[Samba] Re: Problems Authetincating users by group in Active Directory

[Pepe Barbe]

Fiddling a little bit more I got partial success. But it is not what I
wanted. Seems that samba is able to authenticate the user if it
belongs to a Organization Unit. Below you can see some entries for the
log. Samba is not able to autheticate the ubser from the group
fsswebusers but it is able to authenticate from the group techstaff.
But the Winbind does get the information correctly:

LOG FILE:
=======
[2005/06/22 11:59:18, 10] lib/username.c:user_in_list(533)
  user_in_list: checking user |CONTORG0+aalse001| against
|@CONTORG0+fsswebusers|
[2005/06/22 11:59:18, 5] lib/username.c:user_in_netgroup_list(315)
  Unable to get default yp domain
[2005/06/22 11:59:18, 10] lib/username.c:user_in_list(533)
  user_in_list: checking user |CONTORG0+aalse001| against |@CONTORG0+techstaff|
[2005/06/22 11:59:18, 5] lib/username.c:user_in_netgroup_list(315)
  Unable to get default yp domain
[2005/06/22 11:59:18, 5] lib/username.c:Get_Pwnam(293)
  Finding user CONTORG0+aalse001
[2005/06/22 11:59:18, 5] lib/username.c:Get_Pwnam_internals(223)
  Trying _Get_Pwnam(), username as lowercase is contorg0+aalse001
[2005/06/22 11:59:18, 5] lib/username.c:Get_Pwnam_internals(251)
  Get_Pwnam_internals did find user [CONTORG0+aalse001]!

WINBIND GROUPS:
==============

CONTORG0+techstaff:x:10008CONTORG0+aalse001
CONTORG0+fsswebusers:x:10027:CONTORG0+aalse001   

Any ideas?

Thanks!

Pepe

On 6/21/05, Pepe Barbe <elventear at gmail.com> wrote:
> Hi,
> 
> I got a Samba box that is part of an Active Directory. It is working
> with the most basic functions, but I want to start customizing the
> security a little bit more. For that I want to grant access to
> different shares by group using "valid users = @AD+group" in the
> smb.conf, but hasn't worked.
<snip>