add user
script and so on, I only want them to access the share if they are one
of the defined users, and the password is aproved by the windows
servers.
This is how the config looks now:
[global]
workgroup = KJ
netbios name = Pauling
server string = Webserver
max open files = 1000
preferred master = no
character set = ISO8859-1
client code page = 437
case sensitive = yes
log file = /var/log/samba/log.%m
max log size = 500
security = domain
password server = *
encrypt passwords = yes
socket options = TCP_NODELAY
deadtime = 15
password level = 3
debug level = 1
wins server = <Our wins-servers>
dns proxy = no
I want a www-share something like this:
[www]
comment = Webfiles
path = /www
public = no
writeable = yes
browseable = yes
force user = www
force group = www
valid users = uib\mcb, uib\nkjmb, student\st01654
But it doesn't work, and I suspect it's the valid users that doesn't
understand the domain\ part.
Any ideas on how I can accomplish what I want?
Some info:
The server is a part of the KJ-domain, which is under the UIB-domain
in AD. The users are in the UIB-domain (the top of the forest) and in
the STUDENT-domain (which is a trusted domain in its own forest).
--
Morten-Christian Bernson
System Administrator
Department of Chemistry, University in Bergen
On Fri, 2003-11-14 at 05:49, Morten-Christian Bernson wrote:> We have a FreeBSD webserver with Samba 2.2.8. It has been set up as a > member-server of our active directory domain, and all seems good so > far. > > What I want is to let a set of users access a share (www) as the > www-user, and they should authenticate against AD, and they should not > need an account on the BSD machine at all. I don't want any add user > script and so on, I only want them to access the share if they are one > of the defined users, and the password is aproved by the windows > servers.You still need user accounts, sorry. Use winbind (which needs nsswitch, which needs some bleeding edge version of FreeBSD) or add the users manually. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20031114/dd250427/attachment.bin