samba - Jun 2009 - Samba + Winbind + AD homes does not work

Hello,
we use winbind to connect our Linux servers to our AD what is working
right now and we use samba to share some Linux directories to our
Windows clients what is also working as intended. The only thing we were
not able to get running are the [homes]. The authentication seems to be
wrong. Here is our configuration.

/etc/samba/smb.conf
[global]
   netbios name = demu1glcxxxx01
   workgroup = DOM
   realm = DOM.xxx.yyy
   preferred master = no
   server string = UnixCluster
   security = ADS
   encrypt passwords = true
   ;password server = *
   password server = demu1wyyyy02
   allow trusted domains = no
   log level = 2
   log file = /var/log/samba/%m
   max log size = 1000
   printcap name = cups
   printing = cups
   winbind enum users = no
   winbind enum groups = no
   winbind use default domain = yes
   winbind nested groups = yes
   winbind separator = +
   winbind cache time = 5
   idmap backend = rid:DOM=100000-5000000
   idmap uid = 100000-10000000
   idmap gid = 100000-10000000
   template homedir = /home/%D/%U
   template shell = /bin/bash

[homes]
   comment = Home Direcotries
   ;path = /pkg/global/home/%D/%U
   valid users = %S
   ;valid users = %D+%U, engelmaf, DOM+engelmann
   :valid users = @DOM+de_it-operations_dam, @"DOM+domain users",
%D+%U,
engelmaf, DOM+engelmann, %S
   read only = no
   browseable = no
   ;invalid users = root

[printers]
   comment = All Printers
   path = /var/spool/cups
   browseable = no
   printable = yes
   guest ok = yes

[dml]
   comment = Digital Media Library
   path= /pkg/tank/dml
   valid users = @DOM+de_it-operations_dam, @"DOM+domain users"
   writable=yes
   browseable=yes
   write list = @DOM+de_it-operations_dam

We are able to connect and write to dml but not to the home directories.
Any Idea what could be the problem?

OS: Debian Lenny
Samba: 3.2.5

Thank you for your help.

Regards Florian

Florian,

Try "valid users = DOM+%S".

Should that fail,  also ensure that the home directories exist (as defined in
"template homedir ="), and that these directories have the correct
permissions.

Dale


-----Original message-----
From: florian.engelmann@bt.com
Date: Tue, 30 Jun 2009 10:19:05 -0500
To: samba@lists.samba.org
Subject: [Samba] Samba + Winbind + AD homes does not work
> Hello,
> we use winbind to connect our Linux servers to our AD what is working
> right now and we use samba to share some Linux directories to our
> Windows clients what is also working as intended. The only thing we were
> not able to get running are the [homes]. The authentication seems to be
> wrong. Here is our configuration.
> 
> /etc/samba/smb.conf
> [global]
>    netbios name = demu1glcxxxx01
>    workgroup = DOM
>    realm = DOM.xxx.yyy
>    preferred master = no
>    server string = UnixCluster
>    security = ADS
>    encrypt passwords = true
>    ;password server = *
>    password server = demu1wyyyy02
>    allow trusted domains = no
>    log level = 2
>    log file = /var/log/samba/%m
>    max log size = 1000
>    printcap name = cups
>    printing = cups
>    winbind enum users = no
>    winbind enum groups = no
>    winbind use default domain = yes
>    winbind nested groups = yes
>    winbind separator = +
>    winbind cache time = 5
>    idmap backend = rid:DOM=100000-5000000
>    idmap uid = 100000-10000000
>    idmap gid = 100000-10000000
>    template homedir = /home/%D/%U
>    template shell = /bin/bash
> 
> [homes]
>    comment = Home Direcotries
>    ;path = /pkg/global/home/%D/%U
>    valid users = %S
>    ;valid users = %D+%U, engelmaf, DOM+engelmann
>    :valid users = @DOM+de_it-operations_dam, @"DOM+domain users",
%D+%U,
> engelmaf, DOM+engelmann, %S
>    read only = no
>    browseable = no
>    ;invalid users = root
> 
> [printers]
>    comment = All Printers
>    path = /var/spool/cups
>    browseable = no
>    printable = yes
>    guest ok = yes
> 
> [dml]
>    comment = Digital Media Library
>    path= /pkg/tank/dml
>    valid users = @DOM+de_it-operations_dam, @"DOM+domain users"
>    writable=yes
>    browseable=yes
>    write list = @DOM+de_it-operations_dam
> 
> We are able to connect and write to dml but not to the home directories.
> Any Idea what could be the problem?
> 
> OS: Debian Lenny
> Samba: 3.2.5
> 
> Thank you for your help.
> 
> Regards Florian
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Am Dienstag, 30. Juni 2009 schrieb
dale@briannassaladdressing.com:
> Florian,
> 
> Try "valid users = DOM+%S".
the more generalized form would be:
   "valid users = %D%w%S"
#        %D domain or workgroup name
#	 %w winbind separator
#	 %S current service name
Some distros use this one as default:
   "valid users = %S, %D%w%S"

