hi again :)
It's a variant of the same problem but has been
exacerbated by the change from string comparisons
to token based access checks for smb.conf parameters.
stupid question: so why did you change to token based access check at
all? what were/are samba-internal reasons to do this?
First there are two new domains in 3.0.23: "Unix User"
(S-1-22-1) and "Unix Group" (S-1-22-2).
There's am implied order of precedence being applied
for unqualified names in smb.conf.
* lookup the name as a user in passdb
* lookup the name as a group in passdb
* lookup the name as a user in "Unix User"
* lookup the name as a group in "Unix Group"
First match wins.
ok, but does this also apply on a member server running winbindd,
because you say "passdb" and i always thought a domain member running
winbindd has no own passdb
(http://de.samba.org/samba/docs/man/Samba3-HOWTO/images/idmap-sid2uid.png).
or is passdb here just a "global word" for user backends no matter if on
a DC or a member?
consider this case:
valid users = DOMAIN\test DOMAIN\test
DOMAIN\test is a user and a group (donĀ“t ask why ;) )
members of the group DOMAIN\test would never be able to logon to this
share, right?
thx for clarifying things, again!
micha
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE2IfWIR7qMdg1EfYRAqtlAJ9PpSQ5MWinpY9ypzz6GZFCO44YywCgludf
TmP3IRehGnRBAxYjC/NCHy8=
=8d3j
-----END PGP SIGNATURE-----
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
49 (0)341 - 3550 374
Fax: 49 (0)341 - 3550 399
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
