[Samba] Samba 3.5.6 valid users +wheel not working

Kris Glynn Kristen.Glynn at virginblue.com.au
Mon Nov 29 22:59:50 MST 2010


I have a fairly simple setup in samba authing users against AD (windows
2008 r2). I have two shares, "homes" and "test_share"

I have found that even though I (glynnk) am a member of "wheel" I can
not get into the "test_share" witch has "valid users = +wheel" although
I can get into my "homes" share.

Trying to access "test_share" just keeps prompting me for a password
over and over again. The only way I can access "test_share" is to
shutdown winbind and restart samba.

Why is this happening? It used to work prior to our Domain Controllers
being upgraded to 2008 r2? Shouldn't I be able to have winbind running
and still use unix groups for auth?

Here are my configs..


[root at iskunxbldp01 var]# rpm -qa |grep samba

# Global parameters
        workgroup = VIRGIN
        server string = Samba %v on (%h)
        security = ADS
        netbios name = ISKUNXBLDP01
        encrypt passwords = Yes
        password server = iskdc01
        machine password timeout = 0
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        printing = lprng
        interfaces = eth0
        local master = no

        comment = Home Directories
        valid users = %S
        read only = No
        create mask = 0774
        directory mask = 0775
        browseable = No

        path = /usr/local/test_share
        valid users = +wheel
        read only = No
        create mask = 0774
        directory mask = 0775

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

   admin_server = iskdc01.virginblue.internal:464
   admin_server = ldrwdc03.virginblue.internal:464
   admin_server = iskdc02.virginblue.internal:464
   admin_server = ldrwdc04.virginblue.internal:464
   default_domain = virginblue.internal
   kdc = iskdc01.virginblue.internal:88
   kdc = ldrwdc03.virginblue.internal:88
   kdc = iskdc02.virginblue.internal:88
   kdc = ldrwdc04.virginblue.internal:88

.virginblue.internal = VIRGINBLUE.INTERNAL
virginblue.internal = VIRGINBLUE.INTERNAL

pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

passwd:     files winbind
shadow:     files winbind
group:      files winbind


The content of this e-mail, including any attachments, is a confidential communication between Virgin Blue, Pacific Blue or a related entity (or the sender if this email is a private communication) and the intended addressee and is for the sole use of that intended addressee. If you are not the intended addressee, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. If you have received this e-mail in error please contact the sender immediately and then delete the message and any attachment(s). There is no warranty that this email is error, virus or defect free. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If this is a private communication it does not represent the views of Virgin Blue, Pacific Blue or their related entities. Please be aware that the contents of any emails sent to or from Virgin Blue, Pacific Blue or their related entities may be periodically monitored and reviewed. Virgin Blue, Pacific Blue and their related entities respect your privacy. Our privacy policy can be accessed from our website: www.virginblue.com.au

More information about the samba mailing list