[Samba] group problem on NT4 domain

steven.TSE steven.tse at possehlelectronics.com.hk
Tue Feb 17 08:13:09 GMT 2004 

Thankyou for the reply,

"getent passwd, getent group, wbinfo -u and wbinfo -g" are also successfully
retrieved NTDOM user or group list,

removed all the highlighted, now the smb.conf:
============
[global]
	workgroup = NTDOM
	server string = Central File Server
	security = DOMAIN
	log file = /var/log/samba/%m.log
	wins server = 192.168.100.9, 192.168.100.55
	get quota command = /usr/bin/quota
	set quota command = /usr/sbin/setquota
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template homedir = /public/home/%U
	template shell = /bin/bash
	winbind cache time = 5

[finance]
	comment = Finance Dept
	path = /public/finance
	valid users = @"NTDOM\Domain Users"
	write list = NTDOM\steven_tse
	force group = ntgroup
	create mask = 0666
	directory mask = 0777

I still no luck to make it work, all clients computer can not access to
"finance" but prompt for login.  

result of id "NTDOM\steven_tse"
uid=10204(NTDOM\steven_tse) gid=10000 groups=10000,10001,10004

I tried to use valid users = @10000, then it works!!

steve



-----Original Message-----
From: John H Terpstra [mailto:jht at samba.org]
Sent: Tuesday, February 17, 2004 3:44 PM
To: steven.TSE
Cc: samba at lists.samba.org
Subject: RE: [Samba] group problem on NT4 domain


On Tue, 17 Feb 2004, steven.TSE wrote:

> Yes, winbindd is running and nsswitch.conf is configured as:
>
> passwd: file winbind
> shadow: file
> group: file winbind

What is the output of:

	getent passwd
	getent group

	wbinfo -u
	wbinfo -g

See further comments below.

- John T.

>
> smb.conf
> =======
> [global]
> 	workgroup = NTDOM
> 	server string = Central File Server
> 	security = DOMAIN
> 	auth methods = winbind

Get rid of "auth methods"

> 	password server = bga peh pbe_filpn

Why is it necessary to set "password server"? If possible remote this
too.

> 	client lanman auth = No
> 	client plaintext auth = No

Neither of these should be needed.

> 	log file = /var/log/samba/%m.log

> 	min protocol = LANMAN1
> 	local master = No

The above 2 should not be needed either.

> 	wins server = 192.168.100.9, 192.168.100.55
> 	get quota command = /usr/bin/quota
> 	set quota command = /usr/sbin/setquota
> 	idmap uid = 10000-20000
> 	idmap gid = 10000-20000
> 	template homedir = /public/home/%U
> 	template shell = /bin/bash
> 	winbind cache time = 5
>
> [finance]
> 	comment = Finance Dept
> 	path = /public/finance
> 	valid users = '@NTDOM\Domain Users'

Try:
	valid users = @"NTDOM\Domain Users"

> 	write list = PBE\steven_tse

What do you get if you run as root on this server:

	id "PBE\steven_tse"


> 	force group = ntgroup
> 	create mask = 0666
> 	directory mask = 0777
>
> I cannot access to shared folder "finance", it always prompt for user
login.
> Please help, thankyou
>
> Steve

More information about the samba mailing list