Charles, I've just done this here on Solaris 8.
I have found slightly odd behaviour in that wbinfo -u and wbinfo -g only return the actual usernames and groups rather than "DOMAIN+Username" and "DOMAIN+Groupname".
So in my smb.conf file I needed:- valid users = @Groupname
without the DOMAIN+ part.
And yes I've set winbind seperator = + as well.
Just a thought. Steve
Charles Bueche wrote:
Hi,
I have Samba 3.0.4 on Solaris 9, recent patches applied. Samba is integrated in domain (security = domain). I have compiled and configured winbind, but not pam and no ldap. Ncsd is stopped.
Winbind works OK, I can connect to share and users get mapped on-the-fly to UNIX uids and gids in the ranges specified in smb.conf. My config is included below with some tweaks to protect the innocent.
---
My goal : I want to create a share and restrict its access based on the membership of a Windows group.
I have successfuly used :
valid users = DOM+user1 DOM+user2 DOM+user3
but when I try :
valid users = @DOM+wingroup
or :
valid users = +DOM+wingroup
It refuses me access to the share, even if I'm member of the Windows group.
What do I do wrong ? How should I write the groupnames ? Help wanted...
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
