Re: [Samba] Samba does not work with new AD groups

Thu, 16 Feb 2006 07:42:32 -0800 

At 08:25 AM 2/15/2006, Parker, Michael wrote:

I've configured a system to authenticate with an AD 2k3 domain (all
domain controllers have SP1) using winbind.  I have joined the server to
the domain as well. I created some shares to work with AD groups.
Here's a quick snippet of a share from my smb.conf file:


[test]
        comment = test share for winbind testing
        path = /u01/test
        write list = @ll_main/rhmps


The problem I have is if I tell the write list command to use an
existing AD group which I am already a member of, I can write to the
share.  If on the other hand, I create a new AD group, add my user
account to the group, then tell the write list to use the new group, I
cannot write to the share.  I have rebooted my test workstations, tried
writing to the share from multiple XP (SP2), workstations logged out/in,
and rebooted my smb server.  Nothing seems to help and I'm not seeing
anything in any logs to explain the problem.

My samba server is a redat 3.0 box with update 5.  The samba version is
samba-3.0.9-1.3E.5


A couple of things to check:
1) Is your new group "available" for use on your RHEL3 box? That is, can you find it in your group listings: "wbinfo -g" or "getent group"?
2) Look at the group's entry in the output from the command "getent group" -- are the group members what you expect from your AD?
3) Does your [test] resource have a "valid users =" line? (Without, default is anyone can connect...) If so, does the membership specified on this line include the users in your "write list =" line? (Doesn't have to specify the same group as your "write list=" line, but users specified here should also have access granted via inclusion in the set specified on your "valid users=" line.) 

E.g.
        valid users = "@Domain Users"
        write list = "@Subset_of_users"




Don Meyer                                           <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety." -- Benjamin Franklin, 1759 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to