Hi,
I'm unable to write to shares on the RH9 box from win2k clients.
Have successfully joined domain with 'net join ads'
getent passwd lists local unix users and win2k domain users successfully
I've mapped a DOMAIN+user_group to unix user_group, which 'net groupmap list' shows
successfully
I have tried various ways to give DOMAIN+user.name access to the share, by changing
the 'valid users =' line to inlcude: DOMAIN+user_group, user_group, DOMAIN+user.name
Can browse successfully to share, but not able to write to share unless I give write
permissions to other/world
Logs show user from win2k client connecting to service as DOMAIN+user.name
win2k client recieves error: access denied.
[global]
realm = DOMAIN.COM
workgroup = DOMAIN
server string = Samba Server
hosts allow = 192.168. 127.
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50
security = ads
password server = DC1 DC2 DC3
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; password level = 8
; username level = 8
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
passwd program = /usr/bin/passwd %u
; passwd debug = yes
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
; username map = /etc/samba/smbusers
; include = /etc/samba/smb.conf.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
name resolve order = host wins lmhosts bcast
dns proxy = yes
# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
[share]
comment = Test Dir
path = /home/share
guest ok = no
browseable = yes
writable = yes
share modes = yes
valid users = DOMAIN+user_group
hide dot files = yes
What I'd like to be able to do is control access to shares using DOMAIN+user_group to
unix user_group mappings - do I need to map DOMAIN+user.name to a unix user.name as
well, for every user within the group?
Hope you can help.
Luke.
______________________________________________________________________
Any views or opinions expressed in this e-mail are solely those of the author and do
not necessarily represent those of ENDEMOL UK plc unless specifically stated.
This email and the information it contains are confidential and intended solely for
the use of the individual or entity to which it is addressed. If you have received
this email in error please notify us immediately and delete the copy you have received
from your system.
You should not copy it for any purpose, re-transmit it, use it or disclose its
contents to any other person. If you suspect the message may have been intercepted or
amended please call the sender.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
