I am experiencing the same thing. I had hoped it would be completely
fixed in 23a.
Dale
Stewart, Eric wrote:
Well, I just did a fresh compile and install of 3.0.23a on a
test machine and am experiencing the same behavior. In this case,
winbind is up and running, and I can chown/chgrp directories as Windows
users/groups. I am able to connect when "valid users" expressly lists
my username, but not when it specifies a group I am in. Config:
[global]
load printers = no
guest account = nobody
hosts allow = <some ips>
workgroup = MYDOM
security = ADS
realm = MY.REALM
password server = *
client schannel = no
client use spnego = yes
encrypt passwords = yes
local master = no
os level = 1
wins server = <wins ip>
preserve case = yes
invalid users = root mail daemon
log level = 10
max log size = 0
debug uid = yes
debug pid = yes
log file = /usr/local/samba/var/log.%m
lock directory = /usr/local/samba/var/locks
share modes = yes
allow trusted domains = no
winbind separator = +
winbind uid = 12500-19999
winbind gid = 12500-19999
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = no
template homedir = /dev/null
[testshare1] ; this I can connect to
browseable = yes
force create mode = 0664
force directory mode = 0775
force group = web
path = <share dir 1>
read only = no
valid users = MYDOM+eric
[testshare2] ; Here I get prompted for username and password, and denied
browseable = yes
force create mode = 0664
force directory mode = 0775
force group = MYDOM+mygroup
follow symlinks = no
path = <share dir 2>
valid users = @MYDOM+mygroup
read only = no
[testshare3] ; haven't gotten this far yet
browseable = yes
force create mode = 0664
force directory mode = 0775
follow symlinks = no
force group = unixgroup
path = <share dir 3>
valid users = @MYDOM+othergroup, MYDOM+otheruser
read only = no
Some log file lines I see (not posted cause it would take a
while to sanitize - let me know if I need to sanitize them and post them
to the group, or if you want them sent direct to someone):
winbind_lookup_sid: SUCCESS: SID
S-1-5-21-1409082233-1202660629-1343024091-5626 -> MYDOM mygroup
string_to_sid: Sid @MYDOM+mygroup does not start with 'S-'.
This is a test box mind you - my original query was about one of
two production boxes I have running Samba (one uses Winbind, the other
does not, and it was the one I was querying about).
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: Monday, July 17, 2006 11:00 AM
To: Stewart, Eric
Cc: [email protected]
Subject: Re: [Samba] 3.0.23 and group behavior
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stewart, Eric wrote:
Okay, first the admisssions:
Fixed in 3.0.23a due out in the next 24 - 48 hours.
jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEu6XgIR7qMdg1EfYRAs27AKCAOAsE3ifK9graUN8MlNAyuPxOPwCgjVjC
mmBFW4oI18smyBC8HPl7fAs=
=wNMw
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
