Samba4/Ubuntu Shares Incorrectly Available to All Users
Posted
by
Dan
on Server Fault
See other posts from Server Fault
or by Dan
Published on 2012-10-31T10:16:47Z
Indexed on
2012/10/31
11:02 UTC
Read the original article
Hit count: 316
I've got my Ubuntu server working with Samba4 and got it set up as the Primary domain controller on my network with AD and all that goodness.
However, I'm trying to get my Samba configuration to work with the users and groups I've defined with the Active Directory tools from Windows.
For instance, I've got a share X which I want users A and B (as part of the 'management' group, known as LLGrpManager in my setup) to see, but no body else. However, after making changes to the configuration, restarting Samba, I test by connecting to the share with my Mac over Samba as user 'C' which isn't part of the management group, and I can, incorrectly, see the X share.
I've tried alsorts of combinations of specifying the group with no luck at all. I've got a feeling that my global config might be too lenient or something to do with file permissions but being a bit green, I'm without clue.
My /etc/samba/smb.conf
# Global parameters
[global]
server role = domain controller
server string = Office Server
workgroup = LLDOMAIN
realm = lldomain.local
netbios name = DUMBO
passdb backend = samba4
logon path = \\%L\profiles\%U
logon drive = L:
log file = /var/log/samba/%m.log
max log size = 50
security = ads
domain logons = yes
domain master = auto
usershare allow guests = no
valid users = %S
[netlogon]
path = /var/lib/samba/sysvol/lldomain.local/scripts
read only = no
guest ok = no
[sysvol]
path = /var/lib/samba/sysvol
read only = No
guest ok = no
valid users = @LLDOMAIN\LLGrpManager
[ShareX]
path = /data
comment = Entire Data Volume
guest ok = no
comment = Entire Data Volume
guest ok = no
valid users = @LLDOMAIN\LLGrpManager
admin users = @LLDOMAIN\LLGrpManager
browsable = no
inherit acls = yes
inherit permissions = yes
...
My /etc/nsswitch.conf
I've also instructed the system to use the nss winbind library when searching for users or groups by adding the stanza passwd and group in /etc/nsswitch.conf:
passwd: compat winbind
group: compat winbind
shadow: compat
Permissions on the folder in question
drwxrwxrwt 8 root root 4.0K Oct 28 19:11 data
© Server Fault or respective owner