| View previous topic :: View next topic |
| Author |
Message |
grooveman
Veteran
Joined: 24 Feb 2003
Posts: 1217
|
 Posted: Fri Jul 23, 2004 6:11 pm Post subject: Valid users, %g and %u not cooperating. |
 |
|
Hello.
I have samba working with ADS and winbind (upgrading from nt4/samba-2.0.7 to
w2k3/samba-3.0.4). Everything seems cool, but for one thing.
My old homes share used to look like this:
| Code: |
[homes]
path=%H/sam
valid users = +%G,%U
force user = %U
force group = %G
write list = +%U
create mask = 0770
directory mask = 0770
browseable=no
read only = no
|
It worked beautifully. But the whole valid users thing isn't working on the
new system. To help troubleshoot, I used "root prexec" to dump the contents
of %U, %u, %G, and %g to a file.
The values of these variables when connecting to the [homes] share as me:
<>%U = username without domain (e.g. chris)
<>%u = username with domain name and domain seperator (e.g. DOMAIN+chris)
<>%G = "users" --- always equal to the group "users" -- I have no clue why!
Sometimes, however, %G = "%G" instead of "users". I think this is true for
users who don't have a local unix account on the system.
<>%g = groupname with domain name and domain seperator (e.g. DOMAIN+chris_)
Here is where it gets weird.
Because %u = DOMAIN+chris it seems I should be able to do this:
valid users = %u
But it doesn't work! Once I add that line, it denies me access to the share.
If I comment it out, I once again have access.
So, because %g = DOMAIN+primary_group I tried this:
valid users = +%g (also tried valid users = @%g)
Same thing. Doesn't grant me access. This makes absolutely no sense to me.
The use of these variables is critical to maintaining the security of the
server shares. Has this changed between versions? Is this a bug? Or am I
missing something all together? How can I do this? I can't find anything on
this in the books (I have 4 samba books...) or on line. It used to work...
I appreciate any help.
Thanks!
G
_________________
To look without without looking within is like looking without without looking at all. |
|
| Back to top |
|
 |
grooveman
Veteran
Joined: 24 Feb 2003
Posts: 1217
|
| Posted: Thu Jul 29, 2004 7:08 pm Post subject: |
|
|
Oh well.. I will find another way I guess.
G
_________________
To look without without looking within is like looking without without looking at all. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
