[Samba] Samba 3.0.7 / AD Domain Group Resolving

Mark Le Noury markl at bbd.co.za
Thu Oct 14 12:30:42 GMT 2004


Could you post the share definition from your smb.conf file? 

-----Original Message-----
From: samba-bounces+markl=bbd.co.za at lists.samba.org
[mailto:samba-bounces+markl=bbd.co.za at lists.samba.org] On Behalf Of
Grzeski.Andreas at SWM.DE
Sent: 14 October 2004 02:10 PM
To: samba at lists.samba.org
Subject: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hi Mark,

that did not resolve the problem for me. Removing the @ sign produced
the same error message (see below)...

Greetings

Andreas

-----Ursprüngliche Nachricht-----
Von: Mark Le Noury [mailto:markl at bbd.co.za] 
Gesendet: Donnerstag, 14. Oktober 2004 12:43
An: samba at lists.samba.org
Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hi,


I think that you are fomatting the valid users directive incorrectly.

Try valid users = DOMAIN+Group_name (I use + as my winbind separator,
substitute for whatever you have chosen) No @ sign necessary

It works fine for me like that.

Thanks,

Mark

-----Original Message-----
From: samba-bounces+markl=bbd.co.za at lists.samba.org
[mailto:samba-bounces+markl=bbd.co.za at lists.samba.org] On Behalf Of
Grzeski.Andreas at SWM.DE
Sent: 14 October 2004 12:38 PM
To: samba at lists.samba.org
Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hello List,

currently we have Samba 3.0.7 running on SLES8 systems with AD
integration. We´re using the SerNet RPM´s (ftp.sernet.de)

Everything works fine so far, we just have a problem with resolving
domain groups.

wbinfo -g works fine, the domain groups are correctly resolved. But when
inserting a "valid users = @AD_DOMAIN_GROUP" statement in the smb.conf
we get the following error:

smbd/service.c:make_connection_snum(314)
  user 'DOMAIN\User.Name' (from session setup) not permitted to access
this share (sharename)

Inserting the user with his normal accountname does work (e.g. valid
users = DOMAIN\User.Name)

We do have a lot of AD Groups, some users are member of more than 200
groups (and no, we cannot fix that, reducing the number of groups is
unfortunately not an option).

I did find several post in the list archives on this topic, but no
practical solution yet.

Is there a solution? Are more details necessary?

One more thing: we also have the problem that once in a while winbind
dies when executing wbinfo -g or -u. I don´t know, if this is somehow
connected.

Anyone any ideas? I´m a bit lost here...

Greetings

Andreas Grzeski
Systems Engineer/RHCE

Stadtwerke München GmbH

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list