[Samba] 'valid users' does not accept my users, but my groups
Markus Fischer
markus at fischer.name
Fri Apr 29 20:15:53 GMT 2005
Is there anything special to know about pure usernames in such environment?
- Markus
Markus Fischer wrote:
> Hi,
>
> I'm using Version 3.0.10-Debian and have winbindd running for auth
> against our W2K TEST-DOM. I've set up shares which only some groups have
> access granted. System is runnig fine a few weeks when I now discovered
> when I want grant access to only one user, it doesn't work.
>
> The configuration for this share is:
> [testshare]
> path = /data/test
> public = no
> writeable = yes
> browseable = yes
> create mode = 0777
> force directory mode = 0775
> force create mode = 0666
> force user = www-data
> force group = www-data
> valid users = mfischer
>
> The logfile tells me:
>
> [2005/04/27 10:44:05, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [mfischer] -> [mfischer]
> -> [TEST-DOM"mfischer] succeeded
>
> [2005/04/27 10:44:05, 2] smbd/service.c:make_connection_snum(314)
> user 'TEST-DOM"mfischer' (from session setup) not permitted to access
> this share (testshare)
>
> When I use groups, e.g.
> valid users = @development
> and my user 'mfischer' is in this group, it works without problems.
>
> I've tried different syntaxes like
> TEST-DOM\mfischer
> TEST-DOM"mfischer (because it's written this way in the logfile)
> TEST-DOM+mfischer (because of the winbind separator)
> TEST-DOM/mfischer
> none of them worked.
>
> My pam.d/samba looks like:
> # from common-auth
> auth sufficient pam_winbind.so
> auth sufficient pam_unix.so nullok_secure use_first_pass
> # from common-account
> account required pam_unix.so
> # from common-session
> session required pam_unix.so
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0002
>
> any suggestions or other information I can provide?
>
> thanks,
> - Markus
>
More information about the samba
mailing list