Ho Reese, i'm using the almost que same configuration but with something diferent. i'm using win2k SP4 with valid users parameter pointing to users instead of group. this is because winbind isn't solving simple win2k member's group neigther nested win2k member's group.
my users use user | password to be validated instead of domain\user | password because of winbind use default domain = yes parameter. Marcos --- "Reese,Richard Stephen" <[EMAIL PROTECTED]> escreveu: > There are some issues with SP1 Server 2003 and > samba. I'm able to auth > fine using samba and either kerberos or winbind. The > only difference I > can really determine from our configs is that I have > the winbind > seperator commented out so that DOMAIN\someuser > works, unless I'm > missing something. > > > [global] > > # workgroup = NT-Domain-Name or Workgroup-Name > workgroup = UFAD > realm = ADSERVER.UFL.EDU > # server string is the equivalent of the NT > Description field > server string = SERVER > > hosts allow = 10.242. > load printers = no > log file = /var/log/samba/%m.log > max log size = 50 > security = ads > > idmap uid = 10000 - 20000 > idmap gid = 10000 - 20000 > #winbind separator = + > winbind enum users=yes > winbind enum groups=yes > template homedir = /home/win/%D/%U > template shell = /bin/bash > client use spnego = yes > winbind use default domain = yes > > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > > > #============================ Share Definitions > ============================== > [homes] > comment = %U Home Directory > browseable = no > path = %H > valid users = %U > writable = yes > create mode = 0664 > directory mode = 0775 > > [public] > comment = Public Stuff > path = /home/ > public = yes > read only = no > ; valid users = @"_IFAS-FRE-USERS_autoGS" > > [citrus] > path = /home/httpd/html/citrus > public = no > read only = no > write list = vmsodek rsreese > > ________________________________ > > From: Shelley, Brandon > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 06, 2006 12:23 PM > To: Reese,Richard Stephen > Subject: RE: [Samba] Unable to use 'valid users' > from Active Directory > > > Wow finally someone with my EXACT problem :) Though > no posts here are > remotely close to solving the problem. I have also > tried every other > recommendation in this posting, as well as many > others. The problem is > that even though the machine has been "net join"ed > to a Windows domain, > it does not want to authenticate to the server. > DOMAIN\User | Password > and User | Password don't work... this says to me > that is is an AD > complication. Our system worked fine until an > upgrade to SP1 on the DC, > and soon thereafter, no one could authenticate to > the samba server via > an AD account any longer. > > If anyone has ideas other than "you have to type > net join etc." or > "upgrade to 3.0.14a" (when I, anyway, am using > 3.0.22), I, and I'm sure > Richard would too, would sincerely appreciate it! > > Thanks in advance, > > Best Regards, > Brandon Shelley > > > > -- > To unsubscribe from this list go to the following > URL and read the > instructions: > https://lists.samba.org/mailman/listinfo/samba > _______________________________________________________ Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz. http://mail.yahoo.com.br/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
