Rich Webb
2003-Oct-12 04:36 UTC
[Samba] Re: PAM-Winbind authentication working but can't use domain groups (FIXED)
----- Original Message ----- From: "Rich Webb" <rwebb@wmis.net> To: <samba@lists.samba.org> Sent: Saturday, October 11, 2003 8:17 PM> I am having trouble trying to figure out how to set up access to a samba > share based on an Active Directory group. Here is my smb.conf file:In order to make it work, I had to take out the lines "winbind use default domain = yes", and "winbind seperator = +" and then fully specify the domain group in my share definition as such: [shared] path = /svr/shared valid users = @TESTSYS\shared (or @TESTSYS\"Domain Users" if there are spaces in the group) writeable = yes browseable = yes force group = TESTSYS\shared I think this could be a bug that it does not accept only "valid users shared" while "winbind use default domain = yes". It appears that samba is not correctly matching the group the domain controllers group. The + is not a good seperator because if you read about the "valid users" directive, it uses a + to specify a unix group. Hope this helps someone! Rich