[Samba] Unable to use 'valid users' from Active Directory
marcos rocha
mczueira at yahoo.com.br
Fri Jun 9 01:39:59 GMT 2006
does getent passwd retrieves all users ???
does getent group retrieves all groups ???
did you change /etc/nsswitch.conf ???
you need to add the winbind parameter to passwd and
group
--- "Reese,Richard Stephen" <rsreese at ufl.edu>
escreveu:
> I had the 'winbind use default domain = yes' enabled
> and was able to retrieve user and group information
> via wbinfo but I still had the same problem. It
> would let me specify a group and then let a user
> login. I can specify a user though.
>
> -----Original Message-----
> From: marcos rocha [mailto:mczueira at yahoo.com.br]
> Sent: Thursday, June 08, 2006 7:12 AM
> To: Reese,Richard Stephen; Shelley, Brandon
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to use 'valid users'
> from Active Directory
>
>
> Ho Reese,
>
> i'm using the almost que same configuration but with
> something diferent.
> i'm using win2k SP4 with valid users parameter
> pointing to users instead of group. this is because
> winbind isn't solving simple win2k member's group
> neigther nested win2k member's group.
>
> my users use user | password to be validated instead
> of domain\user | password because of winbind use
> default domain = yes parameter.
>
> Marcos
>
> --- "Reese,Richard Stephen" <rsreese at ufl.edu>
> escreveu:
>
> > There are some issues with SP1 Server 2003 and
> samba. I'm able to auth
> > fine using samba and either kerberos or winbind.
> The only difference I
> > can really determine from our configs is that I
> have the winbind
> > seperator commented out so that DOMAIN\someuser
> works, unless I'm
> > missing something.
> >
> >
> > [global]
> >
> > # workgroup = NT-Domain-Name or Workgroup-Name
> > workgroup = UFAD
> > realm = ADSERVER.UFL.EDU
> > # server string is the equivalent of the NT
> Description field
> > server string = SERVER
> >
> > hosts allow = 10.242.
> > load printers = no
> > log file = /var/log/samba/%m.log
> > max log size = 50
> > security = ads
> >
> > idmap uid = 10000 - 20000
> > idmap gid = 10000 - 20000
> > #winbind separator = +
> > winbind enum users=yes
> > winbind enum groups=yes
> > template homedir = /home/win/%D/%U
> > template shell = /bin/bash
> > client use spnego = yes
> > winbind use default domain = yes
> >
> > encrypt passwords = yes
> > smb passwd file = /etc/samba/smbpasswd
> > socket options = TCP_NODELAY SO_RCVBUF=8192
> > SO_SNDBUF=8192
> >
> >
> > #============================ Share Definitions
> > ============================== [homes]
> > comment = %U Home Directory
> > browseable = no
> > path = %H
> > valid users = %U
> > writable = yes
> > create mode = 0664
> > directory mode = 0775
> >
> > [public]
> > comment = Public Stuff
> > path = /home/
> > public = yes
> > read only = no
> > ; valid users = @"_IFAS-FRE-USERS_autoGS"
> >
> > [citrus]
> > path = /home/httpd/html/citrus
> > public = no
> > read only = no
> > write list = vmsodek rsreese
> >
> > ________________________________
> >
> > From: Shelley, Brandon
> > [mailto:brandon.shelley at celcorp.com]
> > Sent: Tuesday, June 06, 2006 12:23 PM
> > To: Reese,Richard Stephen
> > Subject: RE: [Samba] Unable to use 'valid users'
> > from Active Directory
> >
> >
> > Wow finally someone with my EXACT problem :)
> Though no posts here are
> > remotely close to solving the problem. I have
> also tried every other
> > recommendation in this posting, as well as many
> others. The problem
> > is that even though the machine has been "net
> join"ed to a Windows
> > domain, it does not want to authenticate to the
> server.
> > DOMAIN\User | Password
> > and User | Password don't work... this says to me
> that is is an AD
> > complication. Our system worked fine until an
> upgrade to SP1 on the
> > DC, and soon thereafter, no one could authenticate
> to the samba server
> > via an AD account any longer.
> >
> > If anyone has ideas other than "you have to type
> net join etc." or
> > "upgrade to 3.0.14a" (when I, anyway, am using
> 3.0.22), I, and I'm
> > sure Richard would too, would sincerely appreciate
> it!
> >
> > Thanks in advance,
> >
> > Best Regards,
> > Brandon Shelley
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following
> URL and read the
> > instructions:
> > https://lists.samba.org/mailman/listinfo/samba
> >
>
>
>
>
>
_______________________________________________________
> Abra sua conta no Yahoo! Mail: 1GB de espaço,
> alertas de e-mail no celular e anti-spam realmente
> eficaz.
> http://mail.yahoo.com.br/
>
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
More information about the samba
mailing list