Ken Wright
2004-Mar-16 02:31 UTC
[Samba] (3.0.2a) nsswitch/winbindd_user.c:winbindd_getpwnam(157)
After connecting to the samba server as a domain user without password challenge, authenticating against a w2k DC (security = ADS), with winbindd running, I can navigate the shares successfully but cannot write to the share. I have done "net groupadd ..." to map windoze-unix groups. I am assuming from the log enties below that my access problem lies in the given errors. How to resolve? Also, I have seen a variety of conflicting examples of how to properly define domain users and groups in smb.conf. Can someone provide the proper definition that has evolved for 3.0.2a? From winbind.log: ----------------- nsswitch/winbindd_user.c:winbindd_getpwnam(157) user 'SERVER$' does not exist From the SERVER.log: -------------------- [2004/03/15 18:08:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(245) Username DOMAIN+SERVER$ is invalid on this system Thanks, Ken
Ken Wright
2004-Mar-16 08:13 UTC
[Samba] Re: (3.0.2a) nsswitch/winbindd_user.c:winbindd_getpwnam(157)
Seems as though the log entries below were a red herring. After setting local permissions to DOMAIN+USER/GROUP I am able to read/write as expected from a domain windoze machine. The smb.conf entries required the same format of DOMAIN+USER/GROUP in the share block (valid users =, write list = , etc.). I did read where this format was to be discontinued in smb.conf but apparently not yet. What puzzles me now is how to provide equal access to files/directories for both local users and domain users. As stated, I have setup the maps between local and domain groups using "net groupadd", but as of yet am unable to provide local write access to files/directories having domain ownership and visa versa. Does groupmap not provide this? Thanks, Ken Ken Wright wrote:> After connecting to the samba server as a domain user without password > challenge, authenticating against a w2k DC (security = ADS), with > winbindd running, I can navigate the shares successfully but cannot > write to the share. > > I have done "net groupadd ..." to map windoze-unix groups. > I am assuming from the log enties below that my access problem lies in > the given errors. How to resolve? > > Also, I have seen a variety of conflicting examples of how to properly > define domain users and groups in smb.conf. Can someone provide the > proper definition that has evolved for 3.0.2a? > > From winbind.log: > ----------------- > nsswitch/winbindd_user.c:winbindd_getpwnam(157) > user 'SERVER$' does not exist > > From the SERVER.log: > -------------------- > [2004/03/15 18:08:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(245) > Username DOMAIN+SERVER$ is invalid on this system > > Thanks, > > Ken > >