[Samba] authentication failure (?)

Sam sah at softcardsystems.com
Tue May 25 13:22:17 GMT 2004

I have a domain member samba server set up with winbind
and compiled with acl support sharing out an ext3 filesystem,
also with acl support.  Some bits of smb.conf (with names
changed to protect the innocent):



workgroup = XYZATL
realm = XYZ.COM

security = domain
password server = *

winbind separator = +
idmap uid = 10000-65000
idmap gid = 10000-65000
winbind enum users = yes
winbind enum groups = yes
winbind enable local accounts = no

admin users = XYZATL\theman

netbios name = ATL-ARCHIVE
local master = no
dns proxy = no
nt acl support = yes

  path = /mnt/samba/archive
  public = yes
  writable = yes


winbind seems to work great.  wbinfo -u, getent both show
what the documentation indicate they should.  I can
setfacl the files with the nt groups -- super cool.

My problem is that XP clients logged in as theman can't
modify the acls (security tab / advanced).  I see
something funny in winbindd.log that comes right about
the time the client gets 'access denied' messages:

[2004/05/25 10:01:45, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
  group theman in domain ATL-ARCHIVE does not exist

Why would he be treating the netbios name as the domain?
Is this a windows funny?

Any help would be *much* appreciated.



More information about the samba mailing list