[Samba] Option valid user not expanded for groups

Mauricio Silveira msilveira at linuxbr.com
Fri Apr 27 12:34:01 GMT 2007


I believe this won't be possible via smb.conf.
As far as I know, group names with spaces are invalid under *nix.
Try to gather some more information about the use of the net command 
such as "net groupmap list".
I guess you will have to try some ohter way. I've got small knowledge 
about ADS and SAMBA as BDC.
Maybe this auth should be performed by the ADS server or should you try 
further help about "net ads".

Mauricio

Tiucra-Popa Florin Catalin wrote:
> Hi,
>
> I have a AIX 5.3 machine with Samba 3.0.24c joined into one Windows 2003 ADS server OK.
> I can request basic information, user lookup, domain lookup(wbinfo, id, net groupmap).
>
> When I want to acces the share \\node05\brom from one Windows station I receive a popup window password.
>
> In the log of the samba for that machine I found:
>
> [2007/04/27 10:48:27, 2] auth/auth.c:check_ntlm_password(319)
>   check_ntlm_password:  Authentication for user [] -> [] FAILED with error NT_ST                                                                              ATUS_NO_SUCH_USER
> [2007/04/27 10:48:28, 2] auth/auth.c:check_ntlm_password(319)
>   check_ntlm_password:  Authentication for user [] -> [] FAILED with error NT_ST                                                                              ATUS_NO_SUCH_USER
> [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old                                                                               resources.
> [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old                                                                               resources.
> [2007/04/27 10:48:29, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [node05] -> [node05] -> [TPDCBR+                                                                              node05] succeeded
> [2007/04/27 10:48:29, 2] smbd/service.c:make_connection_snum(580)
>   user 'TPDCBR+node05' (from session setup) not permitted to access this share (                                                                              brom)
> [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(319)
>   check_ntlm_password:  Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER
> [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
> [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
> [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [node05] -> [node05] -> [TPDCBR+node05] succeeded
> [2007/04/27 10:48:53, 2] smbd/service.c:make_connection_snum(580)
>   user 'TPDCBR+node05' (from session setup) not permitted to access this share (brom)
>
> My smb.conf looks like:
>
> [global]
> unix charset = LOCALE
> workgroup = TPDCBR
> realm = TPDCBR.ROM
> netbios name = NODE05
> dns proxy = No
> server string = NODE05 AIX
> security = ads
> password server = 10.99.0.4
> encrypt passwords = yes
> name resolve order = host
> log level = 10
> syslog = 0
> username map = /samba/private/smbusers
> log file = /samba/var/log/%m
> max log size = 5000
> ldap ssl = no
> winbind uid = 10000-59999
> winbind gid = 10000-59999
> idmap uid = 10000-60000
> idmap gid = 10000-60000
> template shell = /bin/ksh
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nested groups = Yes
> winbind separator = +
> auth methods = winbind
> acl compatibility = win2k
> winbind cache time = 10
> bind interfaces only = yes
> client use spnego = no
> socket address = 10.99.0.201
> allow trusted domains = no
> #use kerberos keytab = yes
> socket options = TCP_NODELAY
> #map acl inherit = Yes
> [brom]
> comment = inhouse brom
> path = /u09/inhouse/brom
> read only = No
> browseable = yes
> #valid users =@"Computers", @"domain users"
> valid users = @"domain users"
> create mask = 0777
> directory mask = 0777
> force create mode = 0777
> force directory mode = 0777
>
>
> I also made a test with only one user valid like this:
> valid users = TPDCBR.ROM+node05
> and this is working ok.
>
> Thank you.
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>   



More information about the samba mailing list