[Samba] Unable to use 'valid users' from Active Directory
marcos rocha
mczueira at yahoo.com.br
Thu Jun 8 11:11:36 GMT 2006
Ho Reese,
i'm using the almost que same configuration but with
something diferent.
i'm using win2k SP4 with valid users parameter
pointing to users instead of group. this is because
winbind isn't solving simple win2k member's group
neigther nested win2k member's group.
my users use user | password to be validated instead
of domain\user | password because of winbind use
default domain = yes parameter.
Marcos
--- "Reese,Richard Stephen" <rsreese at ufl.edu>
escreveu:
> There are some issues with SP1 Server 2003 and
> samba. I'm able to auth
> fine using samba and either kerberos or winbind. The
> only difference I
> can really determine from our configs is that I have
> the winbind
> seperator commented out so that DOMAIN\someuser
> works, unless I'm
> missing something.
>
>
> [global]
>
> # workgroup = NT-Domain-Name or Workgroup-Name
> workgroup = UFAD
> realm = ADSERVER.UFL.EDU
> # server string is the equivalent of the NT
> Description field
> server string = SERVER
>
> hosts allow = 10.242.
> load printers = no
> log file = /var/log/samba/%m.log
> max log size = 50
> security = ads
>
> idmap uid = 10000 - 20000
> idmap gid = 10000 - 20000
> #winbind separator = +
> winbind enum users=yes
> winbind enum groups=yes
> template homedir = /home/win/%D/%U
> template shell = /bin/bash
> client use spnego = yes
> winbind use default domain = yes
>
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
>
>
> #============================ Share Definitions
> ==============================
> [homes]
> comment = %U Home Directory
> browseable = no
> path = %H
> valid users = %U
> writable = yes
> create mode = 0664
> directory mode = 0775
>
> [public]
> comment = Public Stuff
> path = /home/
> public = yes
> read only = no
> ; valid users = @"_IFAS-FRE-USERS_autoGS"
>
> [citrus]
> path = /home/httpd/html/citrus
> public = no
> read only = no
> write list = vmsodek rsreese
>
> ________________________________
>
> From: Shelley, Brandon
> [mailto:brandon.shelley at celcorp.com]
> Sent: Tuesday, June 06, 2006 12:23 PM
> To: Reese,Richard Stephen
> Subject: RE: [Samba] Unable to use 'valid users'
> from Active Directory
>
>
> Wow finally someone with my EXACT problem :) Though
> no posts here are
> remotely close to solving the problem. I have also
> tried every other
> recommendation in this posting, as well as many
> others. The problem is
> that even though the machine has been "net join"ed
> to a Windows domain,
> it does not want to authenticate to the server.
> DOMAIN\User | Password
> and User | Password don't work... this says to me
> that is is an AD
> complication. Our system worked fine until an
> upgrade to SP1 on the DC,
> and soon thereafter, no one could authenticate to
> the samba server via
> an AD account any longer.
>
> If anyone has ideas other than "you have to type
> net join etc." or
> "upgrade to 3.0.14a" (when I, anyway, am using
> 3.0.22), I, and I'm sure
> Richard would too, would sincerely appreciate it!
>
> Thanks in advance,
>
> Best Regards,
> Brandon Shelley
>
>
>
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions:
> https://lists.samba.org/mailman/listinfo/samba
>
_______________________________________________________
Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz.
http://mail.yahoo.com.br/
More information about the samba
mailing list