[Samba] Unable to use 'valid users' from Active Directory

Reese,Richard Stephen rsreese at ufl.edu
Tue Jun 6 16:52:27 GMT 2006 

There are some issues with SP1 Server 2003 and samba. I'm able to auth
fine using samba and either kerberos or winbind. The only difference I
can really determine from our configs is that I have the winbind
seperator commented out so that DOMAIN\someuser works, unless I'm
missing something.
 

[global]
 
# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = UFAD
   realm = ADSERVER.UFL.EDU
# server string is the equivalent of the NT Description field
   server string = SERVER
 
   hosts allow = 10.242.
   load printers = no
 log file = /var/log/samba/%m.log
   max log size = 50
   security = ads
 
   idmap uid = 10000 - 20000
   idmap gid = 10000 - 20000
#winbind separator = +
winbind enum users=yes
winbind enum groups=yes
   template homedir = /home/win/%D/%U
   template shell = /bin/bash
client use spnego = yes
   winbind use default domain = yes
 
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 

#============================ Share Definitions
==============================
[homes]
   comment = %U Home Directory
   browseable = no
   path = %H
   valid users = %U
   writable = yes
   create mode = 0664
   directory mode = 0775
 
[public]
   comment = Public Stuff
   path = /home/
   public = yes
   read only = no
;   valid users = @"_IFAS-FRE-USERS_autoGS"
 
[citrus]
  path = /home/httpd/html/citrus
  public = no
  read only = no
  write list = vmsodek rsreese

________________________________

From: Shelley, Brandon [mailto:brandon.shelley at celcorp.com] 
Sent: Tuesday, June 06, 2006 12:23 PM
To: Reese,Richard Stephen
Subject: RE: [Samba] Unable to use 'valid users' from Active Directory


Wow finally someone with my EXACT problem :)  Though no posts here are
remotely close to solving the problem.  I have also tried every other
recommendation in this posting, as well as many others.  The problem is
that even though the machine has been "net join"ed to a Windows domain,
it does not want to authenticate to the server.  DOMAIN\User | Password
and User | Password don't work... this says to me that is is an AD
complication.  Our system worked fine until an upgrade to SP1 on the DC,
and soon thereafter, no one could authenticate to the samba server via
an AD account any longer. 
 
 If anyone has ideas other than "you have to type net join etc." or
"upgrade to 3.0.14a" (when I, anyway, am using 3.0.22), I, and I'm sure
Richard would too, would sincerely appreciate it!
 
Thanks in advance, 
 
Best Regards, 
   Brandon Shelley

More information about the samba mailing list