Torsten Krah
2007-Jun-15 09:43 UTC
[Samba] valid/invalid users not working with samba & windows 2003 AD
Hi.
the samba server is client in a windows 2003 AD managed domain.
Got a samba share like this:
[Praktikanten]
comment = Praktikanten
path = /data/Praktikanten
read only = No
browseable = Yes
create mask = 0664
directory mask = 0775
force group = +praktikanten
Lets take some users:
user1 is in group praktikanten.
user2 is in group vpnguests.
If i add
valid users = @praktikanten
no one can connect to the share anymore - even user1 which is member of
that group.
If i add to the first example
invalid users = @vpnguests
user2 can still connect, but he is in that group.
user1:
/etc/samba# id user1
uid=11659(user1) gid=11616(praktikanten) Gruppen=11616(praktikanten)
user2:
/etc/samba# id user2
uid=16129(user2) gid=16128(vpnguests) Gruppen=16128(vpnguests)
Something i've missed - reading manpage and docs this should work - but
doesnt.
I can even take the usernames (not the group) and it wont work.
Samba version is latest etch one, 3.0.24-6.
Any help or hints welcome.
I can provide some debug logs of any level if someone want to see - tell
what.
kind regards
Torsten
Torsten Krah
2007-Jun-17 11:47 UTC
[Samba] valid/invalid users not working with samba & windows 2003 AD
Hi again - solved it: Read this: http://samba.org/samba/docs/man/Samba-Guide/kerberos.html Their is only one "\" between domain and group. I need to insert @"DOMAIN\\Group" to get it working - but now it works - anyone got an explanation why i need two "\"? Torsten Am Freitag, den 15.06.2007, 11:14 +0200 schrieb Torsten Krah:> Hi. > > the samba server is client in a windows 2003 AD managed domain. > Got a samba share like this: > > [Praktikanten] > comment = Praktikanten > path = /data/Praktikanten > read only = No > browseable = Yes > create mask = 0664 > directory mask = 0775 > force group = +praktikanten > > Lets take some users: > > user1 is in group praktikanten. > user2 is in group vpnguests. > > If i add > > valid users = @praktikanten > > no one can connect to the share anymore - even user1 which is member of > that group. > If i add to the first example > > invalid users = @vpnguests > > user2 can still connect, but he is in that group. > > user1: > > /etc/samba# id user1 > uid=11659(user1) gid=11616(praktikanten) Gruppen=11616(praktikanten) > > user2: > > /etc/samba# id user2 > uid=16129(user2) gid=16128(vpnguests) Gruppen=16128(vpnguests) > > > Something i've missed - reading manpage and docs this should work - but > doesnt. > I can even take the usernames (not the group) and it wont work. > > Samba version is latest etch one, 3.0.24-6. > Any help or hints welcome. > > I can provide some debug logs of any level if someone want to see - tell > what. > > kind regards > > > Torsten > > --=-RckmpzV8Kt5/YwBUyJji-- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3489 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20070617/969ffd0d/smime.bin