Still not working -- Re: [Samba] Winbind + Space in Group Name = Not working

[Matt Pavlovich]

Perhaps I am missing something..

What is the order of operations for specifing access control to a share
when using winbind?  Since Samba is using pam and winbind is simpily
providing an interface from pam to the NT Domain, it would suggest that
access definitions would need to be defined as:

valid users = DOMAIN+username, @DOMAIN+groupname, 

-instead of-

valid users = username, @groupname

Am I off base?  Any suggestions on the groups w/ spaces issues?

Matt Pavlovich

On Wed, 2002-03-13 at 15:57, Matt Pavlovich wrote:
> Using Samba 2.2.3a, w/ winbind on Debian woody, and Solaris 8.  
> 
> A share configured to only allow users within a group is not working
> because the group name has a space in it.  I have tried the syntax
> posted here a while back:
> 
> http://lists.samba.org/pipermail/samba/2001-October/059612.html
>      Try->   valid users = " "@Domain Users" "
> 
> But that does not work.  A group such as "Domain Users" in domain
> "Domain" returns an error in log.smbd:
> 
> user_in_winbind_group_list: winbind_lookup_name for group DOMAIN+Domain
> failed.
> 
> wbinfo -t returns: Secret is good
> getent passwd: Returns user list
> getent group: Returns group list
> 
> smb.conf looks like:
> 
> [global]
> 	workgroup = DOMAIN
> 	netbios name = SAMBATEST
> 	server string = Samba Test Server (Samba %v)
> 	security = domain
> 	encrypt passwords = Yes
> 	update encrypted = Yes
> 	obey pam restrictions = no
>         password server = *
> 	unix password sync = no
> 	invalid users = root
> 	syslog = 0
> 	max log size = 1000
> 	name resolve order = wins bcast host lmhosts
> 	socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
> SO_RCVBUF=4096
> 	load printers = No
> 	add user script = /usr/sbin/useradd -p %u %u
> 	preferred master = False
> 	local master = No
> 	domain master = False
> 	dns proxy = No
> 	wins server = 10.10.20.20
> # Winbind Options
> 	winbind uid = 10000-20000
> 	winbind gid = 10000-20000
>         winbind separator = +
> 	template shell = /bin/false
>         template homedir = /export/home/samba/%D/%U
> 
> [homes]
> 	comment = Home Directories
> 	create mask = 0700
> 	directory mask = 0700
> 	browseable = yes
>         writeable = yes
> 
> [files]
> 	comment = User1 writes, everyone else reads
> 	path = /export/home/samba/files
> 	force user = DOMAIN+user1
> 	force group = DOMAIN+Domain Users
> 	read only = No
> 	create mask = 0750
> 	force create mode = 0750
>         directory mask = 0750
>         inherit permissions = yes
>         write list = Domain+user1
> 	browseable = yes
>         
> #  ***** PROBLEM HERE ******  
>         valid users = " "@DOMAIN+Domain Users" " 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba