[Samba] Samba 3.0.7 / AD Domain Group Resolving

Grzeski.Andreas at SWM.DE Grzeski.Andreas at SWM.DE
Thu Oct 14 10:38:06 GMT 2004

Hello List,

currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re using the SerNet RPM´s (ftp.sernet.de)

Everything works fine so far, we just have a problem with resolving domain groups.

wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a "valid users = @AD_DOMAIN_GROUP" statement in the smb.conf we get the following error:

  user 'DOMAIN\User.Name' (from session setup) not permitted to access this share (sharename)

Inserting the user with his normal accountname does work (e.g. valid users = DOMAIN\User.Name)

We do have a lot of AD Groups, some users are member of more than 200 groups (and no, we cannot fix that, reducing the number of groups is unfortunately not an option).

I did find several post in the list archives on this topic, but no practical solution yet.

Is there a solution? Are more details necessary?

One more thing: we also have the problem that once in a while winbind dies when executing wbinfo -g or -u. I don´t know, if this is somehow connected.

Anyone any ideas? I´m a bit lost here...


Andreas Grzeski
Systems Engineer/RHCE

Stadtwerke München GmbH

More information about the samba mailing list