---------- Forwarded message ----------
From: Nicolas Kassis <nic.kassis@gmail.com>
Date: May 23, 2006 11:49 PM
Subject: Re: [Samba] Valid users directive
To: gary@extremeground.com
Gary Dale wrote:
> Nicolas Kassis wrote:
>
>> Hi Everyone
>>
>> I'm new to samba and I have been trying in vein to find a solution
to
>> this problem. I am setting up a linux samba server as a domain member
>> server. It is part of the MAINT workgroup. Winbind and Samba
>> authenticate correctly. The issue arises when I try to limit the
>> users who are allowed to use a my share folder.
>>
>> Most of the information I have lookup seem to say that I should set
>> up the Valid Users directive like this :
>>
>> valid users = '@MAINT\nkassis', '@MAINT\aburns'
>>
>> Of course this dosen't work. Can anyone point me to a place where I
>> can find information about this or any indepth explanation of how to
>> define users in this directive ?
>>
>> Nic
>>
>>
>>
>>
> If you look in the smb.conf man page, you will find (under invalid
> users) the following:
> >>>>>>>>>>>>
>
> A name starting with a '@' is interpreted as an NIS netgroup first
(if
> your system supports NIS), and then as a UNIX group if the name was
> not found in the NIS netgroup database.
>
> A name starting with '+' is interpreted only by looking in the UNIX
> group database. A name starting with '&' is interpreted only by
> looking in the NIS netgroup database (this requires NIS to be working
> on your system). The characters '+' and '&' may be used
at the start
> of the name in either order so the value /|+&group|/ means check the
> UNIX group database, followed by the NIS netgroup database, and the
> value /|&+group|/ means check the NIS netgroup database, followed by
> the UNIX group database (the same as the '@' prefix).
>
> <<<<<<<<<<<<<<
>
> Since NIS not being used, your valid users group has to be the
> Unix/Linux group that the Domain group maps to.
>
>
>
>From what I understand the Group they belong to is Domain Users but
specifying the following +Domain Users and also trying again using
quotes around it is still incorrect. One thing I should mention. When I
list the users with the command wbinfo -u the users are listed only by
theyre users name not with the domain like this: MAINT\nkassis is this
correct ?
Nic
--
Nicolas Kassis
--------------------
http://www.nickassis.net
http://www.nickassis.net/blog