[Samba] Windows 2003 Active Directory and Group Access

Franz Gsell vl950t at freenet.de
Mon Apr 26 16:43:29 GMT 2004


Hi,

thanks for your help - now it works :-)))))))
But there is a new problem. We log on to the linux machine for email and ssh
and so on. So the new problem is that a user is now AMATEC+testuser instead
simple testuser (for the pam module). But I think we can make a hack to the
pam_winbind.so file to add "AMATEC+" to the entered username (so a user has
not to enter AMATEC+testuser but only testuser). Or is there a better way?

Kind regards

-----Ursprüngliche Nachricht-----
Von: Alex de Vaal [mailto:A.Vaal at nh-hotels.com] 
Gesendet: Montag, 26. April 2004 10:40
An: vl950t at freenet.de
Betreff: [Samba] Windows 2003 Active Directory and Group Access

Hello Franz,
 
I had the same problem with Wk3 groups as valid users on my shares; remove
"winbind use default domain = yes"  or set it to "winbind use default domain
= no" 
 
Because  "winbind separator = +" your valid group will be  "valid users =
@AMATEC.LOCAL+"GG_Entwicklung"
 
If you remove "winbind separator = +" your valid group will be  "valid users
= @AMATEC.LOCAL\"GG_Entwicklung"
 
I prefer the last one, because my ADS users don't have to logon on the Linux
server. My Samba server just acts as a Windows domain member server in ADS.
 

-- 
Regards, 

Alex de Vaal. 



 





More information about the samba mailing list