[Samba] Re: If I use "valid users" option, I can't log into the domain

Steve A gmane at rowyerboat.com
Sat Apr 8 17:24:59 GMT 2006

Craig White wrote:
> OK netlogon, homes and profiles are all special shares. They really
> only mean something to users who log on to the domain via Windows
> computers that have been 'joined' to the domain.

I can still see my home shares even though I'm not logged onto the domain. 
Windows does prompt me for user/password when I access it though, because my 
Windows password isn't the same as my Unix one.

> Have you 'joined' any computers to the domain yet? I would suspect not
> since in the list above created by smbclient -L Samba -U sa, I see 3
> different computers with 3 different 'workgroups'

Yes, I've joined a computer called VALIANT.  Actually, it joined itself 
because of the "add machine script =" line in my smb.conf.

> I would suggest that you read through the documentation at
> http://www.samba.org/samba/docs (the Official HowTo and By Example)

I've got the Samba 3 Howto and Reference Guide book here with me.  As far as 
I can tell, it doesn't provide the answer.

To recap:

- The computer called VALIANT is joined to my Samba domain.
- I can log in with any user I've added using pdbedit (I'm using tdbsam)
- These users also have a true Unix account
- I can change password for both Windows/Linux, from Windows because of 
"passwd program =" and "passwd chat =" in my smb.conf.
- If I add "valid users = sa" to my smb.conf, I can still access my shares 
but cannot log into the domain.
- root can always log into the domain regardless of the valid users options.

Steve :) 

More information about the samba mailing list