[Samba] LDAP - valid users = @group

Jonas Genannt jonasge at gmx.net
Sun May 10 15:42:01 GMT 2009


I have a strange problem with Samba and LDAP backend with the statement
valid users = @group.

The valid users = @username works great, but the @group oder +group
statement does not work. But the users in the @group does never get
access to the shares!

I'm using Samba 3.2.5-4 on Debian Lenny the LDAP server is located at
an Debian Etch system. But this ldap server works quite good.

My LDAP group information: 
testgroup (S-1-5-21-4204975087-1903821728-268752978-1001) -> testgroup

getent group | grep testgroup

My LDAP export:
dn: cn=testgroup,ou=Groups,dc=pogo,dc=local,dc=lan
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: testgroup
gidNumber: 1001
sambaSID: S-1-5-21-4204975087-1903821728-268752978-1001
displayName: testgroup
memberUid: wpkg
memberUid: genanntftk
sambaGroupType: 2
### I have also tried with sambaGroupType: 5

My smb.conf is located here:

Then I try to connect the following appears in the log (log

So, why Samba does not grant user genanntftk access to share?


More information about the samba mailing list