Hi List,
We have a pretty complex samba configuration running version 3.0.21 , this
worked for about 2 years , but due to security reasons we need to upgrade to
latest version 3.0.28.
I have no local unix users created on our host all access is regulated via the
valid user = @AD+group statement . and the net groupmap add command. This worked
great , but seems broken in latest versions since 3.0.23
I checked the latest howtos , but no success , seems that i overlooked some
essentials...
Now my smb.conf (only the relevant lines)
----------------
workgroup = WWxxx
server string = 47556.@emailaddress
security = DOMAIN
netbios name = ATWS26QC
encrypt passwords = Yes
client schannel = no
client use spnego = no
server signing = auto
config file = /usr/local/samba/lib/smb.conf
password server = vieg10wa
passdb expand explicit = no
password level = 1
winbind uid = 100000-130000
winbind gid = 100000-120000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
winbind nested groups = yes
#the shares
[home2]
path = /home2
valid users @sbs_ors_ux @sbs_ors
read only = no
browseable = yes
----------------------
output from net groupmap list
--------------------------
# bin/net groupmap list
Administrators (S-1-5-32-544) -> 100000
sbs_ors (S-1-5-21-3932861455-2822179577-2594212704-125693) -> sbs_ors_ux
----> thats the relevant group
Users (S-1-5-32-545) -> 100001
------------------------
But I cant get it to work , I?m allways asked for a password , but should work
seemless , as it does with "old" samba version
Hope theres someone who can give me some hints , like a working smb.conf and or
a howto to manage the "net groupmap add" command in the proper way
Best regards Martin
Martin Schreiber
Siemens IT Solutions and Services GmbH
Gudrunstrasse 11
A-1101 Wien
Tel: +43(0)51707 47565
Fax: +43(0) 51707 57560
martin.a.schreiber@siemens.com
http://www.siemens.at/it-solutions
Siemens IT Solutions and Services GmbH, DVR 1009192, FN 180547k, Handelsgericht
Wien, Firmensitz Wien
Wichtiger Hinweis: Diese E-Mail kann Betriebs- oder Gesch?ftsgeheimnisse oder
sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail
irrt?mlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine
Vervielf?ltigung oder Weitergabe der E-Mail ausdr?cklich untersagt. Bitte
benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.
Important Note: This e-mail may contain trade secrets or privileged, undisclosed
or otherwise confidential information. If you have received this e-mail in
error, you are hereby notified that any review, copying or distribution of it is
strictly prohibited. Please inform us immediately and destroy the original
transmittal. Thank you for your cooperation