samba - Apr 2005 - 'valid users' does not accept my users, but my groups

Hi,

I'm using Version 3.0.10-Debian and have winbindd running for auth 
against our W2K TEST-DOM. I've set up shares which only some groups have 
access granted. System is runnig fine a few weeks when I now discovered 
when I want grant access to only one user, it doesn't work.

The configuration for this share is:
[testshare]
     path = /data/test
     public = no
     writeable = yes
     browseable = yes
     create mode = 0777
     force directory mode = 0775
     force create mode = 0666
     force user = www-data
     force group = www-data
     valid users = mfischer

The logfile tells me:

[2005/04/27 10:44:05, 2] auth/auth.c:check_ntlm_password(305)
   check_ntlm_password:  authentication for user [mfischer] -> 
[mfischer] -> [TEST-DOM"mfischer] succeeded

[2005/04/27 10:44:05, 2] smbd/service.c:make_connection_snum(314)
   user 'TEST-DOM"mfischer' (from session setup) not permitted to
access
this share (testshare)

When I use groups, e.g.
     valid users = @development
and my user 'mfischer' is in this group, it works without problems.

I've tried different syntaxes like
   TEST-DOM\mfischer
   TEST-DOM"mfischer (because it's written this way in the logfile)
   TEST-DOM+mfischer (because of the winbind separator)
   TEST-DOM/mfischer
none of them worked.

My pam.d/samba looks like:
# from  common-auth
auth    sufficient  pam_winbind.so
auth    sufficient  pam_unix.so nullok_secure use_first_pass
# from common-account
account required    pam_unix.so
# from common-session
session required    pam_unix.so
session required    pam_mkhomedir.so    skel=/etc/skel/ umask=0002

any suggestions or other information I can provide?

thanks,
- Markus

Is there anything special to know about pure usernames in such environment?

- Markus

Markus Fischer wrote:
> Hi,
> 
> I'm using Version 3.0.10-Debian and have winbindd running for auth 
> against our W2K TEST-DOM. I've set up shares which only some groups
have
> access granted. System is runnig fine a few weeks when I now discovered 
> when I want grant access to only one user, it doesn't work.
> 
> The configuration for this share is:
> [testshare]
>     path = /data/test
>     public = no
>     writeable = yes
>     browseable = yes
>     create mode = 0777
>     force directory mode = 0775
>     force create mode = 0666
>     force user = www-data
>     force group = www-data
>     valid users = mfischer
> 
> The logfile tells me:
> 
> [2005/04/27 10:44:05, 2] auth/auth.c:check_ntlm_password(305)
>   check_ntlm_password:  authentication for user [mfischer] -> [mfischer]
> -> [TEST-DOM"mfischer] succeeded
> 
> [2005/04/27 10:44:05, 2] smbd/service.c:make_connection_snum(314)
>   user 'TEST-DOM"mfischer' (from session setup) not permitted
to access
> this share (testshare)
> 
> When I use groups, e.g.
>     valid users = @development
> and my user 'mfischer' is in this group, it works without problems.
> 
> I've tried different syntaxes like
>   TEST-DOM\mfischer
>   TEST-DOM"mfischer (because it's written this way in the logfile)
>   TEST-DOM+mfischer (because of the winbind separator)
>   TEST-DOM/mfischer
> none of them worked.
> 
> My pam.d/samba looks like:
> # from  common-auth
> auth    sufficient  pam_winbind.so
> auth    sufficient  pam_unix.so nullok_secure use_first_pass
> # from common-account
> account required    pam_unix.so
> # from common-session
> session required    pam_unix.so
> session required    pam_mkhomedir.so    skel=/etc/skel/ umask=0002
> 
> any suggestions or other information I can provide?
> 
> thanks,
> - Markus
>