samba - May 2013 - configuring Shares, Users with Samba 4.0.5 as an AD DC

Hi, I think your problem may be that you are are trying to run the
standalone winbind daemon at the same time as the samba deamon, you cannot
do this, the samba daemon has its own built in winbind.

Could you please confirm how you provisioned samba4, post a sanitized
version of your smb.conf and explain just what you are hoping to achieve.

Rowland

> Could you please confirm how you provisioned samba4, post a sanitized
> version of your smb.conf and explain just what you are hoping to achieve.
Ok, I will do that.

I want to use samba4
1. as an active directory domain controller
2. as a file server providing diefferent shares for different windows 
users/groups.

To do so I used the samba provision script to set up samba as AD DC. 
Works fine.

Then I read about restrctioning shares to win users/groups with:
	valid users = @SAMDOM\SCHUELER

This is not working. When a user in the win group SCHUELER is accessing 
a share he gets a popup window with username /password saying that the 
acces was denied to this share.

smb.conf

# Global parameters
[global]
         workgroup = SAMDOM
         realm = SAMDOM.EXAMPLE.COM
         netbios name = ULI-SD30V10
         server role = active directory domain controller
         dns forwarder = 192.168.25.254

#  security = ads
   password server = 192.168.25.133
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind enum users = yes
   winbind enum groups = yes
   winbind cache time = 10
   winbind use default domain = yes


[netlogon]
         path = /usr/local/samba/var/locks/sysvol/samdom.example.com/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No

[schueler]
       path = /data/schueler
       comment = Schueler
       read only = no
       valid users = @SAMDOM\SCHUELER