Cheers, G?nter
> 
> Should that fail,  also ensure that the home directories exist (as defined
in "template homedir ="), and that these directories have the correct
permissions.
> 
> Dale
> 
> 
> -----Original message-----
> From: florian.engelmann@bt.com
> Date: Tue, 30 Jun 2009 10:19:05 -0500
> To: samba@lists.samba.org
> Subject: [Samba] Samba + Winbind + AD homes does not work
> 
> > Hello,
> > we use winbind to connect our Linux servers to our AD what is working
> > right now and we use samba to share some Linux directories to our
> > Windows clients what is also working as intended. The only thing we
were
> > not able to get running are the [homes]. The authentication seems to
be
> > wrong. Here is our configuration.
> > 
> > /etc/samba/smb.conf
> > [global]
> >    netbios name = demu1glcxxxx01
> >    workgroup = DOM
> >    realm = DOM.xxx.yyy
> >    preferred master = no
> >    server string = UnixCluster
> >    security = ADS
> >    encrypt passwords = true
> >    ;password server = *
> >    password server = demu1wyyyy02
> >    allow trusted domains = no
> >    log level = 2
> >    log file = /var/log/samba/%m
> >    max log size = 1000
> >    printcap name = cups
> >    printing = cups
> >    winbind enum users = no
> >    winbind enum groups = no
> >    winbind use default domain = yes
> >    winbind nested groups = yes
> >    winbind separator = +
> >    winbind cache time = 5
> >    idmap backend = rid:DOM=100000-5000000
> >    idmap uid = 100000-10000000
> >    idmap gid = 100000-10000000
> >    template homedir = /home/%D/%U
> >    template shell = /bin/bash
> > 
> > [homes]
> >    comment = Home Direcotries
> >    ;path = /pkg/global/home/%D/%U
> >    valid users = %S
> >    ;valid users = %D+%U, engelmaf, DOM+engelmann
> >    :valid users = @DOM+de_it-operations_dam, @"DOM+domain
users", %D+%U,
> > engelmaf, DOM+engelmann, %S
> >    read only = no
> >    browseable = no
> >    ;invalid users = root
> > 
> > [printers]
> >    comment = All Printers
> >    path = /var/spool/cups
> >    browseable = no
> >    printable = yes
> >    guest ok = yes
> > 
> > [dml]
> >    comment = Digital Media Library
> >    path= /pkg/tank/dml
> >    valid users = @DOM+de_it-operations_dam, @"DOM+domain
users"
> >    writable=yes
> >    browseable=yes
> >    write list = @DOM+de_it-operations_dam
> > 
> > We are able to connect and write to dml but not to the home
directories.
> > Any Idea what could be the problem?
> > 
> > OS: Debian Lenny
> > Samba: 3.2.5
> > 
> > Thank you for your help.
> > 
> > Regards Florian
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >

That fixed it! Thank you very much for your help.

