Greetings friends:
So heres the problem I've been fighting for the last month to no avail.
My samba server is joined to a mixed mode AD domain. I want to set
permissions on shares based on AD groups, however only _some_ of the
group's members are allowed to access the share when I add their group
to "valid users". As far as I can tell there are no differences
between
the AD accounts of group members who can access the share and the
members who are denied access. If I add their usernames explicitly to
"valid users" then they can access the share. "getent group"
returns my
group and shows all of my users as members. I have ample uid's and
gid's reserved for winbind, (10,000-90,000) with only about 30,000 users
and under 1000 groups. I have tried using local,global and universal
groups - but it makes no difference.
Configurations tried that exhibit this problem.
Samba 3.0.4 - 3.0.7
Kerberos 1.2.7 - 1.3.5
Redhat 9
What I'm really looking for is for someone to point me in the right
direction or give me some kinda of clues to look for. I do not have
much access to my company's AD domain so if the problem is suspected to
be on the windows side I will need to have specific things in mind to
ask one of our AD admins to check. I have already posted all my
config's to this list previously, but if theres any information you want
please let me know. I would really like to get a functioning samba
server out there so we can dump our windows file servers but right now
this is impossible! Any help is greatly appreciated!
Thanks,
James Ziller
Systems Administrator
Quad/Graphics - Q/DS
West Allis, Wisconsin
james.ziller@qg.com