All, On my ubuntu linux machine here, I already have samba set up and configured with winbind to perform authentication against the local windows domain controller. Thankfully that part is all working fine - that was supposed to be the hard part. The issue I have now is: I need to grant members of a certain AD group access to share (this was supposed to be easy, but is not working) sanity check of winbind (sample output): $ wbinfo -g MYDOMAIN\domain admins MYDOMAIN\domain users MYDOMAIN\my group MYDOMAIN\my group2 Looks good. I need to grant all users in "my group" access to the share, all others shouldn't even see it.
[share] comment = Testing path = /media/share guest ok = no read only = yes valid users = @"MYDOMAIN\My Group" browseable = no locking = no If I put guest ok = yes, everything works fine. If I turn it to no, I get an authentication prompt. Answering it with invalid credentials comes back with "invalid user name or bad password", vs valid credentials says "access denied". So I know that the authentication with the domain controller is working fine, but limiting access to that group only is not. The group name has a space in it which probably isn't helping. I have tried many different combinations, but nothing seems to work. What is the proper syntax for this? We have winbind separator=\ earlier in the config file -- is that part of the problem maybe? valid users = @"MYDOMAIN\My Group" valid users = "@MYDOMAIN\My Group" valid users = "MYDOMAIN\My Group" etc nothing seems to work. My methodology for testing this is fine as soon as i put guest ok =yes, the share still works. What's the right syntax for valid users= "My Domain\My Group"? Any thoughts? Thanks, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
