Hi Jerry, I actually read the WHATSNEW of 3.0.2pre1, but it wasn't that obvious for me that I had to disable "winbind use default domain = yes" in my configuration. My samba setup was working with 3.0.0-2 and the only thing I did was upgrading to 3.0.2pre1 and not changing my smb.conf file.
After the upgrade to 3.0.2pre1 my samba setup wasn't working anymore, of course I tested a few things, but everything failed. Downgrading to 3.0.0-2 solved "the problem" again, so I thought I had a bug on my hands. After your e-mail I changed "winbind use default domain = yes" to "winbind use default domain = no" and I upgraded my machine again to 3.0.2pre1 and now it is working. However, I see still in /var/log/samba/<ip-address-W2k-ws>.log "Username (null) is invalid on this system" appear, when I "net use" two mappings to my samba machine (one to the "grp" and one to the "pub" share) via the Wk3 login script. Subjoined the output of the log file when this workstation gets the 2 mappings to my samba shares: [2004/01/23 15:34:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(248) Username (null) is invalid on this system [2004/01/23 15:34:28, 1] smbd/service.c:make_connection_snum(705) 10.15.69.101 (10.15.69.101) connect to service grp initially as user NH-TEST\fo6 (uid=10004, gid=10000) (pid 1831) [2004/01/23 15:34:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(248) Username (null) is invalid on this system [2004/01/23 15:34:28, 1] smbd/service.c:make_connection_snum(705) 10.15.69.101 (10.15.69.101) connect to service pub initially as user NH-TEST\fo6 (uid=10004, gid=10000) (pid 1831) [2004/01/23 15:34:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(248) Username (null) is invalid on this system [2004/01/23 15:34:29, 1] smbd/service.c:make_connection_snum(705) 10.15.69.101 (10.15.69.101) connect to service grp initially as user NH-TEST\fo6 (uid=10004, gid=10000) (pid 1831) [2004/01/23 15:34:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(248) Username (null) is invalid on this system [2004/01/23 15:34:29, 1] smbd/service.c:make_connection_snum(705) 10.15.69.101 (10.15.69.101) connect to service pub initially as user NH-TEST\fo6 (uid=10004, gid=10000) (pid 1831) [2004/01/23 15:35:31, 1] smbd/service.c:close_cnum(887) 10.15.69.101 (10.15.69.101) closed connection to service grp [2004/01/23 15:35:31, 1] smbd/service.c:close_cnum(887) 10.15.69.101 (10.15.69.101) closed connection to service pub Both the "grp" and the "pub" share have the following configuration: valid users = @NH-TEST.NL\FO_GRP getent group: NH-TEST\FO_GRP:x:10014:NH-TEST\fo6 getent passwd: NH-TEST\fo6:x:10004:10000:fo6:/data/hom/fo6:/bin/bash "ls -l" of the "grp" share: drwxrws--- 6 root NH-TEST\FO_GRP 4096 Jan 21 17:34 fog The "fo6" ADS user can now access the "fog" directory! But where does the "Username (null) is invalid on this system" still comes from? When I set "winbind use default domain" to "yes" and set the following configuration to my "grp" share: valid users = @FO_GRP getent group: FO_GRP:x:10014:fo6 fo6:x:10004:10000:fo6:/data/hom/fo6:/bin/bash "ls -l" of the "grp" share: drwxrws--- 6 root FO_GRP 4096 Jan 21 17:34 fog then I only see "Username (null) is invalid on this system" and the W2k ws has NO access to the "grp" share. What has changed in 3.0.2pre1 compared to 3.0.0-2 that "winbind use default domain" have to be set to "no" in my original samba setup? There is no real need for me to see and use the domain component and that's why I've set "winbind use default domain" to "yes" in my original samba setup. But If I want to work only with ADS groups as valid user on a samba share, I have to set "winbind use default domain" to "yes" to make it work, right? Last question; around which week is the final 3.0.2 release expected? (Just curious, no other strings attached. ;) Best regards, Alex. -----Original Message----- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday 21 January 2004 5:07 To: Alex de Vaal Alex de Vaal wrote: > Summarization of the bug in Samba 3.0.2pre1: > It seems that an ADS group is not valid or detected anymore to access > a samba share, in case only an ADS group is used a valid user on a > Samba share, because Kerberos is reporting: Username (null) is invalid > on this system. Besides that, connecting to a share (service) reports > with Samba 3.0.0-2 REALM\username (NH-TEST.NL\fo6), but with Samba > 3.0.2pre1 connecting to a share (service) reports only username (fo6) > Downgrading to Samba 3.0.0-2 solves this problem! Please read the release notes (WHATSNEW). > winbind use default domain = yes Disable this parameter and you will get your desired behavior. - -- cheers, jerry Visit our Web site: http://www.nh-hoteles.com This message is from NH HOTELES and it is private and confidential. Its content may be legally protected.Reception by a non-intended person does not waive legal protection rights. If you receive this message by mistake, please delete it from your system and report the sender. Although this message has been cleared for viruses using currently available virus definitions before sending, it is the responsibility of the receiver to ensure it is virus-free.Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
