After so many days of whining - now it works. For all who have the same problem on a debian system mentioned below. Upgrade to 3.0.4 and everything is fine.
Kind regards Franz -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Franz Gsell Gesendet: Montag, 10. Mai 2004 19:31 An: [EMAIL PROTECTED] Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access As I have written - this is NO solution. And this has nothing to do with Permissions. I must be able to use the "winbind use default domain = yes" option. But when I use this option all users have to enter the Domain suffix on they usernames like DOMAIN+testuser for pop3 and ssh. This is a bad thing to tell 100 users that they have to enter anoter username for pop3 or ssh - but simple testuser for the share. I still need help ?? Kind regards Franz -----Ursprüngliche Nachricht----- Von: Kevin Kallsen [mailto:[EMAIL PROTECTED] Gesendet: Montag, 10. Mai 2004 00:31 An: 'Franz Gsell' Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access I had this problem too. The solution was to chmod the directory/folder with readable/writable access. Also chgrp for the directory -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Franz Gsell Sent: Sunday, May 09, 2004 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Samba] Windows 2003 Active Directory and Group Access Hi together, I have still the problems I have mentioned below. Is there any developer who can help me? If it is not possible to find a workaround, I have to enter every user explicitly in the "valid users" option, and there are about 100 users who are trying to access the share. It would be great if a developer can tell me more - perhaps I can make a hack by myself - but it's very difficult to understand all source files and how they work together. Kind regars Franz -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Franz Gsell Gesendet: Mittwoch, 5. Mai 2004 21:20 An: [EMAIL PROTECTED] Cc: 'Alex de Vaal' Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access Hi Alex, Yes I have already tried this settings: "winbind use default domain = yes" and "valid users = @AMATEC.LOCAL+GG_Entwicklung" But this only works for windows 2000 Clients and not for Windows XP Clients. As you have written before everything works without "winbind use default domain = yes" but then a user has to login e.g. for ssh with AMATEC+username. I don't think it's a good idea to hack the pam module too, perhaps is there another possibility - perhaps any of the developer team has a workaround? Kind regards Franz -----Ursprüngliche Nachricht----- Von: Alex de Vaal [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 5. Mai 2004 12:22 An: 'Franz Gsell' Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access Hello Franz, You can try to set "winbind use default domain = yes" again and use as valid users: "valid users = @AMATEC.LOCAL+GG_Entwicklung" I've found in a faq the following: Q: I tried to set valid users = @Engineers, but it does not work. My Samba server is an Active Directory Domain Member server. Has this been fixed now? A: The use of this parameter has always required the full specification of the Domain account, for example, valid users = @"MEGANET2\Domain Admins". You can always try if this work, while hacking pam_winbind.so seems not to be a good idea to me. Best regards, Alex. -----Original Message----- From: Franz Gsell [mailto:[EMAIL PROTECTED] Sent: Monday 26 April 2004 18:43 To: [EMAIL PROTECTED] Cc: 'Alex de Vaal' Subject: RE: [Samba] Windows 2003 Active Directory and Group Access Hi, thanks for your help - now it works :-))))))) But there is a new problem. We log on to the linux machine for email and ssh and so on. So the new problem is that a user is now AMATEC+testuser instead simple testuser (for the pam module). But I think we can make a hack to the pam_winbind.so file to add "AMATEC+" to the entered username (so a user has not to enter AMATEC+testuser but only testuser). Or is there a better way? Kind regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba