[Samba] Windows 2003 Active Directory and Group Access

Franz Gsell vl950t at freenet.de
Fri Apr 23 07:15:26 GMT 2004


Hi together,

we have a Windows 2003 Active Directory Server, working together with Samba
Version 3.0.2a-Debian. It seems
everything (Kerberos authentication and so on) works fine. All the
authentication is done by the windows 2003
server. My problem is, that I can't connect to a share via a windows xp
client, when the share has an option
"valid user" which defines a group of the domain. A simple user works - but
a group entry for the "valid user"
option doesn't.

I have read many articles and tried many different settings - but without
success. Perhaps can somebody help me.

Here are some outputs and configs from my system:

neptun:/etc/init.d# wbinfo -g
DomDomSchema-Admins
Organisations-Admins
DomDomDomRichtlinien-Ersteller-Besitzer
DnsUpdateProxy
GG_Entwicklung
GG_Controlling
GG_Geschaeftsfuehrung
GG_Vertrieb
GG_Sekretariat
GG_Personal



neptun:/etc/init.d# wbinfo -u
Administrator
Gast
SATURN$
krbtgt
host/neptun.amatec.local
HOST/neptun
testuser



So testuser is a member of the global group GG_Entwicklung on the Windows
2003 Server.



My smb.conf File:

[global]
log level = 2
workgroup = AMATEC
netbios name = neptun
server string = Fileserver Austausch
wins server = 192.168.42.252
# winbind configuration
winbind separator = +
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
# Activie directory joining
security = ads
encrypt passwords = true
password server = saturn.amatec.local
realm = AMATEC.LOCAL

[Austausch]
        path = /austausch
        read only = no
        writable = yes
        # doesn't work
        #valid users = @AMATEC\"GG_Entwicklung"
        # doesn't work
        #valid users = @GG_Entwicklung
        # this one works
        valid users = testuser




As you see the settings for a group access doesn't work. When i enter as
user "testuser" everything works. Again - perhaps
anybody can help me.

Kind regards
Franz Gsell












More information about the samba mailing list