[Samba] valid/invalid users not working with samba & windows 2003 AD

Torsten Krah tkrah at fachschaft.imn.htwk-leipzig.de
Fri Jun 15 09:14:12 GMT 2007


the samba server is client in a windows 2003 AD managed domain.
Got a samba share like this:

        comment = Praktikanten
        path = /data/Praktikanten
        read only = No
        browseable = Yes
        create mask = 0664
        directory mask = 0775
        force group = +praktikanten

Lets take some users:

user1 is in group praktikanten.
user2 is in group vpnguests.

If i add

valid users = @praktikanten

no one can connect to the share anymore - even user1 which is member of
that group.
If i add to the first example 

invalid users = @vpnguests

user2 can still connect, but he is in that group.


/etc/samba# id user1
uid=11659(user1) gid=11616(praktikanten) Gruppen=11616(praktikanten)


/etc/samba# id user2
uid=16129(user2) gid=16128(vpnguests) Gruppen=16128(vpnguests)

Something i've missed - reading manpage and docs this should work - but
I can even take the usernames (not the group) and it wont work.

Samba version is latest etch one, 3.0.24-6.
Any help or hints welcome.

I can provide some debug logs of any level if someone want to see - tell

kind regards


More information about the samba mailing list