[Samba] Groups not working with Security=ads

[Michael Casale]

Hi all,

 

I just upgraded a test copy of my samba server from version 3.0.10E to
the latest, 3.0.23D - the RPM available for Red Hat AS4 on the samba.org
site. There was no samba-common, just samba, samba-client and
samba-winbind RPMs. I installed all three successfully. I backed up my
configs before hand and replaces / adapted them afterwards. I
successfully added this server to the domain after upgrade with the net
ads join command.

 

The problem: Group emulation is not working. I can access shares where
my account is specifically listed in the  "valid users" settings in the
smb.conf file for the share (NYC-14\mcasale), but not if my group is
listed (NYC-14\Staff or NYC-14\Domain Admins).

 

Wbinfo -g shows all the groups, and wbinfo -u shows all users. But for
some reason on this test server, and on the live server, these commands
show the group or user names but the domain is never appended to the
beginning. The live, un-updated server always has had this output yet
works fine, though. Just thought I should mention this.

 

Klist shows tickets fine. I re-added this server to the domain after I
upgraded it.

 

Getent passwd and getent group works fine.

 

So, when I navigate to the server in Windows XP in network Neighborhood,
I can see all the shares. When I click on a share where I am
specifically listed under "valid users" it opens fine. When I click on a
share where my group is specifically listed in "valid users" it prompts
me for a username and password, which it never accepts, no matter how I
put it in.

 

I checked the log under /var/log/samba/mymachinename.log and it logs no
errors. I'm suprised.

 

Any help greatly appreciated! I'm so close to getting this working!

 

Michael Casale

Systems Administrator / IT Manager

Knoa Software

mcasale at knoa.com <mailto:mcasale at knoa.com> 

Ph.  (212) 807-9608 ext. 6000

Fax  (212) 675-6121