[Samba] Samba 3.0.7 / AD Domain Group Resolving
Mark Le Noury
markl at bbd.co.za
Thu Oct 14 12:30:42 GMT 2004
Could you post the share definition from your smb.conf file?
-----Original Message-----
From: samba-bounces+markl=bbd.co.za at lists.samba.org
[mailto:samba-bounces+markl=bbd.co.za at lists.samba.org] On Behalf Of
Grzeski.Andreas at SWM.DE
Sent: 14 October 2004 02:10 PM
To: samba at lists.samba.org
Subject: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving
Hi Mark,
that did not resolve the problem for me. Removing the @ sign produced
the same error message (see below)...
Greetings
Andreas
-----Ursprüngliche Nachricht-----
Von: Mark Le Noury [mailto:markl at bbd.co.za]
Gesendet: Donnerstag, 14. Oktober 2004 12:43
An: samba at lists.samba.org
Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving
Hi,
I think that you are fomatting the valid users directive incorrectly.
Try valid users = DOMAIN+Group_name (I use + as my winbind separator,
substitute for whatever you have chosen) No @ sign necessary
It works fine for me like that.
Thanks,
Mark
-----Original Message-----
From: samba-bounces+markl=bbd.co.za at lists.samba.org
[mailto:samba-bounces+markl=bbd.co.za at lists.samba.org] On Behalf Of
Grzeski.Andreas at SWM.DE
Sent: 14 October 2004 12:38 PM
To: samba at lists.samba.org
Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving
Hello List,
currently we have Samba 3.0.7 running on SLES8 systems with AD
integration. We´re using the SerNet RPM´s (ftp.sernet.de)
Everything works fine so far, we just have a problem with resolving
domain groups.
wbinfo -g works fine, the domain groups are correctly resolved. But when
inserting a "valid users = @AD_DOMAIN_GROUP" statement in the smb.conf
we get the following error:
smbd/service.c:make_connection_snum(314)
user 'DOMAIN\User.Name' (from session setup) not permitted to access
this share (sharename)
Inserting the user with his normal accountname does work (e.g. valid
users = DOMAIN\User.Name)
We do have a lot of AD Groups, some users are member of more than 200
groups (and no, we cannot fix that, reducing the number of groups is
unfortunately not an option).
I did find several post in the list archives on this topic, but no
practical solution yet.
Is there a solution? Are more details necessary?
One more thing: we also have the problem that once in a while winbind
dies when executing wbinfo -g or -u. I don´t know, if this is somehow
connected.
Anyone any ideas? I´m a bit lost here...
Greetings
Andreas Grzeski
Systems Engineer/RHCE
Stadtwerke München GmbH
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list