[Samba] Windows 2003 Active Directory and Group Access

Franz Gsell vl950t at freenet.de
Sun Apr 25 10:28:20 GMT 2004


Ok my version is 1.2.2-10. But I think this couldn't be a problem of
kerberos or could it be? I think - if it is working with a windows 2000
client and not with a XP Client the problem must be located somewhere else?

But I can try a newer version. 

Is there nobody who has the same problem - it's so strange

Kind regards
Franz Gsell



-----Ursprüngliche Nachricht-----
Von: brad smith [mailto:brad.smith1 at comcast.net] 
Gesendet: Sonntag, 25. April 2004 09:38
An: Franz Gsell
Betreff: Re: [Samba] Windows 2003 Active Directory and Group Access

What version of Kerberos are you using on the linux side?  Try v1.3.1, if
you are not already using it (just a shot in the dark).

----- Original Message ----- 
From: "Franz Gsell" <vl950t at freenet.de>
Newsgroups: linux.samba
Sent: Saturday, April 24, 2004 2:50 PM
Subject: RE: [Samba] Windows 2003 Active Directory and Group Access


Hi,

first - thanks for your answer your are right. I have tested it now with a
windows 2000 client and everything is fine. But the problem is - that the
same test with a Windows XP Client fails. What's wrong? The Windows XP
Client is also a member off the domain and the same user is logged on as on
the windows 2000 client. But on the Windows XP Client I get the prompt to
enter a username and a password to open the share of the samba server.
And I have tested it on many XP Clients - always with the same result -> a
Prompt to enter the username and the password (but I think the currently
username should be used, because I am logged on at the domain).

Perhaps can anybody help me - it's confusing

Kind regards
Franz Gsell

-----Ursprüngliche Nachricht-----
Von: Matt Perkins [mailto:mperkins at lbmc.com]
Gesendet: Freitag, 23. April 2004 15:36
An: Franz Gsell; samba at lists.samba.org
Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access

Your winbind separator is a "+". Either comment out the "winbind
separator" line in smb.conf or change your valid users entry to:

valid users = @AMATEC+"GG_Entwicklung"

Matt Perkins

-----Original Message-----
From: samba-bounces+mperkins=lbmc.com at lists.samba.org
[mailto:samba-bounces+mperkins=lbmc.com at lists.samba.org] On Behalf Of
Franz Gsell
Sent: Friday, April 23, 2004 2:13 AM
To: samba at lists.samba.org
Subject: [Samba] Windows 2003 Active Directory and Group Access


Hi together,

we have a Windows 2003 Active Directory Server, working together with
Samba Version 3.0.2a-Debian. It seems everything (Kerberos
authentication and so on) works fine. All the authentication is done by
the windows 2003
server. My problem is, that I can't connect to a share via a windows xp
client, when the share has an option "valid user" which defines a group
of the domain. A simple user works - but a group entry for the "valid
user" option doesn't.

I have read many articles and tried many different settings - but
without success. Perhaps can somebody help me.

Here are some outputs and configs from my system:

neptun:/etc/init.d# wbinfo -g
DomDomSchema-Admins
Organisations-Admins
DomDomDomRichtlinien-Ersteller-Besitzer
DnsUpdateProxy
GG_Entwicklung
GG_Controlling
GG_Geschaeftsfuehrung
GG_Vertrieb
GG_Sekretariat
GG_Personal



neptun:/etc/init.d# wbinfo -u
Administrator
Gast
SATURN$
krbtgt
host/neptun.amatec.local
HOST/neptun
testuser



So testuser is a member of the global group GG_Entwicklung on the
Windows 2003 Server.



My smb.conf File:

[global]
log level = 2
workgroup = AMATEC
netbios name = neptun
server string = Fileserver Austausch
wins server = 192.168.42.252
# winbind configuration
winbind separator = +
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
# Activie directory joining
security = ads
encrypt passwords = true
password server = saturn.amatec.local
realm = AMATEC.LOCAL

[Austausch]
        path = /austausch
        read only = no
        writable = yes
        # doesn't work
        #valid users = @AMATEC\"GG_Entwicklung"
        # doesn't work
        #valid users = @GG_Entwicklung
        # this one works
        valid users = testuser




As you see the settings for a group access doesn't work. When i enter as
user "testuser" everything works. Again - perhaps anybody can help me.

Kind regards
Franz Gsell









-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list