[Samba] Option valid user not expanded for groups

Cleber P. de Souza cleberps at gmail.com
Sat Apr 28 15:15:55 GMT 2007


Is your 'net groupmap' set properly for this domain?


On 4/27/07, Tiucra-Popa Florin Catalin <popa_c at yahoo.com> wrote:
> Hi,
>
> I have a AIX 5.3 machine with Samba 3.0.24c joined into one Windows 2003 ADS server OK.
> I can request basic information, user lookup, domain lookup(wbinfo, id, net groupmap).
>
> When I want to acces the share \\node05\brom from one Windows station I receive a popup window password.
>
> In the log of the samba for that machine I found:
>
> [2007/04/27 10:48:27, 2] auth/auth.c:check_ntlm_password(319)
>   check_ntlm_password:  Authentication for user [] -> [] FAILED with error NT_ST                                                                              ATUS_NO_SUCH_USER
> [2007/04/27 10:48:28, 2] auth/auth.c:check_ntlm_password(319)
>   check_ntlm_password:  Authentication for user [] -> [] FAILED with error NT_ST                                                                              ATUS_NO_SUCH_USER
> [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old                                                                               resources.
> [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old                                                                               resources.
> [2007/04/27 10:48:29, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [node05] -> [node05] -> [TPDCBR+                                                                              node05] succeeded
> [2007/04/27 10:48:29, 2] smbd/service.c:make_connection_snum(580)
>   user 'TPDCBR+node05' (from session setup) not permitted to access this share (                                                                              brom)
> [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(319)
>   check_ntlm_password:  Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER
> [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
> [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
> [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [node05] -> [node05] -> [TPDCBR+node05] succeeded
> [2007/04/27 10:48:53, 2] smbd/service.c:make_connection_snum(580)
>   user 'TPDCBR+node05' (from session setup) not permitted to access this share (brom)
>
> My smb.conf looks like:
>
> [global]
> unix charset = LOCALE
> workgroup = TPDCBR
> realm = TPDCBR.ROM
> netbios name = NODE05
> dns proxy = No
> server string = NODE05 AIX
> security = ads
> password server = 10.99.0.4
> encrypt passwords = yes
> name resolve order = host
> log level = 10
> syslog = 0
> username map = /samba/private/smbusers
> log file = /samba/var/log/%m
> max log size = 5000
> ldap ssl = no
> winbind uid = 10000-59999
> winbind gid = 10000-59999
> idmap uid = 10000-60000
> idmap gid = 10000-60000
> template shell = /bin/ksh
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nested groups = Yes
> winbind separator = +
> auth methods = winbind
> acl compatibility = win2k
> winbind cache time = 10
> bind interfaces only = yes
> client use spnego = no
> socket address = 10.99.0.201
> allow trusted domains = no
> #use kerberos keytab = yes
> socket options = TCP_NODELAY
> #map acl inherit = Yes
> [brom]
> comment = inhouse brom
> path = /u09/inhouse/brom
> read only = No
> browseable = yes
> #valid users =@"Computers", @"domain users"
> valid users = @"domain users"
> create mask = 0777
> directory mask = 0777
> force create mode = 0777
> force directory mode = 0777
>
>
> I also made a test with only one user valid like this:
> valid users = TPDCBR.ROM+node05
> and this is working ok.
>
> Thank you.
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
***
Cleber P. de Souza


More information about the samba mailing list