Adam Nielsen wrote: >> Even after getting all such errors cleared though, I still can't access >> the shares which are using the 'valid users = @localgroup' >> configuration. I've tried changing that to 'valid users = +localgroup' >> which should only check NSS but that also fails. > > Since you're on a domain you might have to specify that the groups are > local, e.g. @MACHINENAME\localgroup, as it might default to your domain > if one is not given explicitly. > > I'm not sure how this works when winbind isn't running, but it should be > okay.
I couldn't get that configuration syntax to work with or without winbindd. I did do some more digging. This seems to be a symptom, not a cause but perhaps it helps identify the source of the problem. When it works, ie, without winbind, this produces reasonable output listing my correct unix UID and group membership: > [2009/09/28 12:09:32, 5] auth/token_util.c:debug_nt_user_token(470) > NT user token of user S-1-22-1-1000 > contains 12 SIDs > SID[ 0]: S-1-22-1-1000 > SID[ 1]: S-1-22-2-96 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-20 > SID[ 6]: S-1-22-2-24 > SID[ 7]: S-1-22-2-25 > SID[ 8]: S-1-22-2-29 > SID[ 9]: S-1-22-2-44 > SID[ 10]: S-1-22-2-46 > SID[ 11]: S-1-22-2-1111 > SE_PRIV 0x0 0x0 0x0 0x0 > [2009/09/28 12:09:32, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 1000 > Primary group is 96 and contains 8 supplementary groups > Group[ 0]: 96 > Group[ 1]: 20 > Group[ 2]: 24 > Group[ 3]: 25 > Group[ 4]: 29 > Group[ 5]: 44 > Group[ 6]: 46 > Group[ 7]: 1111 > [2009/09/28 12:09:32, 5] smbd/uid.c:change_to_user(272) > change_to_user uid=(0,1000) gid=(0,96) But when it fails, I get the much more suspicious output for similar debug calls. I haven't dug into when the user_token stuff is initialized, but clearly it isn't happening properly when winbind is running in my case. > [2009/09/28 12:19:32, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) > [2009/09/28 12:19:32, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2009/09/28 12:19:32, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) Out of curiousity, I added 'root' to 'testgroup' in /etc/group but that didn't help. It doesn't find the supplementary group for root. -David > > Cheers, > Adam. > -- ----------------------------------------------------------------- | David Mitchell ([email protected]) Network Engineer IV | | Tel: (303) 497-1845 National Center for | | FAX: (303) 497-1818 Atmospheric Research | ----------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
