You do need to create the ldap group for samba using the built-in SIDs for these internal groups or creating a new one for others and set the group mappings.
On 4/29/07, Tiucra-Popa Florin Catalin <[EMAIL PROTECTED]> wrote:
Hi again, Command net groupam shows: [EMAIL PROTECTED] /samba/var/log #/samba/bin/net groupmap list Administrators (S-1-5-32-544) -> BUILTIN+administrators Users (S-1-5-32-545) -> BUILTIN+users The browsing is working ok for users, but is not workig for groups. FlorinT ----- Original Message ---- From: Cleber P. de Souza <[EMAIL PROTECTED]> To: Tiucra-Popa Florin Catalin <[EMAIL PROTECTED]> Cc: sambalist <samba@lists.samba.org> Sent: Saturday, April 28, 2007 6:15:55 PM Subject: Re: [Samba] Option valid user not expanded for groups Is your 'net groupmap' set properly for this domain? On 4/27/07, Tiucra-Popa Florin Catalin <[EMAIL PROTECTED]> wrote: > Hi, > > I have a AIX 5.3 machine with Samba 3.0.24c joined into one Windows 2003 ADS server OK. > I can request basic information, user lookup, domain lookup(wbinfo, id, net groupmap). > > When I want to acces the share \\node05\brom from one Windows station I receive a popup window password. > > In the log of the samba for that machine I found: > > [2007/04/27 10:48:27, 2] auth/auth.c:check_ntlm_password(319) > check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_ST ATUS_NO_SUCH_USER > [2007/04/27 10:48:28, 2] auth/auth.c:check_ntlm_password(319) > check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_ST ATUS_NO_SUCH_USER > [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. > [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. > [2007/04/27 10:48:29, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [node05] -> [node05] -> [TPDCBR+ node05] succeeded > [2007/04/27 10:48:29, 2] smbd/service.c:make_connection_snum(580) > user 'TPDCBR+node05' (from session setup) not permitted to access this share ( brom) > [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(319) > check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER > [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. > [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. > [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [node05] -> [node05] -> [TPDCBR+node05] succeeded > [2007/04/27 10:48:53, 2] smbd/service.c:make_connection_snum(580) > user 'TPDCBR+node05' (from session setup) not permitted to access this share (brom) > > My smb.conf looks like: > > [global] > unix charset = LOCALE > workgroup = TPDCBR > realm = TPDCBR.ROM > netbios name = NODE05 > dns proxy = No > server string = NODE05 AIX > security = ads > password server = 10.99.0.4 > encrypt passwords = yes > name resolve order = host > log level = 10 > syslog = 0 > username map = /samba/private/smbusers > log file = /samba/var/log/%m > max log size = 5000 > ldap ssl = no > winbind uid = 10000-59999 > winbind gid = 10000-59999 > idmap uid = 10000-60000 > idmap gid = 10000-60000 > template shell = /bin/ksh > winbind use default domain = Yes > winbind enum users = Yes > winbind enum groups = Yes > winbind nested groups = Yes > winbind separator = + > auth methods = winbind > acl compatibility = win2k > winbind cache time = 10 > bind interfaces only = yes > client use spnego = no > socket address = 10.99.0.201 > allow trusted domains = no > #use kerberos keytab = yes > socket options = TCP_NODELAY > #map acl inherit = Yes > [brom] > comment = inhouse brom > path = /u09/inhouse/brom > read only = No > browseable = yes > #valid users =@"Computers", @"domain users" > valid users = @"domain users" > create mask = 0777 > directory mask = 0777 > force create mode = 0777 > force directory mode = 0777 > > > I also made a test with only one user valid like this: > valid users = TPDCBR.ROM+node05 > and this is working ok. > > Thank you. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- *** Cleber P. de Souza __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba