- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Samba with Active Directory
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2005 02:48 AM
09-16-2005 02:48 AM
I am fairly new to Samba in combination with Active Directory. I will try my best to get my question across...but I am finding it all pretty confusing.
We have a Windows Server being the primary domain controller and the "main" Advanced Server server. I have an HPUX system setup with Samba shares and DOMAIN security. There are users both on HPUX and the windows side. So, there are folks on the windows side that need to access the shares - however, I want to make the shares only accessible by those added to a specific group in Advanced Server (windows side). The problem that I am having is that the shares seem to be accessible by everyone. So, is there a way to make a share accessible by certain groups only - and those groups are not the standard Unix groups in /etc/group, but the AS groups?
[global]
workgroup = abcd
netbios name = SERVERA
server string = Samba Server
security = DOMAIN
map to guest = Bad User
password server = 192.x.x.x
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 1000
wins server = 10.117.10.40
short preserve case = No
dos filetime resolution = Yes
[LYRS]
comment = Layers for GIS
path = /lyrs
[NAIS]
comment = NAIS Spatial Information
path = /nais
[GIS]
comment = GIS Unit Access
path = /gis
guest ok = Yes
public = Yes
The first ones should only be accessible by the XYZ group and the third to all.
Thanks,
Sally
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2005 04:28 AM
09-16-2005 04:28 AM
			
				
					
						
							Re: Samba with Active Directory
						
					
					
				
			
		
	
			
	
	
	
	
	
Yes you can:
[LYRS]
comment = Layers for GIS
path = /lyrs
valid users = NTDOMAIN+groupid
force user = unixuser
force group = unixgroup
Don't add the + until you setup winbind!
See my thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=949365
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2005 05:37 AM
09-16-2005 05:37 AM
			
				
					
						
							Re: Samba with Active Directory
						
					
					
				
			
		
	
			
	
	
	
	
	
force user = unixuser
force group = unixgroup
So, by adding these two lines, only those belonging to the AS group xyz will be allowed to access? So in my case, I would only have to put "force group = xyz" because I only want to secure the share by the group only and not the user.
Thanks again,
S.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2005 05:47 AM
09-16-2005 05:47 AM
Solutionforce user (S)
This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.
This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the "forced user", no matter what username the client connected as. This can be very useful.
Actually, if you connect to your server with SWAT:
http://yoursambaserver:901
Enter root and root password - there is really good online documentation.
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2005 06:06 AM
09-16-2005 06:06 AM
