Hi,
I have a fairly simple setup in samba authing users against AD (windows
2008 r2). I have two shares, "homes" and "test_share"
I have found that even though I (glynnk) am a member of "wheel" I can
not get into the "test_share" witch has "valid users =
+wheel" although
I can get into my "homes" share.
Trying to access "test_share" just keeps prompting me for a password
over and over again. The only way I can access "test_share" is to
shutdown winbind and restart samba.
Why is this happening? It used to work prior to our Domain Controllers
being upgraded to 2008 r2? Shouldn't I be able to have winbind running
and still use unix groups for auth?
Here are my configs..
/etc/group
-------------
wheel:x:10:root,glynnk
RPMS INSTALLED
---------------------
[root at iskunxbldp01 var]# rpm -qa |grep samba
samba-common-3.5.6-1
samba-client-3.5.6-1
samba-3.5.6-1
SMB.CONF
-------------
# Global parameters
[global]
workgroup = VIRGIN
server string = Samba %v on (%h)
security = ADS
netbios name = ISKUNXBLDP01
realm = VIRGINBLUE.INTERNAL
encrypt passwords = Yes
password server = iskdc01
machine password timeout = 0
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
printing = lprng
interfaces = eth0
local master = no
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0774
directory mask = 0775
browseable = No
[test_share]
path = /usr/local/test_share
valid users = +wheel
read only = No
create mask = 0774
directory mask = 0775
KRB5.CONF
-------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = VIRGINBLUE.INTERNAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
VIRGINBLUE.INTERNAL = {
admin_server = iskdc01.virginblue.internal:464
admin_server = ldrwdc03.virginblue.internal:464
admin_server = iskdc02.virginblue.internal:464
admin_server = ldrwdc04.virginblue.internal:464
default_domain = virginblue.internal
kdc = iskdc01.virginblue.internal:88
kdc = ldrwdc03.virginblue.internal:88
kdc = iskdc02.virginblue.internal:88
kdc = ldrwdc04.virginblue.internal:88
}
[domain_realm]
.virginblue.internal = VIRGINBLUE.INTERNAL
virginblue.internal = VIRGINBLUE.INTERNAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
-----------------
passwd: files winbind
shadow: files winbind
group: files winbind
The content of this e-mail, including any attachments, is a confidential
communication between Virgin Blue, Pacific Blue or a related entity (or the
sender if this email is a private communication) and the intended addressee and
is for the sole use of that intended addressee. If you are not the intended
addressee, any use, interference with, disclosure or copying of this material is
unauthorized and prohibited. If you have received this e-mail in error please
contact the sender immediately and then delete the message and any
attachment(s). There is no warranty that this email is error, virus or defect
free. This email is also subject to copyright. No part of it should be
reproduced, adapted or communicated without the written consent of the copyright
owner. If this is a private communication it does not represent the views of
Virgin Blue, Pacific Blue or their related entities. Please be aware that the
contents of any emails sent to or from Virgin Blue, Pacific Blue or their
related entities may be periodically monitored and reviewed. Virgin Blue,
Pacific Blue and their related entities respect your privacy. Our privacy policy
can be accessed from our website: www.virginblue.com.au
