I have a deployement of samba 3.2.5, with MIT KRB5.1.6.3 and authentication
from Win2k3 AD server. I am able to access public shares as well as
restricted shares such as an 'Engineering' share when I put my user in
the
correct AD group. However, I am completely unable to access my "Home"
share.
Getent passwd, works (grepped for my username)
marguin:x:502:502::/home/marguin:/bin/bash
marguin:*:20045:20000:Matthew Arguin:/fileshare/private/marguin:/bin/bash
Getent group, works
finance:*:20001:user1,user2,marguin
allsmbusers:*:20012:marguin,all the other group members
My dir
drwxrwxrwx 7 marguin allsmbusers 4096 Dec 3 19:16 marguin
And that marguin for the owner, corresponds to 20045, the AD user, not the
local user.
Testparm /etc/samba/smb.conf only complains about the '+' that I use as
the
delimiter
[global]
workgroup = DOMAIN
realm = DOMAIN.NET
server string = %h Samba Server Version %v
netbios name = FS
log file = /var/log/samba/%m.log
log level =10
security = ADS
use kerberos keytab = true
#client use spnego = yes
password server = <IP of AD server>
encrypt passwords = yes
local master = no
domain master = no
preferred master = no
dns proxy = no
idmap uid = 20000-40000
idmap gid = 20000-40000
template homedir = /fileshare/private/%U
template shell = /bin/bash
#template primary group = "Domain Users"
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind separator = +
winbind cache time = 300
# no is default
winbind nested groups = Yes
wins server = <ip of WINS server>
#============================ Share Definitions
=============================[homes]
comment = Home Directory for %u
path = /fileshare/private/%u
browseable = no
writable = yes
valid users = @%D+%u
# invalid users = temporarily commented out for troubleshooting
Looking for any thoughts
