[UniMacTech] "valid users" attribute for SMB shares with Leopard
Server
Tony Williams
tonyw at honestpuck.com
Tue Apr 21 15:48:38 EST 2009
Mark,
You should find a section for each of your windows shares in smb.conf -
there will be line [sharename] and it is in that section that you will need
to add a "valid users =" line with the name of the group that can mount the
share i.e "valid users = @validgroup, @validgroup2, username1, username2".
I don't have a 10.5 server up right here to check but that is certainly the
case on my 10.4 box.
// Tony
On Tue, Apr 21, 2009 at 3:15 PM, Mark Szota <
mark.szota at infotech.monash.edu.au> wrote:
> Hi folks
>
> I am setting up a couple of share points via Samba using Leopard Server,
> what I want to know is if I can add a Samba "valid users" attribute to some
> configuration file so that I can restrict shares to a partiuclar user? As it
> stands I have all my shares setup, and have the ACL's modified so that only
> the username I want can read & write to them. However other Samba users (who
> I want to access other SMB shares) can actually log in to a share, but then
> get a mount error because they don't have enough permissions to do anything.
> I have set the POSIX and ACL permissions this way to stop them from
> accessing or modifying anything. I have also set Service ACL's so that users
> I want can access the Samba service. This seems to be the best result I can
> get so far.
>
> What I would like is for them to not even be able to authenticate to an SMB
> share they should not have access to (rather than just getting a mount
> error), which from memory is what the "valid users" attribute will allow me
> to do. Do I need to do some voodoo magic with ACL's or POSIX permissions, or
> is there a way I can do what I want via GUI tools or at the command line? Or
> worse yet, have I missed something completely obvious ? :)
>
> The /etc/smb.conf file seems to be just a fairly generic template, there
> are no share-specific settings in it, so I assume they are stored in some
> other file, but I do not know where..
>
> Hope that makes sense!
>
> Cheers
> Mark
>
>
> --
> Mark Szota
>
> Campus IT Co-ordinator
> Berwick School of IT
> Monash University
> Clyde Road, Berwick, Victoria, Australia, 3806
>
> Tel: +61 3 9904 7122
> email: Mark.Szota at infotech.monash.edu.au
>
>
> _______________________________________________
> unimactech mailing list
> unimactech at auc.edu.au
> http://www.auc.edu.au/mailman/listinfo/unimactech
>
--
(\___/)
(='.'=)
(")_(")
This is Bunny. Help Bunny by Copying and pasting Bunny into your web page or
email sig to help him gain world domination.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://auc.uow.edu.au/pipermail/unimactech/attachments/20090421/f0d5918c/attachment.html
More information about the unimactech
mailing list