[Samba] Unable to use 'valid users' from Active Directory

Reese,Richard Stephen rsreese at ufl.edu
Thu Jun 8 20:07:53 GMT 2006


I had the 'winbind use default domain = yes' enabled and was able to retrieve user and group information via wbinfo but I still had the same problem. It would let me specify a group and then let a user login. I can specify a user though. 

-----Original Message-----
From: marcos rocha [mailto:mczueira at yahoo.com.br] 
Sent: Thursday, June 08, 2006 7:12 AM
To: Reese,Richard Stephen; Shelley, Brandon
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to use 'valid users' from Active Directory


Ho Reese,

i'm using the almost que same configuration but with something diferent.
i'm using win2k SP4 with valid users parameter pointing to users instead of group. this is because winbind isn't solving simple win2k member's group neigther nested win2k member's group.

my users use user | password to be validated instead of domain\user | password because of winbind use default domain = yes parameter.

Marcos

--- "Reese,Richard Stephen" <rsreese at ufl.edu>
escreveu:

> There are some issues with SP1 Server 2003 and samba. I'm able to auth 
> fine using samba and either kerberos or winbind. The only difference I 
> can really determine from our configs is that I have the winbind 
> seperator commented out so that DOMAIN\someuser works, unless I'm 
> missing something.
>  
> 
> [global]
>  
> # workgroup = NT-Domain-Name or Workgroup-Name
>    workgroup = UFAD
>    realm = ADSERVER.UFL.EDU
> # server string is the equivalent of the NT Description field
>    server string = SERVER
>  
>    hosts allow = 10.242.
>    load printers = no
>  log file = /var/log/samba/%m.log
>    max log size = 50
>    security = ads
>  
>    idmap uid = 10000 - 20000
>    idmap gid = 10000 - 20000
> #winbind separator = +
> winbind enum users=yes
> winbind enum groups=yes
>    template homedir = /home/win/%D/%U
>    template shell = /bin/bash
> client use spnego = yes
>    winbind use default domain = yes
>  
>   encrypt passwords = yes
>   smb passwd file = /etc/samba/smbpasswd
>    socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
>  
> 
> #============================ Share Definitions 
> ============================== [homes]
>    comment = %U Home Directory
>    browseable = no
>    path = %H
>    valid users = %U
>    writable = yes
>    create mode = 0664
>    directory mode = 0775
>  
> [public]
>    comment = Public Stuff
>    path = /home/
>    public = yes
>    read only = no
> ;   valid users = @"_IFAS-FRE-USERS_autoGS"
>  
> [citrus]
>   path = /home/httpd/html/citrus
>   public = no
>   read only = no
>   write list = vmsodek rsreese
> 
> ________________________________
> 
> From: Shelley, Brandon
> [mailto:brandon.shelley at celcorp.com]
> Sent: Tuesday, June 06, 2006 12:23 PM
> To: Reese,Richard Stephen
> Subject: RE: [Samba] Unable to use 'valid users'
> from Active Directory
> 
> 
> Wow finally someone with my EXACT problem :)  Though no posts here are 
> remotely close to solving the problem.  I have also tried every other 
> recommendation in this posting, as well as many others.  The problem 
> is that even though the machine has been "net join"ed to a Windows 
> domain, it does not want to authenticate to the server.
> DOMAIN\User | Password
> and User | Password don't work... this says to me that is is an AD 
> complication.  Our system worked fine until an upgrade to SP1 on the 
> DC, and soon thereafter, no one could authenticate to the samba server 
> via an AD account any longer.
>  
>  If anyone has ideas other than "you have to type net join etc." or 
> "upgrade to 3.0.14a" (when I, anyway, am using 3.0.22), I, and I'm 
> sure Richard would too, would sincerely appreciate it!
>  
> Thanks in advance,
>  
> Best Regards, 
>    Brandon Shelley
> 
> 
>  
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 



		
_______________________________________________________
Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz. 
http://mail.yahoo.com.br/


More information about the samba mailing list