[Samba] LDAP - valid users = @group
Adam Williams
awilliam at mdah.state.ms.us
Thu May 21 18:19:27 GMT 2009
John H Terpstra - Samba Team wrote:
> Before claiming it is broken, please try:
>
> valid users = @DOMAIN\somegroup
>
> This change happened during the mid-3.0.x series and is documented in
> the WHATSNEW.txt file.
>
> - John T.
>
I tried that with valid users = @ADMIN\is, and get the following error
in the log file:
[2009/05/21 13:17:51, 5] auth/token_util.c:debug_unix_user_token(492)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/05/21 13:17:51, 5] lib/smbldap.c:smbldap_search_ext(1200)
smbldap_search_ext: base => [ou=Group,dc=mdah,dc=state,dc=ms,dc=us],
filter =>
[(&(objectClass=sambaGroupMapping)(|(displayName=is)(cn=is)))], scope => [2]
[2009/05/21 13:17:51, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(|(displayName=is)(cn=is)))
[2009/05/21 13:17:51, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/05/21 13:17:51, 5] smbd/share_access.c:token_contains_name(117)
lookup_name ADMIN\is failed
[2009/05/21 13:17:51, 10] smbd/share_access.c:user_ok_token(210)
User awilliam not in 'valid users'
[2009/05/21 13:17:51, 2] smbd/service.c:make_connection_snum(736)
user 'awilliam' (from session setup) not permitted to access this
share (is)
[2009/05/21 13:17:51, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/reply.c(701) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
using valid users = @is lets me connect to the share ok. this is on
samba 3.2.11 on fedora 10 x86_64.
More information about the samba
mailing list