Do you get results from "getent passwd" and "getent group"
that include
domain users?
You valid users directive should be in the form: @"DOMAIN+group name",
such as @"DOMAIN+domain users" and the part between the quotes should
be
EXACLTY as the group appears with "getent group", same case and
everything.
James Dinkel
Network Engineer
Butler County of Kansas
There are 10 types of people in the world: those who understand binary,
and those who don't.> -----Original Message-----
> From: Brian Atkins
> Sent: Tuesday, December 12, 2006 2:56 PM
>
> I'm not sure if this thread is making it on the list as I'm the
only
one> responding, but, here goes...
>
> The more I look, the more the problem appears to be UID range
conflicts.> Some background: this machine was originally built with Samba 2.x, but
> was upgraded a while back to 3.x (now 3.0.23d). I think I might be
using> some deprecated configuration parameters. In smb.conf file I have:
>
> winbind uid = 10000-20000
> winbind gid = 10000-20000
>
> Which, unfortunately seems to fall within the same range as the UID
> range that portage (the gentoo package manager) uses to build
> application user accounts (e.g., apache, stunnel, etc). I have
attempted> to alter the range:
>
> winbind uid = 15000-20000
> winbind gid = 15000-20000
>
> But it causes major issues, like, not being able to log in using a
> domain account. I'm not sure how to fix this.
>
> I also found a thread in the gentoo wiki that states that winbind
[ug]id> is deprecated and idmap [ug]id should be used instead. I also have
> noticed a lot of information regarding Samba 3.x and LDAP, but very
> little regarding Samba 3.x and winbind. Is winbind still recommended
for> and AD domain (w2k)?
>
> Brian Atkins wrote:
> > I think I cleared up the username mismatch with a simple reboot of
my> > workstation. No clue why it was happening...
> >
> > However, I am unable to connect to shares from a windows machine
using a> > username only. If I enter a groupname, it works:
> >
> > valid users = batkins (FAILS)
> >
> > valid users = @DOMAIN+"My Group" (SUCCEEDS)
> >
> > I have compared this machine's config file to another machine with
> > working samba shares. The config files are nearly identical, save
the> > server string and netbios name.
> >
> > Brian Atkins wrote:
> >> OK, here's a strange twist:
> >>
> >> [2006/12/08 17:45:17, 2] smbd/service.c:make_connection_snum(580)
> >> user 'ubackup' (from session setup) not permitted to
access this
> >> share (batkins)
> >> [2006/12/08 17:45:17, 3] smbd/error.c:error_packet(146)
> >> error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> >> NT_STATUS_ACCESS_DENIED
> >>
> >> I'm logged in under my own user account (batkins), but it is
trying
to> >> authenticate me using the user account ubackup, both of which are
AD> >> accounts.
> >>
> >> Brian
> >> "An adventure is never an adventure
> >> when it's happening. Challenging
> >> experiences need time to ferment,
> >> and an adventure is simply physical
> >> and emotional discomfort recollected
> >> in tranquility." -- Tim Cahill
> >>
> >> Brian Atkins wrote:
> >>> Curious. I have a gentoo server running 3.0.23d that simply
serves
> >>> out shares. It is a domain member, but not a pdc. From another
linux> >>> server, I can mount up shares without a hitch. But from a
windows
> >>> box, I keep getting prompted for credentials.
> >>>
> >>> I am not seeing anything substantial in the logs.
> >>>
> >>> SMB.CONF
> >>> --------
> >>> [global]
> >>> workgroup = UNICITY
> >>> realm = MYREALM.MYDOMAIN.COM
> >>> netbios name = SERVER
> >>> server string = SERVER
> >>> interfaces = 192.168.56.26 127.
> >>> bind interfaces only = yes
> >>> security = ADS
> >>> log file = /var/log/samba/log.%m
> >>> max log size = 8164
> >>> name resolve order = hosts wins bcast
> >>> socket options = TCP_NODELAY SO_RCVBUF=16384
SO_SNDBUF=16384> >>> os level = 5
> >>> preferred master = no
> >>> local master = no
> >>> domain master = no
> >>> dns proxy = no
> >>> wins proxy = no
> >>> wins server = 192.168.57.124
> >>> template shell = /bin/bash
> >>> unix extensions = no
> >>> winbind enum users = yes
> >>> idmap uid = 10000-20000
> >>> idmap gid = 10000-20000
> >>> winbind uid = 10000-20000
> >>> winbind gid = 10000-20000
> >>> winbind enum groups = yes
> >>> winbind separator = +
> >>> winbind use default domain = yes
> >>> encrypt passwords = yes
> >>> hosts allow = 192.168. 127.
> >>> load printers = no
> >>> smb ports = 139
> >>>
> >>> [myshare]
> >>> comment = My fileshare
> >>> path = /home/MYDOMAIN/myhome
> >>> invalid users = root
> >>> valid users = me
> >>> public = no
> >>> writable = yes
> >>> printable = no
> >>> create mask = 0777
> >>> directory mask = 0777
> >>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba