Setting 'winbind use default domain = no' and adjusting my share access to use the DOMAIN+ prefix fixed the problem.
There must be some portions of samba which are not friendly with this option, yet. The main reason why I like this option being, when ADS user's login to my server via ssh they can use the username alone, instead of prepending 'DOMAIN+' -----Original Message----- From: Colichia, Aaron Sent: Friday, October 24, 2003 9:34 AM To: 'Gerald (Jerry) Carter' Subject: RE: [Samba] 3.0.1pre1 broke my 'valid users' on one share I assume I can't set this on a per share basis, which will break other shares. My other access lists make use of the ADS groups, like "@Domain Users" When I specify the domain with these, would that be "@EST+Domain Users" ? or something else ? Due to the ridiculous spam I now receive since signing up two months ago, I am now off this list permanently. If you do reply, please send direct. Thanks for the suggestion, Aaron Colichia -----Original Message----- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 9:14 AM To: Colichia, Aaron Cc: [EMAIL PROTECTED] Subject: Re: [Samba] 3.0.1pre1 broke my 'valid users' on one share -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [EMAIL PROTECTED] wrote: | Before updating to 3.0.1pre1, the following smb.conf worked. Now when | users try to hit the [broke] share they are denied access. Winbind has | no problem finding the users and groups for the domain. I've verified | filesystem permissions, "Domain Users" have full RW access. I do not | seeing anything coming across my smbd log files. Try setting "winbindd use default domain = no" and let me know. (Have I said how much I hate that parameter today?). cheers, jerry ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~ --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/mTO4IR7qMdg1EfYRAmOvAJwIlv4Vr3sW7KeYgyAe5f5zEK8zOACgpsHx KJXjdlsqjHDCPDDiew+lvpo= =rPp2 -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
