[Samba] Samba not expanding AD groups
Jim Millard
jmillard at canyonco.org
Mon Oct 2 15:13:34 GMT 2006
I have noticed a problem with Samba not appearing to expand an AD group
name to allow access to a share. We have had to shut down samba
completely, manualy kill all smbd, and winbind apps (nmbd seems to go
away properly). Then restart samba to get access for our users to work.
Sample smb.conf entry:
[global]
winbind separator = +
...
[test]
path = /test
public = no
writable = yes
printable = no
valid users = @"CC+Domain Users"
We currently have Samba versions 3.0.22 and 3.0.23a running on Gentoo
and 3,0,23c running on FC5.
I see this problem on all of these systems.
I have inherited these from another admin and I am not sure the configs
are all that complete or good.
I would appreciate any pointers to information that would help me clean
up this mess. I have already got the servers running faster by changing
the log level down to reduce disk activity. We have also set the
renew_lifetime = 36000 in krb5.conf thinking the old value of 0 was
causing performance issues due to authenticating every access.
Thank you all for any help you might have.
--
Regards,
Jim Millard
Linux System Administrator
Canyon County Idaho
More information about the samba
mailing list