Hi all,
I've configured a system to authenticate with an AD 2k3 domain (all
domain controllers have SP1) using winbind. I have joined the server to
the domain as well. I created some shares to work with AD groups.
Here's a quick snippet of a share from my smb.conf file:
[test]
comment = test share for winbind testing
path = /u01/test
write list = @ll_main/rhmps
The problem I have is if I tell the write list command to use an
existing AD group which I am already a member of, I can write to the
share. If on the other hand, I create a new AD group, add my user
account to the group, then tell the write list to use the new group, I
cannot write to the share. I have rebooted my test workstations, tried
writing to the share from multiple XP (SP2), workstations logged out/in,
and rebooted my smb server. Nothing seems to help and I'm not seeing
anything in any logs to explain the problem.
Any help would be greatly appreciated. If I can get it to work, I plan
to put this into production. Do you think it would be wise?
My samba server is a redat 3.0 box with update 5. The samba version is
samba-3.0.9-1.3E.5
Thanks in advance for the help.
Michael
Perhaps: chgrp ll_main/rhmps /u01/test chmod 775 /u01/test valid users = @ll_main/rhmps David David Shapiro Unix Team Lead 919-765-2011>>> "Parker, Michael" <Michael.Parker@AcuityBrands.com> 2/15/2006 9:25AM >>> Hi all, I've configured a system to authenticate with an AD 2k3 domain (all domain controllers have SP1) using winbind. I have joined the server to the domain as well. I created some shares to work with AD groups. Here's a quick snippet of a share from my smb.conf file: [test] comment = test share for winbind testing path = /u01/test write list = @ll_main/rhmps The problem I have is if I tell the write list command to use an existing AD group which I am already a member of, I can write to the share. If on the other hand, I create a new AD group, add my user account to the group, then tell the write list to use the new group, I cannot write to the share. I have rebooted my test workstations, tried writing to the share from multiple XP (SP2), workstations logged out/in, and rebooted my smb server. Nothing seems to help and I'm not seeing anything in any logs to explain the problem. Any help would be greatly appreciated. If I can get it to work, I plan to put this into production. Do you think it would be wise? My samba server is a redat 3.0 box with update 5. The samba version is samba-3.0.9-1.3E.5 Thanks in advance for the help. Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
At 08:25 AM 2/15/2006, Parker, Michael wrote:>I've configured a system to authenticate with an AD 2k3 domain (all >domain controllers have SP1) using winbind. I have joined the server to >the domain as well. I created some shares to work with AD groups. >Here's a quick snippet of a share from my smb.conf file: > > >[test] > comment = test share for winbind testing > path = /u01/test > write list = @ll_main/rhmps > > >The problem I have is if I tell the write list command to use an >existing AD group which I am already a member of, I can write to the >share. If on the other hand, I create a new AD group, add my user >account to the group, then tell the write list to use the new group, I >cannot write to the share. I have rebooted my test workstations, tried >writing to the share from multiple XP (SP2), workstations logged out/in, >and rebooted my smb server. Nothing seems to help and I'm not seeing >anything in any logs to explain the problem. > >My samba server is a redat 3.0 box with update 5. The samba version is >samba-3.0.9-1.3E.5A couple of things to check: 1) Is your new group "available" for use on your RHEL3 box? That is, can you find it in your group listings: "wbinfo -g" or "getent group"? 2) Look at the group's entry in the output from the command "getent group" -- are the group members what you expect from your AD? 3) Does your [test] resource have a "valid users =" line? (Without, default is anyone can connect...) If so, does the membership specified on this line include the users in your "write list =" line? (Doesn't have to specify the same group as your "write list=" line, but users specified here should also have access granted via inclusion in the set specified on your "valid users=" line.) E.g. valid users = "@Domain Users" write list = "@Subset_of_users" Don Meyer <dlmeyer@uiuc.edu> Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety." -- Benjamin Franklin, 1759
Thank you for your suggestions. I did all below and no luck, but I found the answer. My mapping files are located in /var/cache/samba. I discovered if I deleted the dir and created an empty dir of the same name, it all worked. Thanks -----Original Message----- From: samba-bounces+michael.parker=lithonia.com@lists.samba.org [mailto:samba-bounces+michael.parker=lithonia.com@lists.samba.org] On Behalf Of Don Meyer Sent: Thursday, February 16, 2006 10:37 AM To: samba@lists.samba.org Subject: Re: [Samba] Samba does not work with new AD groups At 08:25 AM 2/15/2006, Parker, Michael wrote:>I've configured a system to authenticate with an AD 2k3 domain (all >domain controllers have SP1) using winbind. I have joined the serverto>the domain as well. I created some shares to work with AD groups. >Here's a quick snippet of a share from my smb.conf file: > > >[test] > comment = test share for winbind testing > path = /u01/test > write list = @ll_main/rhmps > > >The problem I have is if I tell the write list command to use an >existing AD group which I am already a member of, I can write to the >share. If on the other hand, I create a new AD group, add my user >account to the group, then tell the write list to use the new group, I >cannot write to the share. I have rebooted my test workstations, tried >writing to the share from multiple XP (SP2), workstations loggedout/in,>and rebooted my smb server. Nothing seems to help and I'm not seeing >anything in any logs to explain the problem. > >My samba server is a redat 3.0 box with update 5. The samba version is >samba-3.0.9-1.3E.5A couple of things to check: 1) Is your new group "available" for use on your RHEL3 box? That is, can you find it in your group listings: "wbinfo -g" or "getent group"? 2) Look at the group's entry in the output from the command "getent group" -- are the group members what you expect from your AD? 3) Does your [test] resource have a "valid users =" line? (Without, default is anyone can connect...) If so, does the membership specified on this line include the users in your "write list =" line? (Doesn't have to specify the same group as your "write list=" line, but users specified here should also have access granted via inclusion in the set specified on your "valid users=" line.) E.g. valid users = "@Domain Users" write list = "@Subset_of_users" Don Meyer <dlmeyer@uiuc.edu> Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety." -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba