[Samba] Windows 2003 Active Directory and Group Access

Franz Gsell vl950t at freenet.de
Mon May 10 17:30:55 GMT 2004


As I have written - this is NO solution. And this has nothing to do with
Permissions. I must be able to use the 

"winbind use default domain = yes"

option. But when I use this option all users have to enter the Domain suffix
on they usernames like DOMAIN+testuser for pop3 and ssh. This is a bad thing
to tell 100 users that they have to enter anoter username for pop3 or ssh -
but simple testuser for the share.

I still need help ??

Kind regards
Franz





-----Ursprüngliche Nachricht-----
Von: Kevin Kallsen [mailto:kallsen at e101.com] 
Gesendet: Montag, 10. Mai 2004 00:31
An: 'Franz Gsell'
Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access

I had this problem too.  The solution was to chmod the directory/folder with
readable/writable access.  Also chgrp for the directory 

-----Original Message-----
From: samba-bounces+kallsen=e101.com at lists.samba.org
[mailto:samba-bounces+kallsen=e101.com at lists.samba.org] On Behalf Of Franz
Gsell
Sent: Sunday, May 09, 2004 11:03 AM
To: samba at lists.samba.org
Subject: RE: [Samba] Windows 2003 Active Directory and Group Access

Hi together,

I have still the problems I have mentioned below. Is there any developer who
can help me? If it is not possible to find a workaround, I have to enter
every user explicitly in the "valid users" option, and there are about 100
users who are trying to access the share. It would be great if a developer
can tell me more - perhaps I can make a hack by myself - but it's very
difficult to understand all source files and how they work together.

Kind regars
Franz

-----Ursprüngliche Nachricht-----
Von: samba-bounces+vl950t=freenet.de at lists.samba.org
[mailto:samba-bounces+vl950t=freenet.de at lists.samba.org] Im Auftrag von
Franz Gsell
Gesendet: Mittwoch, 5. Mai 2004 21:20
An: samba at lists.samba.org
Cc: 'Alex de Vaal'
Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access

Hi Alex,

Yes I have already tried this settings:

"winbind use default domain = yes"

and


"valid users = @AMATEC.LOCAL+GG_Entwicklung"

But this only works for windows 2000 Clients and not for Windows XP Clients.
As you have written before everything works without "winbind use default
domain = yes" but then a user has to login e.g. for ssh with
AMATEC+username.

I don't think it's a good idea to hack the pam module too, perhaps is there
another possibility - perhaps any of the developer team has a workaround?

Kind regards
Franz


-----Ursprüngliche Nachricht-----
Von: Alex de Vaal [mailto:A.Vaal at nh-hotels.com] 
Gesendet: Mittwoch, 5. Mai 2004 12:22
An: 'Franz Gsell'
Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access

Hello Franz,

You can try to set "winbind use default domain = yes" again and use as valid
users: "valid users = @AMATEC.LOCAL+GG_Entwicklung"

I've found in a faq the following:

Q: I tried to set valid users = @Engineers, but it does not work. My Samba
server
is an Active Directory Domain Member server. Has this been fixed now?
A: The use of this parameter has always required the full specification of
the Domain
account, for example, valid users = @"MEGANET2\Domain Admins".

You can always try if this work, while hacking pam_winbind.so seems not to
be a good idea to me.

Best regards,
Alex.

-----Original Message-----
From: Franz Gsell [mailto:vl950t at freenet.de] 
Sent: Monday 26 April 2004 18:43
To: samba at lists.samba.org
Cc: 'Alex de Vaal'
Subject: RE: [Samba] Windows 2003 Active Directory and Group Access

Hi,

thanks for your help - now it works :-))))))) But there is a new problem. We
log on to the linux machine for email and ssh and so on. So the new problem
is that a user is now AMATEC+testuser instead simple testuser (for the pam
module). But I think we can make a hack to the pam_winbind.so file to add
"AMATEC+" to the entered username (so a user has not to enter
AMATEC+testuser but only testuser). Or is there a better way?

Kind regards

 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list