HPE Community
Operating System - HP-UX
1820474 Members
3301 Online
109624 Solutions
New Discussion

Restrciting Samba Shares to only Domain Users and Groups

 
SOLVED
Go to solution
gstonian
Trusted Contributor

‎01-03-2008 07:52 AM

‎01-03-2008 07:52 AM

Restrciting Samba Shares to only Domain Users and Groups

I have several Samba shares installed on several of my HPUX servers. Due to time restrictions, when it was installed it was left pretty much wide open by the last admin and now it's time to secure it.

Presently most shares can be accessed by anyone in the company with access to a network point.

I would like to do the following:

1) Prevent non Domain Users access to shares (i.e. non domain logins/local admin accounts/laptops etc)
2)Allow only certain users of specific Windows NT Groups access to certain shares.

From what i've read so far I think this is only possible by creating and mapping groups from Windows to each HPUX server and also creating a user account for each connect on the HPUX Servers.

I doubt I'll get authorisation to create users on the production servers just for samba shares so I'm looking for a way to get Samba to allow/check the windows domains to get the authorisation required.

Is this posible without affecting/adding users/groups on hpux servers ?

0 Kudos
Reply
1 REPLY 1
Geoff Wild
Honored Contributor

‎01-03-2008 09:56 AM

‎01-03-2008 09:56 AM

Solution

Re: Restrciting Samba Shares to only Domain Users and Groups

Yes it is possible - if you are running Active Directory and if you convert your samba servers to be
security = ADS

See my thread here and how I got it to work:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=949365&admit=109447626+1199382712434+28353475


For each share, you would then specify

valid users = YOURNTDOMAIN+user1, YOURNTDOMAIN+user2, etc

If you want them to "write" files as the same "unix" user, then you need to create an Unix user and set:

force user = unixid1


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.