LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Samba security "permissions" in DOMAIN mode (http://www.linuxquestions.org/questions/linux-networking-3/samba-security-permissions-in-domain-mode-20045/)

tisource 05-02-2002 01:47 PM

Samba security "permissions" in DOMAIN mode
 
Hey,

I've got a Mandrake 8.2 web server running samba. I'm having and interesting problem.

I have joined the mandrake box to our NT4 domain (done on both the NT4 PDC and the mandrake box).

My problem is that I only want two users to have write access (eveyryone else gets read only), but I want to be able to control it via NT users.

I tried putting my user in the write list, but it seems that is for local linux accounts. I tried doing DOMAIN\user in the box, referring to NT4 accounts, but that didn't work either.

Is there a way I can set up samba so all users in the NT4 "webmasters" group have write access, while all other NT4 users have read access?

So far, the only way I can get write access is to set read only to no, but that opens it up for everyone. I don't want that.

Help!!

(Thanks in advance)

geekdug 05-02-2002 06:16 PM

I posted a similiar question a couple of weeks ago, I have yet to receive a reply. I'm thinking I will setup the same users and groups on the Linux box that already exist on the W2K server. I have not had time to test this therory, so proceed with caution.

tisource 05-08-2002 05:22 PM

I've found that if I only create matching users on the linux box for those that need access, access is granted. I can then control read and read-write access via "write list" and "read list" with local linux user accounts.

From what I can tell, the password on the local accounts really don't matter. With samba running in DOMAIN security mode, it checks the NT4 PDC to see if the supplied credentials are valid. But it won't let anyone in beyond that point unless there is a local linux account that matches the domain user account credentials.

I also read that there is a project in the works that would extend the "schema" (lack of a better word) of the ext2 file system. You can then embed Windows ACL's in the actual file system. That would give you the granularity of control you need. The local permissions override the Windows ACL permissions.

Anyway, if I'm wrong, I hope someone will let me know.


...........Jason

geekdug 05-09-2002 09:41 PM

Check out this article, I found the contents helpful.

http://www.sin.khk.be/~dj/


All times are GMT -5. The time now is 04:35 PM.