On Friday 14 May 2010 11:28:05 am Dimitri Yioulos wrote: > On Friday 14 May 2010 5:11:20 am Andreas Hubert > > wrote: > > hi all, > > > > yes the good old topic where most people have > > a problem with :) > > > > I have a Windows 2003 Active Directory Server > > und want that users on this directory are > > able to login on a Samba Share. The > > authentication with wbinfo -a user%password > > works and I already joined the domain with > > net ads join > > I am also able to authenticate as directory > > user with his directory password, BUT only if > > this username also exists in the /etc/passwd > > file. Users which username is not in the > > lokal passwd file cannot login. I use samba > > Version 3.0.37 on Solaris 10, here is my > > smb.conf: > > > > [global] > > workgroup = ABC > > realm = ABC.DE > > server string = Samba Server > > security = ADS > > map to guest = Bad User > > password server = ABCDC01.abc.de > > ABCDC02.abc.de use kerberos keytab = Yes > > log file = /var/log/samba/log.%m > > max log size = 50 > > time server = Yes > > os level = 65 > > local master = No > > domain master = No > > wins support = Yes > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > winbind separator = + > > > > > > [test] > > comment = test > > path = /test > > > > read only = No > > [/code] > > > > The user ABC+corpus also exists locally and I > > am able to logon with his Directory password > > on the share, but not with the user ABC+ahu > > If I just do > > useradd ahu > > I am able to logon with this user! > > What am I doing wrong? I also want that users > > from the directory will be mapped to the > > local user corpus from the access rights and > > would do this with "force user = corpus" on > > the share, would this be right? > > > > Thanks for any help > > Firstly, did you configure Kerberos properly. > Nextly, and I could be wrong on this, but I > think you need to change: > > valid users = ABC+corpus, ABC+ahu > > to: > > valid users = "@ABC+corpus" "@ABC+ahu" > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean.
Oops, sorry on the valid users piece. What I told you applies to groups. But, since you have: winbind use default domain = Yes perhaps you only need to specify the user names in "valid users". Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba