[Samba] AD user not honouring local group membership

ww m-pubsyssamba pubsyssamba at bbc.co.uk
Thu Mar 11 13:17:25 GMT 2004

hello list,

Without going into details I cannot currently use winbind for AD group data with Samba 3.0.x running on Solaris.

I Would like to use winbindd for reading user accounts from AD and then have those AD accounts as members of local (LDAP eventually)
groups. I have taken a test user "UserAW6" which is visible to Solaris via winbind and added them to a group "PrnAdm" in /etc/group. I have
mapped the UNIX group to a Windows group with "net groupmap" and then permissioned a directory to the NTGroup from a Windows client
system. From the UNIX command line I can "su" to UserAW6 and can access the folder as expected, but from my Windows client I cannot
access the directory because I get "access is denied" error!
My /etc/nsswitch.conf has the following entries for passwd and group

passwd		files,winbind
group		files

The following winbind related settings are in my smb.conf

             winbind separator = +
             winbind cache time = 300
             winbind use default domain = Yes
             template shell = /bin/sh
             template homedir = /tmp
             idmap uid = 10000-600000
             idmap gid = 10000-600000
        	winbind enum groups = no
        	winbind enum users = yes
	allow trusted domains = no

Why does Samba ignore my AD account's membership of a local UNIX group? Is what I'm attempting possible/supported within Samba, any
suggestions? I'm running Samba 3.0.2a on Solaris 8.

	thanks in advance, Andy.

More information about the samba mailing list