LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-02-2002, 01:47 PM   #1
tisource
Member
 
Registered: Feb 2002
Posts: 322

Rep: Reputation: 30
Samba security "permissions" in DOMAIN mode


Hey,

I've got a Mandrake 8.2 web server running samba. I'm having and interesting problem.

I have joined the mandrake box to our NT4 domain (done on both the NT4 PDC and the mandrake box).

My problem is that I only want two users to have write access (eveyryone else gets read only), but I want to be able to control it via NT users.

I tried putting my user in the write list, but it seems that is for local linux accounts. I tried doing DOMAIN\user in the box, referring to NT4 accounts, but that didn't work either.

Is there a way I can set up samba so all users in the NT4 "webmasters" group have write access, while all other NT4 users have read access?

So far, the only way I can get write access is to set read only to no, but that opens it up for everyone. I don't want that.

Help!!

(Thanks in advance)
 
Old 05-02-2002, 06:16 PM   #2
geekdug
LQ Newbie
 
Registered: Apr 2002
Location: portland
Distribution: RH 7.2
Posts: 6

Rep: Reputation: 0
I posted a similiar question a couple of weeks ago, I have yet to receive a reply. I'm thinking I will setup the same users and groups on the Linux box that already exist on the W2K server. I have not had time to test this therory, so proceed with caution.
 
Old 05-08-2002, 05:22 PM   #3
tisource
Member
 
Registered: Feb 2002
Posts: 322

Original Poster
Rep: Reputation: 30
I've found that if I only create matching users on the linux box for those that need access, access is granted. I can then control read and read-write access via "write list" and "read list" with local linux user accounts.

From what I can tell, the password on the local accounts really don't matter. With samba running in DOMAIN security mode, it checks the NT4 PDC to see if the supplied credentials are valid. But it won't let anyone in beyond that point unless there is a local linux account that matches the domain user account credentials.

I also read that there is a project in the works that would extend the "schema" (lack of a better word) of the ext2 file system. You can then embed Windows ACL's in the actual file system. That would give you the granularity of control you need. The local permissions override the Windows ACL permissions.

Anyway, if I'm wrong, I hope someone will let me know.


...........Jason
 
Old 05-09-2002, 09:41 PM   #4
geekdug
LQ Newbie
 
Registered: Apr 2002
Location: portland
Distribution: RH 7.2
Posts: 6

Rep: Reputation: 0
Check out this article, I found the contents helpful.

http://www.sin.khk.be/~dj/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
what is "sticky bit mode" , "SUID" , "SGID" augustus123 Linux - General 10 08-03-2012 04:40 AM
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 11:26 AM
Lost DHCP Lease when putting computer in "Standby" mode for a "long" time pnellesen Linux - Networking 1 01-06-2005 11:44 PM
Samba 3.0.0 removed "domain admin group". What now?? eteck Linux - Networking 1 11-28-2003 10:18 PM
Samba permissions - security = domain, help!!! Gustavo Gomes Linux - Networking 0 10-28-2003 06:28 AM


All times are GMT -5. The time now is 07:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration