[Samba] Windows 2003 Active Directory and Group Access
vl950t at freenet.de
Wed May 5 19:20:21 GMT 2004
Yes I have already tried this settings:
"winbind use default domain = yes"
"valid users = @AMATEC.LOCAL+GG_Entwicklung"
But this only works for windows 2000 Clients and not for Windows XP Clients.
As you have written before everything works without "winbind use default
domain = yes" but then a user has to login e.g. for ssh with
I don't think it's a good idea to hack the pam module too, perhaps is there
another possibility - perhaps any of the developer team has a workaround?
Von: Alex de Vaal [mailto:A.Vaal at nh-hotels.com]
Gesendet: Mittwoch, 5. Mai 2004 12:22
An: 'Franz Gsell'
Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access
You can try to set "winbind use default domain = yes" again and use as valid
users: "valid users = @AMATEC.LOCAL+GG_Entwicklung"
I've found in a faq the following:
Q: I tried to set valid users = @Engineers, but it does not work. My Samba
is an Active Directory Domain Member server. Has this been fixed now?
A: The use of this parameter has always required the full specification of
account, for example, valid users = @"MEGANET2\Domain Admins".
You can always try if this work, while hacking pam_winbind.so seems not to
be a good idea to me.
From: Franz Gsell [mailto:vl950t at freenet.de]
Sent: Monday 26 April 2004 18:43
To: samba at lists.samba.org
Cc: 'Alex de Vaal'
Subject: RE: [Samba] Windows 2003 Active Directory and Group Access
thanks for your help - now it works :-))))))) But there is a new problem. We
log on to the linux machine for email and ssh and so on. So the new problem
is that a user is now AMATEC+testuser instead simple testuser (for the pam
module). But I think we can make a hack to the pam_winbind.so file to add
"AMATEC+" to the entered username (so a user has not to enter
AMATEC+testuser but only testuser). Or is there a better way?
More information about the samba