[Samba] Problems w/ winbind and AD group membership

[Ziller, James]

Are you able to access the shares when you add your windows username to
"valid users =" in smb.conf?  That part works fine for me, its only when
I use groups in "valid users =" that it doesn't work.  Ive gone through
the docs dozens of times already rechecking everything and cannot get
this to work.  Btw, Im using redhat 9.  I've also tried "security =
domain" but have the same problem.

-James

-----Original Message-----
From: Mat Allgood [mailto:mallgood at gmail.com] 
Sent: Tuesday, August 03, 2004 10:09 AM
To: Ziller, James
Subject: Re: [Samba] Problems w/ winbind and AD group membership


>From what I can scrape together, you really need to be using MIT libkrb
>= 1.3.3. I'm working on the same thing and am running into the same
problem. 
Access Denied on access to the shares.  What distro are you using?

I'm using debian stable and unfortunatly there is no libkrb 1.3.3, so I
will have to compile from scratch.  In the mean time the way I'm working
around it is to set

security = domain.

I know this isn't perfect but it does get me access till I can get a few
minutes to compile up libkrb 1.3.3.

On Tue, 3 Aug 2004 08:49:35 -0500, Ziller, James <james.ziller at qg.com>
wrote:
> Thanks for the reply.  I installed MIT kerberos 1.3.1 andand rejoined 
> the domain.  Still cant access the share based on domain groups.  My 
> nsswitch.conf file looks like :
> 
> passwd:     files winbind ldap
> shadow:     files ldap
> group:      files winbind ldap
> 
> I have also tried swapping around the order.
> 
> -James