Hi there Just a couple of questions to help me understand. When I upgrade from 3.0.22 to 3.0.23c the access restrictions on my shares on the member server no longer work. I read in the Changes file "Since Samba 3.0.8, it has been recommended that all domain accounts listed in smb.conf on a member server be fully qualified with the...." So far so good I know what I have to do still I don't quite understand why the member server is no longer able to identify the user connecting. When, on the member server, I do a "wbinfo -U ID" I get the correct SID When I do "wbinfo -a joe%passwd" it succeeds as well as a "wbinfo -a DOMAIN\\joe%passwd" So winbindd identifies joe all right even without the DOMAIN prefix. Why does this no longer work for shares on the member server that have valid users = joe defined?? The member server gets its local users and groups via ldap. I also have in my smb.conf: winbind trusted domains only = Yes What am I missing?? Thanks -- Best Regards Robert Gehr "Technological progress has merely provided us with more efficient means for going backwards" ~ Aldous Huxley
Dear Robert,> So far so good I know what I have to do still I don't quite > understand why the member server is no longer able to > identify the user connecting.> So winbindd identifies joe all right even without the DOMAIN > prefix. Why does this no longer work for shares on the member > server that have > The member server gets its local users and groups via ldap.Do you use groups to identify users which are allowed to read from the ***directory*** corresponding to the share in problem? In other words, what are the permissions for that directory? I ask this because there is a bug in Samba which causes incorrect handling of domain groups. With best regards, P. Trifonov
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Gehr wrote:> So winbindd identifies joe all right even > without the DOMAIN prefix. Why does this > no longer work for shares on the member server that have > > > valid users = joe > > defined??please read the WHATSNEW.txt. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFIQWvIR7qMdg1EfYRApMyAKCi+DjZOUlZYE1RBP3OnpRfkZgjzACgh2Cl qdAHPLbAOCbWEhxfNwCB+Kk=Mb+X -----END PGP SIGNATURE-----