Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Samba Config Question
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
db_404
Guru
Guru


Joined: 05 Dec 2002
Posts: 336
PostPosted: Fri Apr 30, 2004 7:33 pm    Post subject: Samba Config Question Reply with quote
Hi,

I have a Samba (3) acting as a normal (not PDC) server in a Windows domain, the system has some local users. I have winbindd running, and seemingly working to provide domain user/group mapping to the box.

I have one directory that I wish to have shared by a particular group of local users, so I create a new group, add the users to it and set the directory up as follows:
Code:

drwxrwxr-x    2    root      editgroup   4096  Apr    5  10:00 somedir


This works fine, the local users can edit away quite merrily.

Now I would also like to make this directory shared to specific users from the LAN. So I edit /etc/groups to add:
Code:

editgroup::500:localuser1,localuser2,DOMAIN+lanuser1,DOMAIN+lanuser2


I have the domain separator set to + in smb.conf btw.

And share the directory from Samba with
Code:

[shared]
      path=/home/somedir
      comment = shared dir
       writeable=yes


However this doesn't work, from windows DOMAIN+lanuser1 can see the dir (presumably because it is world readable), but can't write to it.

I'm assuming I just can't use the group file this way and have it work, so what is the correct way to go about setting this up?

Strange thing is I can su to DOMAIN+lanuser1 and 'id' will show me as being in editgroup, and I can work in the shared dir just fine.
Back to top
View user's profile Send private message
moocha
Watchman
Watchman


Joined: 21 Oct 2003
Posts: 5722
PostPosted: Sat May 01, 2004 1:12 am    Post subject: Reply with quote
Hm, maybe requiring a specific group (edigroup) on the share *and* at the same time setting force group to that same group will work?
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin
Back to top
View user's profile Send private message
db_404
Guru
Guru


Joined: 05 Dec 2002
Posts: 336
PostPosted: Mon May 03, 2004 1:25 pm    Post subject: Reply with quote
Yes, that's what I ended up doing. I can restrict access to the shared dir via the smb.conf to specific domain users and groups, then use the 'force group' directive to force users from the LAN into 'editgroup'.

Thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy