Hi,
I have a case where I only want to restrict access to SMB shares via filesystem
permissions (and POSIX ACLs). Therefore, I do not want Samba to verify security
in any way at the SMB level. If the filesystem/ACL permissions allow access to
the shared directory, so should Samba. If the filesystem does not allow access
to the filesystem, Samba should deny as well.
I thought I had this working correctly, but sometimes it randomly breaks. Here
is an example of a share's configuration:
[testshare]
comment = Test Share
path = /test/testshare
writeable = yes
create mask = 770
directory mask = 770
if the share's directory has the following permissions:
drwxrwx--- 2 root DOMAIN\testgroup 4096 Dec 7 14:54 testshare
Then, anyone in the "DOMAIN\testgroup" should have read/write access
to the share, correct? Instead, when I try to access the share, I get prompted
for credentials, and then get denied. The following error is displayed in SMB
logs:
==> /var/log/samba/__ffff_172.26.103.175.log <=[2012/12/07
14:57:18.622794, 1] auth/auth_util.c:848(create_token_from_username)
lookup_name_smbconf for DOMAIN\testuser failed
DOMAIN\testuser is a member of DOMAIN\testgroup.
Any help would be greatly appreciated!
Thanks,
Josh