[Samba] Samba 3.0.7 / AD Domain Group Resolving
Grzeski.Andreas at SWM.DE
Grzeski.Andreas at SWM.DE
Thu Oct 14 10:38:06 GMT 2004
Hello List,
currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re using the SerNet RPM´s (ftp.sernet.de)
Everything works fine so far, we just have a problem with resolving domain groups.
wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a "valid users = @AD_DOMAIN_GROUP" statement in the smb.conf we get the following error:
smbd/service.c:make_connection_snum(314)
user 'DOMAIN\User.Name' (from session setup) not permitted to access this share (sharename)
Inserting the user with his normal accountname does work (e.g. valid users = DOMAIN\User.Name)
We do have a lot of AD Groups, some users are member of more than 200 groups (and no, we cannot fix that, reducing the number of groups is unfortunately not an option).
I did find several post in the list archives on this topic, but no practical solution yet.
Is there a solution? Are more details necessary?
One more thing: we also have the problem that once in a while winbind dies when executing wbinfo -g or -u. I don´t know, if this is somehow connected.
Anyone any ideas? I´m a bit lost here...
Greetings
Andreas Grzeski
Systems Engineer/RHCE
Stadtwerke München GmbH
More information about the samba
mailing list