[Samba] Unable to use 'valid users' from Active Directory

Reese,Richard Stephen rsreese at ufl.edu
Tue Jun 6 16:52:27 GMT 2006

There are some issues with SP1 Server 2003 and samba. I'm able to auth
fine using samba and either kerberos or winbind. The only difference I
can really determine from our configs is that I have the winbind
seperator commented out so that DOMAIN\someuser works, unless I'm
missing something.

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = UFAD
# server string is the equivalent of the NT Description field
   server string = SERVER
   hosts allow = 10.242.
   load printers = no
 log file = /var/log/samba/%m.log
   max log size = 50
   security = ads
   idmap uid = 10000 - 20000
   idmap gid = 10000 - 20000
#winbind separator = +
winbind enum users=yes
winbind enum groups=yes
   template homedir = /home/win/%D/%U
   template shell = /bin/bash
client use spnego = yes
   winbind use default domain = yes
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

#============================ Share Definitions
   comment = %U Home Directory
   browseable = no
   path = %H
   valid users = %U
   writable = yes
   create mode = 0664
   directory mode = 0775
   comment = Public Stuff
   path = /home/
   public = yes
   read only = no
;   valid users = @"_IFAS-FRE-USERS_autoGS"
  path = /home/httpd/html/citrus
  public = no
  read only = no
  write list = vmsodek rsreese


From: Shelley, Brandon [mailto:brandon.shelley at celcorp.com] 
Sent: Tuesday, June 06, 2006 12:23 PM
To: Reese,Richard Stephen
Subject: RE: [Samba] Unable to use 'valid users' from Active Directory

Wow finally someone with my EXACT problem :)  Though no posts here are
remotely close to solving the problem.  I have also tried every other
recommendation in this posting, as well as many others.  The problem is
that even though the machine has been "net join"ed to a Windows domain,
it does not want to authenticate to the server.  DOMAIN\User | Password
and User | Password don't work... this says to me that is is an AD
complication.  Our system worked fine until an upgrade to SP1 on the DC,
and soon thereafter, no one could authenticate to the samba server via
an AD account any longer. 
 If anyone has ideas other than "you have to type net join etc." or
"upgrade to 3.0.14a" (when I, anyway, am using 3.0.22), I, and I'm sure
Richard would too, would sincerely appreciate it!
Thanks in advance, 
Best Regards, 
   Brandon Shelley


More information about the samba mailing list