Using Samba 2.2.3a, w/ winbind on Debian woody, and Solaris 8. A share configured to only allow users within a group is not working because the group name has a space in it. I have tried the syntax posted here a while back: http://lists.samba.org/pipermail/samba/2001-October/059612.html Try-> valid users = " "@Domain Users" " But that does not work. A group such as "Domain Users" in domain "Domain" returns an error in log.smbd: user_in_winbind_group_list: winbind_lookup_name for group DOMAIN+Domain failed. wbinfo -t returns: Secret is good getent passwd: Returns user list getent group: Returns group list smb.conf looks like: [global] workgroup = DOMAIN netbios name = SAMBATEST server string = Samba Test Server (Samba %v) security = domain encrypt passwords = Yes update encrypted = Yes obey pam restrictions = no password server = * unix password sync = no invalid users = root syslog = 0 max log size = 1000 name resolve order = wins bcast host lmhosts socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 load printers = No add user script = /usr/sbin/useradd -p %u %u preferred master = False local master = No domain master = False dns proxy = No wins server = 10.10.20.20 # Winbind Options winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + template shell = /bin/false template homedir = /export/home/samba/%D/%U [homes] comment = Home Directories create mask = 0700 directory mask = 0700 browseable = yes writeable = yes [files] comment = User1 writes, everyone else reads path = /export/home/samba/files force user = DOMAIN+user1 force group = DOMAIN+Domain Users read only = No create mask = 0750 force create mode = 0750 directory mask = 0750 inherit permissions = yes write list = Domain+user1 browseable = yes # ***** PROBLEM HERE ****** valid users = " "@DOMAIN+Domain Users" "
Matt Pavlovich
2002-Mar-14 19:33 UTC
Still not working -- Re: [Samba] Winbind + Space in Group Name = Not working
Perhaps I am missing something.. What is the order of operations for specifing access control to a share when using winbind? Since Samba is using pam and winbind is simpily providing an interface from pam to the NT Domain, it would suggest that access definitions would need to be defined as: valid users = DOMAIN+username, @DOMAIN+groupname, -instead of- valid users = username, @groupname Am I off base? Any suggestions on the groups w/ spaces issues? Matt Pavlovich On Wed, 2002-03-13 at 15:57, Matt Pavlovich wrote:> Using Samba 2.2.3a, w/ winbind on Debian woody, and Solaris 8. > > A share configured to only allow users within a group is not working > because the group name has a space in it. I have tried the syntax > posted here a while back: > > http://lists.samba.org/pipermail/samba/2001-October/059612.html > Try-> valid users = " "@Domain Users" " > > But that does not work. A group such as "Domain Users" in domain > "Domain" returns an error in log.smbd: > > user_in_winbind_group_list: winbind_lookup_name for group DOMAIN+Domain > failed. > > wbinfo -t returns: Secret is good > getent passwd: Returns user list > getent group: Returns group list > > smb.conf looks like: > > [global] > workgroup = DOMAIN > netbios name = SAMBATEST > server string = Samba Test Server (Samba %v) > security = domain > encrypt passwords = Yes > update encrypted = Yes > obey pam restrictions = no > password server = * > unix password sync = no > invalid users = root > syslog = 0 > max log size = 1000 > name resolve order = wins bcast host lmhosts > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 > SO_RCVBUF=4096 > load printers = No > add user script = /usr/sbin/useradd -p %u %u > preferred master = False > local master = No > domain master = False > dns proxy = No > wins server = 10.10.20.20 > # Winbind Options > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind separator = + > template shell = /bin/false > template homedir = /export/home/samba/%D/%U > > [homes] > comment = Home Directories > create mask = 0700 > directory mask = 0700 > browseable = yes > writeable = yes > > [files] > comment = User1 writes, everyone else reads > path = /export/home/samba/files > force user = DOMAIN+user1 > force group = DOMAIN+Domain Users > read only = No > create mask = 0750 > force create mode = 0750 > directory mask = 0750 > inherit permissions = yes > write list = Domain+user1 > browseable = yes > > # ***** PROBLEM HERE ****** > valid users = " "@DOMAIN+Domain Users" " > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
----- Original Message ----- From: "Matt Pavlovich" <mpav@algx.net> To: <samba@lists.samba.org> Sent: Wednesday, March 13, 2002 10:57 PM Subject: [Samba] Winbind + Space in Group Name = Not working> Using Samba 2.2.3a, w/ winbind on Debian woody, and Solaris 8. > > A share configured to only allow users within a group is not working > because the group name has a space in it. I have tried the syntax > posted here a while back: > > http://lists.samba.org/pipermail/samba/2001-October/059612.html > Try-> valid users = " "@Domain Users" " > > But that does not work. A group such as "Domain Users" in domain > "Domain" returns an error in log.smbd: > > user_in_winbind_group_list: winbind_lookup_name for group DOMAIN+Domain > failed. > > wbinfo -t returns: Secret is good > getent passwd: Returns user list > getent group: Returns group list > > smb.conf looks like: > > [global] > workgroup = DOMAIN > netbios name = SAMBATEST > server string = Samba Test Server (Samba %v) > security = domain > encrypt passwords = Yes > update encrypted = Yes > obey pam restrictions = no > password server = * > unix password sync = no > invalid users = root > syslog = 0 > max log size = 1000 > name resolve order = wins bcast host lmhosts > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 > SO_RCVBUF=4096 > load printers = No > add user script = /usr/sbin/useradd -p %u %u > preferred master = False > local master = No > domain master = False > dns proxy = No > wins server = 10.10.20.20 > # Winbind Options > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind separator = + > template shell = /bin/false > template homedir = /export/home/samba/%D/%U > > [homes] > comment = Home Directories > create mask = 0700 > directory mask = 0700 > browseable = yes > writeable = yes > > [files] > comment = User1 writes, everyone else reads > path = /export/home/samba/files > force user = DOMAIN+user1 > force group = DOMAIN+Domain Users > read only = No > create mask = 0750 > force create mode = 0750 > directory mask = 0750 > inherit permissions = yes > write list = Domain+user1 > browseable = yes > > # ***** PROBLEM HERE ****** > valid users = " "@DOMAIN+Domain Users" "I had the same problem and allowed the access with valid users = @'DOMAIN+Domain Users' Now it works fine but in the log messages i always obtain: user_in_winbind_group_list: winbind_lookup_name for group DOMAIN+Domain failed. Why? Bye all /\lessandro -- Prendi GRATIS l'email universale che... risparmia: http://www.email.it/f Sponsor: Notizie, Rumors, Approfondimenti, Quotazioni? L'informazione finanziaria in tempo pi? che reale: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=242&d=17-3