Christoph Scheeder
2004-May-25 09:13 UTC
[Samba] Home-share, winbindd and use-default-domain trouble
Hi folks, after installing mit kerberos-1.3.3 and the samba.3_0-subversion tree from yesterday i finally got my ADS-memberserver accessible from win2k-clients. but now i have a little problem. The samba server will be the main mailgatway for the site, so i need to set the "use default domain" switch for winbind to get automagicaly created the local user-mailboxes and home-dirs for the Accounts in ADS. up to this point all if working fine. i can send mail to the users, the homedirs get created on the fly, they can be accessed etc. but if i set samba to restrict the access to the home-share only to the correct user ( "only user = %U" in the [homes] section) the users get locked out of their home-shares, and the server logs a line "user DOMAIN-username is not allowed to access share username". (i have set '-' as domain-separator in smb.conf) should this be called a bug, or is there a work-around for it? C.Scheeder
Gerald (Jerry) Carter
2004-May-25 13:22 UTC
[Samba] Home-share, winbindd and use-default-domain trouble
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christoph Scheeder wrote: | Hi folks, | after installing mit kerberos-1.3.3 and the samba.3_0-subversion tree | from yesterday i finally got my ADS-memberserver accessible from | win2k-clients. but now i have a little problem. | The samba server will be the main mailgatway for the site, so i need to | set the "use default domain" switch for winbind to get automagicaly | created the local user-mailboxes and home-dirs for the Accounts in ADS. | up to this point all if working fine. | i can send mail to the users, the homedirs get created on the fly, | they can be accessed etc. | but if i set samba to restrict the access to the home-share only to the | correct user ( "only user = %U" in the [homes] section) the users get only user is for secuerity = share. Set 'valid user = %D-%S %S' | locked out of their home-shares, and the server logs a line | "user DOMAIN-username is not allowed to access share username". | (i have set '-' as domain-separator in smb.conf) cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAs0iDIR7qMdg1EfYRAqG8AJ9g4LWcZzpQDYhcBdHoQ3yLY/wT8gCdFfdk Xt7Sq+NW5AtT0AgIbrZyV4E=buRx -----END PGP SIGNATURE-----