Hi All My system is Freebsd 5.4 and Samba 3.0.21a. I am using ADS for system security. In my smb.conf, I create a share like that. [Test2] comment = Test path = /usr/tmp/ valid users = @"Domain Admins",@"Domain\myaccount" The domain administrator can access the share folder, but I can't. It keeps asking me the username and password. The samba is joined to the domain and auth is working fine. I can auth my account under the shell without any problem. ************************************************************** samba# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: administrator@DOMAIN.COM Issued Expires Principal Feb 15 17:38:15 >>>Expired<<< krbtgt/DOMAIN.COM@DOMAIN.COM Feb 15 18:29:51 >>>Expired<<< domaincontrol$@DOMAIN.COM ************************************************************** smb# wbinfo -a myaccount%"*******" plaintext password authentication succeeded challenge/response password authentication succeeded smb# I guess the @"Domain\myaccount" is the wrong format, but I check the manual and can't find anything talk about the user list in smb.conf.... smb# testparm Load smb config files from /usr/local/etc/smb.conf Processing section "[Test]" Processing section "[Test2]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = DOMAIN realm = DOMAIN.COM server string = Samba Server security = ADS allow trusted domains = No password server = dc syslog only = Yes log file = /var/log/samba/log.%m max log size = 50 dns proxy = No wins server = 192.168.0.100 passdb expand explicit = No idmap backend = idmap_rid:DOMAIN=500-100000000 idmap uid = 500-100000000 idmap gid = 500-100000000 template homedir = /usr/samba/%U template shell = /bin/sh winbind cache time = 3600 winbind use default domain = Yes winbind nested groups = Yes hosts allow = 192.168.0. [Test] path = /usr/samba read only = No [Test2] comment = Test path = /usr/tmp/ valid users = "@Domain Admins", @"DOMAIN\myaccount" Thanks Alex
At 12:52 PM 2/17/2006, Alex Wang wrote:>I guess the @"Domain\myaccount" is the wrong format, but I check the >manual and can't find anything talk about the user list in smb.conf.... > >smb# testparm >... > winbind use default domain = YesFirst off, if "myaccount" is a user account, then drop the "@" -- that is one of the specials used to designate a group. Second, with "winbind use default domain" active/enabled, you should not have to specify the "DOMAIN\" part. Also, since you are using the special char "\" as a domain separator, you need to be very cognizant of where you need to properly escape it. (I.E., use "\\" instead of just "\") I'm pretty sure that "valid users =" is one of those places... Cheers, -D Don Meyer <dlmeyer@uiuc.edu> Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety." -- Benjamin Franklin, 1759
Apparently Analagous Threads
- Problem with Universal Groups
- Problems Converting from Cyrus to Dovecot (cyrus2dovecot)
- deliver stopped working
- Problems Converting from Cyrus to Dovecot (cyrus2dovecot)
- krb5_auth: NT_STATUS_NO_LOGON_SERVERS for users from trusted AD domains in samba winbind > 4.2