[Samba] Unable to use 'valid users' from Active Directory

marcos rocha mczueira at yahoo.com.br
Mon Jun 12 20:16:29 GMT 2006 

Hi Reese,

did you use net join to your samba server to the
windows domain ???
did you see the samba's log ???
did you see the winbind's log ???


Marcos

--- "Reese,Richard Stephen" <rsreese at ufl.edu>
escreveu:

> getent is only retrieving the local users and groups
> 
> 
> -----Original Message-----
> From: marcos rocha [mailto:mczueira at yahoo.com.br] 
> Sent: Thursday, June 08, 2006 9:40 PM
> To: Reese,Richard Stephen; Shelley, Brandon
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to use 'valid users'
> from Active Directory
> 
> 
> does getent passwd retrieves all users ???
> does getent group retrieves all groups ???
> did you change /etc/nsswitch.conf ???
> you need to add the winbind parameter to passwd and
> group
> 
> 
> 
> --- "Reese,Richard Stephen" <rsreese at ufl.edu>
> escreveu:
> 
> > I had the 'winbind use default domain = yes'
> enabled and was able to 
> > retrieve user and group information via wbinfo but
> I still had the 
> > same problem. It would let me specify a group and
> then let a user 
> > login. I can specify a user though.
> > 
> > -----Original Message-----
> > From: marcos rocha [mailto:mczueira at yahoo.com.br]
> > Sent: Thursday, June 08, 2006 7:12 AM
> > To: Reese,Richard Stephen; Shelley, Brandon
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to use 'valid users'
> > from Active Directory
> > 
> > 
> > Ho Reese,
> > 
> > i'm using the almost que same configuration but
> with something 
> > diferent.
> > i'm using win2k SP4 with valid users parameter
> pointing to users 
> > instead of group. this is because winbind isn't
> solving simple win2k 
> > member's group neigther nested win2k member's
> group.
> > 
> > my users use user | password to be validated
> instead of domain\user | 
> > password because of winbind use default domain =
> yes parameter.
> > 
> > Marcos
> > 
> > --- "Reese,Richard Stephen" <rsreese at ufl.edu>
> > escreveu:
> > 
> > > There are some issues with SP1 Server 2003 and
> > samba. I'm able to auth
> > > fine using samba and either kerberos or winbind.
> > The only difference I
> > > can really determine from our configs is that I
> > have the winbind
> > > seperator commented out so that DOMAIN\someuser
> > works, unless I'm
> > > missing something.
> > >  
> > > 
> > > [global]
> > >  
> > > # workgroup = NT-Domain-Name or Workgroup-Name
> > >    workgroup = UFAD
> > >    realm = ADSERVER.UFL.EDU
> > > # server string is the equivalent of the NT
> > Description field
> > >    server string = SERVER
> > >  
> > >    hosts allow = 10.242.
> > >    load printers = no
> > >  log file = /var/log/samba/%m.log
> > >    max log size = 50
> > >    security = ads
> > >  
> > >    idmap uid = 10000 - 20000
> > >    idmap gid = 10000 - 20000
> > > #winbind separator = +
> > > winbind enum users=yes
> > > winbind enum groups=yes
> > >    template homedir = /home/win/%D/%U
> > >    template shell = /bin/bash
> > > client use spnego = yes
> > >    winbind use default domain = yes
> > >  
> > >   encrypt passwords = yes
> > >   smb passwd file = /etc/samba/smbpasswd
> > >    socket options = TCP_NODELAY SO_RCVBUF=8192
> > > SO_SNDBUF=8192
> > >  
> > > 
> > > #============================ Share Definitions 
> > > ============================== [homes]
> > >    comment = %U Home Directory
> > >    browseable = no
> > >    path = %H
> > >    valid users = %U
> > >    writable = yes
> > >    create mode = 0664
> > >    directory mode = 0775
> > >  
> > > [public]
> > >    comment = Public Stuff
> > >    path = /home/
> > >    public = yes
> > >    read only = no
> > > ;   valid users = @"_IFAS-FRE-USERS_autoGS"
> > >  
> > > [citrus]
> > >   path = /home/httpd/html/citrus
> > >   public = no
> > >   read only = no
> > >   write list = vmsodek rsreese
> > > 
> > > ________________________________
> > > 
> > > From: Shelley, Brandon
> > > [mailto:brandon.shelley at celcorp.com]
> > > Sent: Tuesday, June 06, 2006 12:23 PM
> > > To: Reese,Richard Stephen
> > > Subject: RE: [Samba] Unable to use 'valid users'
> > > from Active Directory
> > > 
> > > 
> > > Wow finally someone with my EXACT problem :)
> > Though no posts here are
> > > remotely close to solving the problem.  I have
> > also tried every other
> > > recommendation in this posting, as well as many
> > others.  The problem
> > > is that even though the machine has been "net
> > join"ed to a Windows
> > > domain, it does not want to authenticate to the
> > server.
> > > DOMAIN\User | Password
> > > and User | Password don't work... this says to
> me
> > that is is an AD
> > > complication.  Our system worked fine until an
> > upgrade to SP1 on the
> > > DC, and soon thereafter, no one could
> authenticate
> > to the samba server
> > > via an AD account any longer.
> > >  
> > >  If anyone has ideas other than "you have to
> type
> > net join etc." or
> > > "upgrade to 3.0.14a" (when I, anyway, am using
> > 3.0.22), I, and I'm
> > > sure Richard would too, would sincerely
> appreciate
> > it!
> > >  
> > > Thanks in advance,
> > >  
> > > Best Regards, 
> > >    Brandon Shelley
> > > 
> > > 
> > >  
> > > --
> > > To unsubscribe from this list go to the
> following
> > URL and read the
> > > instructions: 
> > > https://lists.samba.org/mailman/listinfo/samba
> > > 
> > 
> > 
> > 
> > 		
> >
>
_______________________________________________________
> > Abra sua conta no Yahoo! Mail: 1GB de espaço,
> alertas de e-mail no 
> > celular e anti-spam realmente eficaz.
> > http://mail.yahoo.com.br/
> > 
> 
> 
> __________________________________________________
> Fale com seus amigos  de graça com o novo Yahoo!
> Messenger http://br.messenger.yahoo.com/ 
> 


__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/

More information about the samba mailing list