[Samba] group problem on NT4 domain

John H Terpstra jht at samba.org
Tue Feb 17 07:44:06 GMT 2004 

On Tue, 17 Feb 2004, steven.TSE wrote:

> Yes, winbindd is running and nsswitch.conf is configured as:
>
> passwd: file winbind
> shadow: file
> group: file winbind

What is the output of:

	getent passwd
	getent group

	wbinfo -u
	wbinfo -g

See further comments below.

- John T.

>
> smb.conf
> =======
> [global]
> 	workgroup = NTDOM
> 	server string = Central File Server
> 	security = DOMAIN
> 	auth methods = winbind

Get rid of "auth methods"

> 	password server = bga peh pbe_filpn

Why is it necessary to set "password server"? If possible remote this
too.

> 	client lanman auth = No
> 	client plaintext auth = No

Neither of these should be needed.

> 	log file = /var/log/samba/%m.log

> 	min protocol = LANMAN1
> 	local master = No

The above 2 should not be needed either.

> 	wins server = 192.168.100.9, 192.168.100.55
> 	get quota command = /usr/bin/quota
> 	set quota command = /usr/sbin/setquota
> 	idmap uid = 10000-20000
> 	idmap gid = 10000-20000
> 	template homedir = /public/home/%U
> 	template shell = /bin/bash
> 	winbind cache time = 5
>
> [finance]
> 	comment = Finance Dept
> 	path = /public/finance
> 	valid users = '@NTDOM\Domain Users'

Try:
	valid users = @"NTDOM\Domain Users"

> 	write list = PBE\steven_tse

What do you get if you run as root on this server:

	id "PBE\steven_tse"


> 	force group = ntgroup
> 	create mask = 0666
> 	directory mask = 0777
>
> I cannot access to shared folder "finance", it always prompt for user login.
> Please help, thankyou
>
> Steve
>
>
> -----Original Message-----
> From: John H Terpstra [mailto:jht at samba.org]
> Sent: Tuesday, February 17, 2004 3:09 PM
> To: steven.TSE
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] group problem on NT4 domain
>
>
> On Tue, 17 Feb 2004, steven.TSE wrote:
>
> > Hi,
> >
> > Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc
> > join successfully.
> >
> > everything work great, but group permission failed, error message is
> > "user_in_winbind_group_list: nametogid for group NTGROUP failed".
>
> Do you have winbindd running?
> Is /etc/nsswitch.conf configured to use winbind?
>
> - John T.
>
> >
> > smb.conf on shares as below:
> > =====================
> > omitted base configurations...
> >
> > [shareA]
> > path = /public/shareA
> > valid users =  '@NT\Domain Users'
> > write list = NT\steven
> >
> >
> > the conf is simple but error occured.  No one can access to shareA, a
> login
> > prompted out for user/pass.  BTW, it has no problem at all if only use
> user
> > rather than group.  Please kindly help or advise, thankyou.
> >
> >
> > Best Regards,
> > Steven Tse
> >
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list