samba - May 2004 - Valid users question

Hi,

I've a question about the syntax of the valid users option. Any help is
greatly appreciated!

Here is the Background:

samba 3.0.4 
Linux as Domain Member 
Active Directory, not in Native Mode
Compiler opions: --with-winbind --with-pam --with-smbmount 

The goal is to authenticate via the Windows Domain and allow access via
Windows groups.

The syntax in my smb.conf looks like this:

valid users = DOMAIN\SOMEGROUP

However, it doesn't work no matter what. 

I can authenticate individual users thusly:

valid users = DOMAIN\SOMEUSER

I've read about the "@" "+" and "&" 
syntax, but they only seem to
represent Unix & Nis groups. 

Is there another way to represent Windows groups? Or is my config the
culprit?
Here's the conf file:

 smb.conf:

[global]

# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = DOMAIN

# WINS service
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
wins server = XXX.XXX.XXX.XXX

password server = *

server string = SAMBA

log file = /var/log/samba/%m.log
max log size = 0
log level =  10

security = domain

auth methods = guest sam ntdomain



encrypt passwords = yes

local master = no

dns proxy = no

[SOMESHARE]
   comment = Some Share
   path = /d1/articles
   public = no
   writable = yes
   printable = no
   valid users = DOMAIN\SOMEGROUP

Hi, this worked for me:


valid users = '@DOMAINNAME\GROUP'

in my smb.conf I have valid users = '@DOMAINNAME\Domain Users' and I
mapped
'Domain Users' to unixgroup domusers.

Hope this helps

Ciao







At 01:05 21/05/2004, Michael Andrewjeski wrote:
>Hi,
>
>I've a question about the syntax of the valid users option. Any help is
>greatly appreciated!
>
>Here is the Background:
>
>samba 3.0.4
>Linux as Domain Member
>Active Directory, not in Native Mode
>Compiler opions: --with-winbind --with-pam --with-smbmount
>
>The goal is to authenticate via the Windows Domain and allow access via
>Windows groups.
>
>The syntax in my smb.conf looks like this:
>
>valid users = DOMAIN\SOMEGROUP
>
>However, it doesn't work no matter what.
>
>I can authenticate individual users thusly:
>
>valid users = DOMAIN\SOMEUSER
>
>I've read about the "@" "+" and "&" 
syntax, but they only seem to
>represent Unix & Nis groups.
>
>Is there another way to represent Windows groups? Or is my config the
>culprit?
>Here's the conf file:
>
>  smb.conf:
>
>[global]
>
># workgroup = NT-Domain-Name or Workgroup-Name
>workgroup = DOMAIN
>
># WINS service
>winbind uid = 10000-20000
>winbind gid = 10000-20000
>winbind enum users = yes
>winbind enum groups = yes
>wins server = XXX.XXX.XXX.XXX
>
>password server = *
>
>server string = SAMBA
>
>log file = /var/log/samba/%m.log
>max log size = 0
>log level =  10
>
>security = domain
>
>auth methods = guest sam ntdomain
>
>
>
>encrypt passwords = yes
>
>local master = no
>
>dns proxy = no
>
>[SOMESHARE]
>    comment = Some Share
>    path = /d1/articles
>    public = no
>    writable = yes
>    printable = no
>    valid users = DOMAIN\SOMEGROUP
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=&d=21-5

Ahhh, yes!  Of course!  I should have recognized it!
 
Naturalmente la singola citazione!
Dovrei realizzare questo io stesso. 
 
Grazie molto Simone!
 
Best regards
Mike
-----Original Message-----
From: Simone [mailto:simone72@email.it] 
Sent: Friday, May 21, 2004 2:17 AM
To: Michael Andrewjeski; samba@lists.samba.org
Subject: Re: [Samba] Valid users question



	Hi, this worked for me:
	
	
	
	valid users = '@DOMAINNAME\GROUP' 
	
	in my smb.conf I have valid users = '@DOMAINNAME\Domain Users'
and I
	mapped 'Domain Users' to unixgroup domusers.
	
	Hope this helps
	
	Ciao
	
	
	
	
	
	
	
	At 01:05 21/05/2004, Michael Andrewjeski wrote:
	
	

		Hi,
		
		I've a question about the syntax of the valid users
option. Any help is
		greatly appreciated!
		
		Here is the Background:
		
		samba 3.0.4 
		Linux as Domain Member 
		Active Directory, not in Native Mode
		Compiler opions: --with-winbind --with-pam
--with-smbmount 
		
		The goal is to authenticate via the Windows Domain and
allow access via
		Windows groups.
		
		The syntax in my smb.conf looks like this:
		
		valid users = DOMAIN\SOMEGROUP
		
		However, it doesn't work no matter what. 
		
		I can authenticate individual users thusly:
		
		valid users = DOMAIN\SOMEUSER
		
		I've read about the "@" "+" and "&" 
syntax, but they
only seem to
		represent Unix & Nis groups. 
		
		Is there another way to represent Windows groups? Or is
my config the
		culprit?
		Here's the conf file:
		
		 smb.conf:
		
		[global]
		
		# workgroup = NT-Domain-Name or Workgroup-Name
		workgroup = DOMAIN
		
		# WINS service
		winbind uid = 10000-20000
		winbind gid = 10000-20000
		winbind enum users = yes
		winbind enum groups = yes
		wins server = XXX.XXX.XXX.XXX
		
		password server = *
		
		server string = SAMBA
		
		log file = /var/log/samba/%m.log
		max log size = 0
		log level =  10
		
		security = domain
		
		auth methods = guest sam ntdomain
		
		
		
		encrypt passwords = yes
		
		local master = no
		
		dns proxy = no
		
		[SOMESHARE]
		   comment = Some Share
		   path = /d1/articles
		   public = no
		   writable = yes
		   printable = no
		   valid users = DOMAIN\SOMEGROUP
		   
		-- 
		To unsubscribe from this list go to the following URL
and read the
		instructions:
http://lists.samba.org/mailman/listinfo/samba 




	----
	Email.it, the professional e-mail, gratis per te:clicca= qui
	
	Sponsor:
	
	Clicca qui

Hmm,

I'm having the same problem, and the quotes don't help.

