[Samba] Unable to use 'valid users' from Active Directory
Reese,Richard Stephen
rsreese at ufl.edu
Tue Jun 6 16:52:27 GMT 2006
There are some issues with SP1 Server 2003 and samba. I'm able to auth
fine using samba and either kerberos or winbind. The only difference I
can really determine from our configs is that I have the winbind
seperator commented out so that DOMAIN\someuser works, unless I'm
missing something.
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = UFAD
realm = ADSERVER.UFL.EDU
# server string is the equivalent of the NT Description field
server string = SERVER
hosts allow = 10.242.
load printers = no
log file = /var/log/samba/%m.log
max log size = 50
security = ads
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
#winbind separator = +
winbind enum users=yes
winbind enum groups=yes
template homedir = /home/win/%D/%U
template shell = /bin/bash
client use spnego = yes
winbind use default domain = yes
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#============================ Share Definitions
==============================
[homes]
comment = %U Home Directory
browseable = no
path = %H
valid users = %U
writable = yes
create mode = 0664
directory mode = 0775
[public]
comment = Public Stuff
path = /home/
public = yes
read only = no
; valid users = @"_IFAS-FRE-USERS_autoGS"
[citrus]
path = /home/httpd/html/citrus
public = no
read only = no
write list = vmsodek rsreese
________________________________
From: Shelley, Brandon [mailto:brandon.shelley at celcorp.com]
Sent: Tuesday, June 06, 2006 12:23 PM
To: Reese,Richard Stephen
Subject: RE: [Samba] Unable to use 'valid users' from Active Directory
Wow finally someone with my EXACT problem :) Though no posts here are
remotely close to solving the problem. I have also tried every other
recommendation in this posting, as well as many others. The problem is
that even though the machine has been "net join"ed to a Windows domain,
it does not want to authenticate to the server. DOMAIN\User | Password
and User | Password don't work... this says to me that is is an AD
complication. Our system worked fine until an upgrade to SP1 on the DC,
and soon thereafter, no one could authenticate to the samba server via
an AD account any longer.
If anyone has ideas other than "you have to type net join etc." or
"upgrade to 3.0.14a" (when I, anyway, am using 3.0.22), I, and I'm sure
Richard would too, would sincerely appreciate it!
Thanks in advance,
Best Regards,
Brandon Shelley
More information about the samba
mailing list