thr3ads.net - samba - [Samba] Samba + AD Authentication: Restricting access to shares [Jun 2019]

If this information is useful, please help other people find it:
Share via:

Goetz, Patrick G

2019-Jun-11 19:45 UTC

[Samba] Samba + AD Authentication: Restricting access to shares

Because most of our servers are restricted to specific user groups and 
the AD domain covers the entire university, I need to find a way to 
limit access to samba shares, preferably using AD security groups; i.e. 
I want to do something like:

[EMdata]
    comment = TEM Data
    path = /EMdata
    valid users = @cns-cryo-emusers
    guest ok = no
    writeable = yes


where cns-cryo-emusers is an AD security group.  Has this been 
implemented in any version of Samba?  Otherwise, is there any way to 
limit access when doing AD authentication?  We don't have any local 
users to limit access to; it's all domain users.  The local accounts are 
strictly used for administrative purposes.

Rowland penny

2019-Jun-11 20:12 UTC

head link

[Samba] Samba + AD Authentication: Restricting access to shares

On 11/06/2019 20:45, Goetz, Patrick G via samba wrote:> Because most of our servers are restricted to specific user groups and
> the AD domain covers the entire university, I need to find a way to
> limit access to samba shares, preferably using AD security groups; i.e.
> I want to do something like:
>
> [EMdata]
>      comment = TEM Data
>      path = /EMdata
>      valid users = @cns-cryo-emusers
>      guest ok = no
>      writeable = yes
>
>
> where cns-cryo-emusers is an AD security group.  Has this been
> implemented in any version of Samba?  Otherwise, is there any way to
> limit access when doing AD authentication?  We don't have any local
> users to limit access to; it's all domain users.  The local accounts
are
> strictly used for administrative purposes.
>
>Then do it the way Windows does it, set permissions on the share from 
the 'security' tab on Windows, see here:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Set your share like this:

[EMdata]
 ??? comment = TEM Data
 ??? path = /EMdata
 ??? read only = no

Rowland

Uwe Laverenz

2019-Jun-12 20:08 UTC

head link

[Samba] Samba + AD Authentication: Restricting access to shares

Hi,

Am 11.06.19 um 21:45 schrieb Goetz, Patrick G via samba:
> [EMdata]
>      comment = TEM Data
>      path = /EMdata
>      valid users = @cns-cryo-emusers
>      guest ok = no
>      writeable = yes
> 
> 
> where cns-cryo-emusers is an AD security group.  Has this been
> implemented in any version of Samba?  Otherwise, is there any way to
Not sure but: have you tried '+' instead of '@'?

    valid users = +cns-cryo-emusers

Uwe

Seemingly Similar Threads

Search for more possibly parallel threads

samba - Jun 2019 - Samba + AD Authentication: Restricting access to shares

[Samba] Samba + AD Authentication: Restricting access to shares

[Samba] Samba + AD Authentication: Restricting access to shares

[Samba] Samba + AD Authentication: Restricting access to shares

Seemingly Similar Threads