[Samba] Samba does not work with new AD groups
Michael.Parker at AcuityBrands.com
Thu Feb 16 15:48:35 GMT 2006
Thank you for your suggestions. I did all below and no luck, but I
found the answer. My mapping files are located in /var/cache/samba. I
discovered if I deleted the dir and created an empty dir of the same
name, it all worked.
From: samba-bounces+michael.parker=lithonia.com at lists.samba.org
[mailto:samba-bounces+michael.parker=lithonia.com at lists.samba.org] On
Behalf Of Don Meyer
Sent: Thursday, February 16, 2006 10:37 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Samba does not work with new AD groups
At 08:25 AM 2/15/2006, Parker, Michael wrote:
>I've configured a system to authenticate with an AD 2k3 domain (all
>domain controllers have SP1) using winbind. I have joined the server
>the domain as well. I created some shares to work with AD groups.
>Here's a quick snippet of a share from my smb.conf file:
> comment = test share for winbind testing
> path = /u01/test
> write list = @ll_main/rhmps
>The problem I have is if I tell the write list command to use an
>existing AD group which I am already a member of, I can write to the
>share. If on the other hand, I create a new AD group, add my user
>account to the group, then tell the write list to use the new group, I
>cannot write to the share. I have rebooted my test workstations, tried
>writing to the share from multiple XP (SP2), workstations logged
>and rebooted my smb server. Nothing seems to help and I'm not seeing
>anything in any logs to explain the problem.
>My samba server is a redat 3.0 box with update 5. The samba version is
A couple of things to check:
1) Is your new group "available" for use on your RHEL3 box? That is,
can you find it in your group listings: "wbinfo -g" or "getent group"?
2) Look at the group's entry in the output from the command "getent
group" -- are the group members what you expect from your AD?
3) Does your [test] resource have a "valid users =" line? (Without,
default is anyone can connect...) If so, does the membership
specified on this line include the users in your "write list ="
line? (Doesn't have to specify the same group as your "write
list=" line, but users specified here should also have access granted
via inclusion in the set specified on your "valid users=" line.)
valid users = "@Domain Users"
write list = "@Subset_of_users"
Don Meyer <dlmeyer at uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little
deserve neither liberty or safety." -- Benjamin Franklin,
To unsubscribe from this list go to the following URL and read the
More information about the samba