[Samba] Unable to use 'valid users' from Active Directory

Reese,Richard Stephen rsreese at ufl.edu
Mon Jun 12 17:13:16 GMT 2006 

getent is only retrieving the local users and groups 

-----Original Message-----
From: marcos rocha [mailto:mczueira at yahoo.com.br] 
Sent: Thursday, June 08, 2006 9:40 PM
To: Reese,Richard Stephen; Shelley, Brandon
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to use 'valid users' from Active Directory


does getent passwd retrieves all users ???
does getent group retrieves all groups ???
did you change /etc/nsswitch.conf ???
you need to add the winbind parameter to passwd and group



--- "Reese,Richard Stephen" <rsreese at ufl.edu>
escreveu:

> I had the 'winbind use default domain = yes' enabled and was able to 
> retrieve user and group information via wbinfo but I still had the 
> same problem. It would let me specify a group and then let a user 
> login. I can specify a user though.
> 
> -----Original Message-----
> From: marcos rocha [mailto:mczueira at yahoo.com.br]
> Sent: Thursday, June 08, 2006 7:12 AM
> To: Reese,Richard Stephen; Shelley, Brandon
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to use 'valid users'
> from Active Directory
> 
> 
> Ho Reese,
> 
> i'm using the almost que same configuration but with something 
> diferent.
> i'm using win2k SP4 with valid users parameter pointing to users 
> instead of group. this is because winbind isn't solving simple win2k 
> member's group neigther nested win2k member's group.
> 
> my users use user | password to be validated instead of domain\user | 
> password because of winbind use default domain = yes parameter.
> 
> Marcos
> 
> --- "Reese,Richard Stephen" <rsreese at ufl.edu>
> escreveu:
> 
> > There are some issues with SP1 Server 2003 and
> samba. I'm able to auth
> > fine using samba and either kerberos or winbind.
> The only difference I
> > can really determine from our configs is that I
> have the winbind
> > seperator commented out so that DOMAIN\someuser
> works, unless I'm
> > missing something.
> >  
> > 
> > [global]
> >  
> > # workgroup = NT-Domain-Name or Workgroup-Name
> >    workgroup = UFAD
> >    realm = ADSERVER.UFL.EDU
> > # server string is the equivalent of the NT
> Description field
> >    server string = SERVER
> >  
> >    hosts allow = 10.242.
> >    load printers = no
> >  log file = /var/log/samba/%m.log
> >    max log size = 50
> >    security = ads
> >  
> >    idmap uid = 10000 - 20000
> >    idmap gid = 10000 - 20000
> > #winbind separator = +
> > winbind enum users=yes
> > winbind enum groups=yes
> >    template homedir = /home/win/%D/%U
> >    template shell = /bin/bash
> > client use spnego = yes
> >    winbind use default domain = yes
> >  
> >   encrypt passwords = yes
> >   smb passwd file = /etc/samba/smbpasswd
> >    socket options = TCP_NODELAY SO_RCVBUF=8192
> > SO_SNDBUF=8192
> >  
> > 
> > #============================ Share Definitions 
> > ============================== [homes]
> >    comment = %U Home Directory
> >    browseable = no
> >    path = %H
> >    valid users = %U
> >    writable = yes
> >    create mode = 0664
> >    directory mode = 0775
> >  
> > [public]
> >    comment = Public Stuff
> >    path = /home/
> >    public = yes
> >    read only = no
> > ;   valid users = @"_IFAS-FRE-USERS_autoGS"
> >  
> > [citrus]
> >   path = /home/httpd/html/citrus
> >   public = no
> >   read only = no
> >   write list = vmsodek rsreese
> > 
> > ________________________________
> > 
> > From: Shelley, Brandon
> > [mailto:brandon.shelley at celcorp.com]
> > Sent: Tuesday, June 06, 2006 12:23 PM
> > To: Reese,Richard Stephen
> > Subject: RE: [Samba] Unable to use 'valid users'
> > from Active Directory
> > 
> > 
> > Wow finally someone with my EXACT problem :)
> Though no posts here are
> > remotely close to solving the problem.  I have
> also tried every other
> > recommendation in this posting, as well as many
> others.  The problem
> > is that even though the machine has been "net
> join"ed to a Windows
> > domain, it does not want to authenticate to the
> server.
> > DOMAIN\User | Password
> > and User | Password don't work... this says to me
> that is is an AD
> > complication.  Our system worked fine until an
> upgrade to SP1 on the
> > DC, and soon thereafter, no one could authenticate
> to the samba server
> > via an AD account any longer.
> >  
> >  If anyone has ideas other than "you have to type
> net join etc." or
> > "upgrade to 3.0.14a" (when I, anyway, am using
> 3.0.22), I, and I'm
> > sure Richard would too, would sincerely appreciate
> it!
> >  
> > Thanks in advance,
> >  
> > Best Regards, 
> >    Brandon Shelley
> > 
> > 
> >  
> > --
> > To unsubscribe from this list go to the following
> URL and read the
> > instructions: 
> > https://lists.samba.org/mailman/listinfo/samba
> > 
> 
> 
> 
> 		
>
_______________________________________________________
> Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no 
> celular e anti-spam realmente eficaz.
> http://mail.yahoo.com.br/
> 


__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/

More information about the samba mailing list