[Samba] group problem on NT4 domain (revised)

steven.TSE steven.tse at possehlelectronics.com.hk
Tue Feb 17 07:34:58 GMT 2004

revised to prevent confusion, sorry

-----Original Message-----
From: steven.TSE 
Sent: Tuesday, February 17, 2004 3:30 PM
To: John H Terpstra
Cc: samba at lists.samba.org
Subject: RE: [Samba] group problem on NT4 domain

Yes, winbindd is running and nsswitch.conf is configured as:

passwd: file winbind
shadow: file
group: file winbind

	workgroup = NTDOM
	server string = Central File Server
	security = DOMAIN
	auth methods = winbind
	password server = bga peh pbe_filpn
	client lanman auth = No
	client plaintext auth = No
	log file = /var/log/samba/%m.log
	min protocol = LANMAN1
	local master = No
	wins server =,
	get quota command = /usr/bin/quota
	set quota command = /usr/sbin/setquota
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template homedir = /public/home/%U
	template shell = /bin/bash
	winbind cache time = 5

	comment = Finance Dept
	path = /public/finance
	valid users = '@NTDOM\Domain Users'
	write list = NTDOM\steven_tse
	force group = ntgroup
	create mask = 0666
	directory mask = 0777

I cannot access to shared folder "finance", it always prompt for user login.
Please help, thankyou


-----Original Message-----
From: John H Terpstra [mailto:jht at samba.org]
Sent: Tuesday, February 17, 2004 3:09 PM
To: steven.TSE
Cc: samba at lists.samba.org
Subject: Re: [Samba] group problem on NT4 domain

On Tue, 17 Feb 2004, steven.TSE wrote:

> Hi,
> Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc
> join successfully.
> everything work great, but group permission failed, error message is
> "user_in_winbind_group_list: nametogid for group NTGROUP failed".

Do you have winbindd running?
Is /etc/nsswitch.conf configured to use winbind?

- John T.

> smb.conf on shares as below:
> =====================
> omitted base configurations...
> [shareA]
> path = /public/shareA
> valid users =  '@NT\Domain Users'
> write list = NT\steven
> the conf is simple but error occured.  No one can access to shareA, a
> prompted out for user/pass.  BTW, it has no problem at all if only use
> rather than group.  Please kindly help or advise, thankyou.
> Best Regards,
> Steven Tse

John H Terpstra
Email: jht at samba.org
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list