Users are having trouble accessing Samba shares via winbindd in a NT domain.
If the 'valid users' parameter for a share contained the user name for
example as follows:
valid users = DSP-John
Then John who is a member of the DSP domain can access the share. If John is
a member of a domain group called DSP-production, and the 'valid users'
parameter is as follows:
valid users = DSP-production
He cannot access the share. I have tried this parameter with and without the
'@' sign to no avail.
This occurred after upgrading to 3.0.23 from 3.0.22 on a FreeBSD 6.1 server.
This also occurs on another FreeBSD 5.4 server. Both are role server members
bouncing user authentications off WinNT PDC/BDCs.
I fixed the old nss_winbind.so library issue which got rid of some errors
but I still am faced with the issue of group authentication. 'wbinfo -u'
and
'wbinfo -g' reports information correctly. 'id DSP-John' appears
to provide
domain user information for that user including group membership.
/var/log/messages reports the following error:
Jul 14 15:57:00 aries winbindd[2705]: [2006/07/14 15:57:00, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356)
Jul 14 15:57:00 aries winbindd[2705]: cli_rpc_pipe_open_ntlmssp_internal:
cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED
There is some information related to handling groups in the Release Notes
for Samba 3.0.23. Am I being affected by that?
~Doug