Cheers,
Florian
> -----Original Message-----
> From: samba-bounces+florian.engelmann=bt.com@lists.samba.org
> [mailto:samba-bounces+florian.engelmann=bt.com@lists.samba.org] On Behalf
> Of G?nter Kukkukk
> Sent: Wednesday, July 01, 2009 12:49 AM
> To: samba@lists.samba.org
> Subject: Re: [Samba] Samba + Winbind + AD homes does not work
> 
> Am Dienstag, 30. Juni 2009 schrieb dale@briannassaladdressing.com:
> > Florian,
> >
> > Try "valid users = DOM+%S".
> 
> the more generalized form would be:
>    "valid users = %D%w%S"
> #        %D domain or workgroup name
> #	 %w winbind separator
> #	 %S current service name
> Some distros use this one as default:
>    "valid users = %S, %D%w%S"
> 
> Cheers, G?nter
> 
> >
> > Should that fail,  also ensure that the home directories exist (as
> defined in "template homedir ="), and that these directories have
the
> correct permissions.
> >
> > Dale
> >
> >
> > -----Original message-----
> > From: florian.engelmann@bt.com
> > Date: Tue, 30 Jun 2009 10:19:05 -0500
> > To: samba@lists.samba.org
> > Subject: [Samba] Samba + Winbind + AD homes does not work
> >
> > > Hello,
> > > we use winbind to connect our Linux servers to our AD what is
working
> > > right now and we use samba to share some Linux directories to our
> > > Windows clients what is also working as intended. The only thing
we
> were
> > > not able to get running are the [homes]. The authentication seems
to
> be
> > > wrong. Here is our configuration.
> > >
> > > /etc/samba/smb.conf
> > > [global]
> > >    netbios name = demu1glcxxxx01
> > >    workgroup = DOM
> > >    realm = DOM.xxx.yyy
> > >    preferred master = no
> > >    server string = UnixCluster
> > >    security = ADS
> > >    encrypt passwords = true
> > >    ;password server = *
> > >    password server = demu1wyyyy02
> > >    allow trusted domains = no
> > >    log level = 2
> > >    log file = /var/log/samba/%m
> > >    max log size = 1000
> > >    printcap name = cups
> > >    printing = cups
> > >    winbind enum users = no
> > >    winbind enum groups = no
> > >    winbind use default domain = yes
> > >    winbind nested groups = yes
> > >    winbind separator = +
> > >    winbind cache time = 5
> > >    idmap backend = rid:DOM=100000-5000000
> > >    idmap uid = 100000-10000000
> > >    idmap gid = 100000-10000000
> > >    template homedir = /home/%D/%U
> > >    template shell = /bin/bash
> > >
> > > [homes]
> > >    comment = Home Direcotries
> > >    ;path = /pkg/global/home/%D/%U
> > >    valid users = %S
> > >    ;valid users = %D+%U, engelmaf, DOM+engelmann
> > >    :valid users = @DOM+de_it-operations_dam, @"DOM+domain
users",
> %D+%U,
> > > engelmaf, DOM+engelmann, %S
> > >    read only = no
> > >    browseable = no
> > >    ;invalid users = root
> > >
> > > [printers]
> > >    comment = All Printers
> > >    path = /var/spool/cups
> > >    browseable = no
> > >    printable = yes
> > >    guest ok = yes
> > >
> > > [dml]
> > >    comment = Digital Media Library
> > >    path= /pkg/tank/dml
> > >    valid users = @DOM+de_it-operations_dam, @"DOM+domain
users"
> > >    writable=yes
> > >    browseable=yes
> > >    write list = @DOM+de_it-operations_dam
> > >
> > > We are able to connect and write to dml but not to the home
> directories.
> > > Any Idea what could be the problem?
> > >
> > > OS: Debian Lenny
> > > Samba: 3.2.5
> > >
> > > Thank you for your help.
> > >
> > > Regards Florian
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba