[Samba] Re: PAM-Winbind authentication working but can't use domain
rwebb at wmis.net
Sun Oct 12 04:36:16 GMT 2003
----- Original Message -----
From: "Rich Webb" <rwebb at wmis.net>
To: <samba at lists.samba.org>
Sent: Saturday, October 11, 2003 8:17 PM
> I am having trouble trying to figure out how to set up access to a samba
> share based on an Active Directory group. Here is my smb.conf file:
In order to make it work, I had to take out the lines "winbind use default
domain = yes", and "winbind seperator = +" and then fully specify the domain
group in my share definition as such:
path = /svr/shared
valid users = @TESTSYS\shared (or @TESTSYS\"Domain Users" if there are
spaces in the group)
writeable = yes
browseable = yes
force group = TESTSYS\shared
I think this could be a bug that it does not accept only "valid users =
shared" while "winbind use default domain = yes". It appears that samba is
not correctly matching the group the domain controllers group.
The + is not a good seperator because if you read about the "valid users"
directive, it uses a + to specify a unix group.
Hope this helps someone!
More information about the samba