[Samba] Samba as AD member can not validate domain user

[jd at ionica.lv]

Citēju jd at ionica.lv:

> Hi!
>
> the previous problems were solved (thank you, Rowland!), but few  
> issues remains:
>
> I get such msg in log:
> 0. Is it possible to tell samba to output messages in logs as one  
> line per message (even if it is long one?)
>
> 1. 2015/04/12 11:32:39.293583,  3]  
> ../source3/smbd/msdfs.c:971(get_referred_path)
>  get_referred_path: |shareX| in dfs path \FS\shareX is not a dfs root.
> (seems it is not making problems as access to other shares giving  
> such error not influences anything)
>
>
> 2. 2015/04/12 11:32:18.852138,  3]  
> ../libcli/security/dom_sid.c:209(dom_sid_parse_endp) string_to_sid:  
> SID @INTERNAL\\group is not in a valid format
>
> such messages I get after attempt to open a share (from smb.conf):
> [shareX]
>         comment = What it serves
>         path = /home/shares/data/sharex
>         browseable = yes
>         read only = no
>         valid users = @"INTERNAL\\group"
>         force group = @"INTERNAL\\group"
>         force create mode = 0660
>         force directory mode = 0770

SOLVED:

the line valid users shuold look as such:
valid users = @INTERNAL\\group

That one remains

> The other issue I have - if the user is not a member of particular  
> domain group, but has the right to accees the share, it is requested  
> to enter username/pw, but can not access it anyway:
>
> [shareY]
>         comment = Other share
>         path=/home/shares/data/shareY
>         browseable = yes
>         read only = no
>         valid users = @INTERNAL\\group1, @INTERNAL\\otheruser
>         force group = @INTERNAL\\group1
>         force create mode = 0660
>         force directory mode = 0770

I found one additional problem - when I request Domain Users group  
information, no users are listed

gentent group "INTERNAL\\Domain Users" returns plain
domain_users:x:10000:
the same goes on DC.

Do I need to create alternative Domain Users group?