[Samba] Re: accessing shares

Tim Jordan, Network Services timothy_jordan at labor.state.ak.us
Wed Oct 22 17:32:24 GMT 2003

"Domain Admins" is a valid Active Directory group.  I have it 
groupmapped to:
        Domain Admins (S-1-5-21-3417231078-1290269627-1885213793-2005) 
-> root
"tim" is a member of the "root" group

    comment = OpenSource
    path = /mnt/windows/Software/
    public = yes
    writable = yes
    printable = no
    write list =@"Domain Admins"
drwxr--r--   57  tim    root        32768 Oct  8 00:49 Software (Do the 
unix permissions matter or just what is in the smb.conf?)

>For the other share is you account TIM or tim ? Unix is case sensitive as
>far as i know.
TIM is my windows active directory account - tim is my local unix account.
        comment = Tim's Service
        path = /home/tim/
        writeable = TIM
        read only = No

Winbind should be handling all authentication from our M$ PDC.  I can 
log into my Samba box with a M$ domain account.  I just can't seem to 
get the share authentication working.  I'm not sure what logs to watch.  
I have been reviewing the smbd, nmbd, winbind, and the log that is 
corresponding to the workstation trying to connect to the Samba share.

In the logs I noticed that winbind is trying to authenticate the 
microsoft workstation connecting to the Samba share.

> [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:process_request(305)
>   process_request: request fn GETPWNAM
> [2003/10/21 10:58:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112)
>   [22176]: getpwnam DOL-ANC-WTS2$
> [2003/10/21 10:58:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147)
>   user 'DOL-ANC-WTS2$' does not exist 

Have I missed something in the HOW TO: ?  I don't recall having to 
create machine accounts on the Samba server.  I thought Samba is 
supposed to authenticate the user trying to access the share.  If that 
is true perhaps I have a pam config file wrong?  I don't know where to 
start looking at how the authentication is handled on the Samba share 
and more importantly what order of authentication is being done...how do 
I tweak that order to point authentication to my M$ PDC?  I did it for 
the pam.d/login config file.

Perhaps I'm not even on the right track...

Emmanuel Viennot wrote:

>May be you should check your write list parameter wich is @"Domain Admins"
>. Is  Domain Admins a valid group and is "tim" a member of this group ?
>For the other share is you account TIM or tim ? Unix is case sensitive as
>far as i know.
>Hope that help.

More information about the samba mailing list