I'm running 3.0.4 on RedHat with winbind & pam. Even set up
/etc/pam.d/login
per the docs.

please help

Mario


Hi, this worked for me:


valid users = '@DOMAINNAME\GROUP'

in my smb.conf I have valid users = '@DOMAINNAME\Domain Users' and I
mapped
'Domain Users' to unixgroup domusers.

Hope this helps

Ciao







At 01:05 21/05/2004, Michael Andrewjeski wrote:
>Hi,
>
>I've a question about the syntax of the valid users option. Any help is 
>greatly appreciated!
>
>Here is the Background:
>
>samba 3.0.4
>Linux as Domain Member
>Active Directory, not in Native Mode
>Compiler opions: --with-winbind --with-pam --with-smbmount
>
>The goal is to authenticate via the Windows Domain and allow access via 
>Windows groups.
>
>The syntax in my smb.conf looks like this:
>
>valid users = DOMAIN\SOMEGROUP
>
>However, it doesn't work no matter what.
>
>I can authenticate individual users thusly:
>
>valid users = DOMAIN\SOMEUSER
>
>I've read about the "@" "+" and "&" 
syntax, but they only seem to
>represent Unix & Nis groups.
>
>Is there another way to represent Windows groups? Or is my config the 
>culprit? Here's the conf file:
>
>  smb.conf:
>
>[global]
>
># workgroup = NT-Domain-Name or Workgroup-Name
>workgroup = DOMAIN
>
># WINS service
>winbind uid = 10000-20000
>winbind gid = 10000-20000
>winbind enum users = yes
>winbind enum groups = yes
>wins server = XXX.XXX.XXX.XXX
>
>password server = *
>
>server string = SAMBA
>
>log file = /var/log/samba/%m.log
>max log size = 0
>log level =  10
>
>security = domain
>
>auth methods = guest sam ntdomain
>
>
>
>encrypt passwords = yes
>
>local master = no
>
>dns proxy = no
>
>[SOMESHARE]
>    comment = Some Share
>    path = /d1/articles
>    public = no
>    writable = yes
>    printable = no
>    valid users = DOMAIN\SOMEGROUP
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba



--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f

Sponsor:

Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=&d=21-5
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

_________________________________________________________________
Best Restaurant Giveaway Ever! Vote for your favorites for a chance to win 
$1 million! http://local.msn.com/special/giveaway.asp

WTF? 

-----Original Message-----
From: mike andrewjeski [mailto:r3wtn0w@hotmail.com] 
Sent: Friday, May 21, 2004 9:37 AM
To: samba@lists.samba.org
Subject: Re: [Samba] Valid users question


Hmm,

I'm having the same problem, and the quotes don't help.

I'm running 3.0.4 on RedHat with winbind & pam. Even set up
/etc/pam.d/login 
per the docs.

please help

Mario


Hi, this worked for me:


valid users = '@DOMAINNAME\GROUP'

in my smb.conf I have valid users = '@DOMAINNAME\Domain Users' and I
mapped 'Domain Users' to unixgroup domusers.

Hope this helps

Ciao







At 01:05 21/05/2004, Michael Andrewjeski wrote:
>Hi,
>
>I've a question about the syntax of the valid users option. Any help is
>greatly appreciated!
>
>Here is the Background:
>
>samba 3.0.4
>Linux as Domain Member
>Active Directory, not in Native Mode
>Compiler opions: --with-winbind --with-pam --with-smbmount
>
>The goal is to authenticate via the Windows Domain and allow access via
>Windows groups.
>
>The syntax in my smb.conf looks like this:
>
>valid users = DOMAIN\SOMEGROUP
>
>However, it doesn't work no matter what.
>
>I can authenticate individual users thusly:
>
>valid users = DOMAIN\SOMEUSER
>
>I've read about the "@" "+" and "&" 
syntax, but they only seem to
>represent Unix & Nis groups.
>
>Is there another way to represent Windows groups? Or is my config the
>culprit? Here's the conf file:
>
>  smb.conf:
>
>[global]
>
># workgroup = NT-Domain-Name or Workgroup-Name
>workgroup = DOMAIN
>
># WINS service
>winbind uid = 10000-20000
>winbind gid = 10000-20000
>winbind enum users = yes
>winbind enum groups = yes
>wins server = XXX.XXX.XXX.XXX
>
>password server = *
>
>server string = SAMBA
>
>log file = /var/log/samba/%m.log
>max log size = 0
>log level =  10
>
>security = domain
>
>auth methods = guest sam ntdomain
>
>
>
>encrypt passwords = yes
>
>local master = no
>
>dns proxy = no
>
>[SOMESHARE]
>    comment = Some Share
>    path = /d1/articles
>    public = no
>    writable = yes
>    printable = no
>    valid users = DOMAIN\SOMEGROUP
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba



--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f

Sponsor:

Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=&d=21-5
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

_________________________________________________________________
Best Restaurant Giveaway Ever! Vote for your favorites for a chance to
win 
$1 million! http://local.msn.com/special/giveaway.asp

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba