Hi List,
We have a pretty complex samba configuration running version 3.0.21 , this
worked for about 2 years , but due to security reasons we need to upgrade to
latest version 3.0.28.
I have no local unix users created on our host all access is regulated via the
valid user = @AD+group statement . and the net groupmap add command. This
worked great , but seems broken in latest versions since 3.0.23
I checked the latest howtos , but no success , seems that i overlooked some
essentials...
Now my smb.conf (only the relevant lines)
----------------
workgroup = WWxxx
server string = [EMAIL PROTECTED]
security = DOMAIN
netbios name = ATWS26QC
encrypt passwords = Yes
client schannel = no
client use spnego = no
server signing = auto
config file = /usr/local/samba/lib/smb.conf
password server = vieg10wa
passdb expand explicit = no
password level = 1
winbind uid = 100000-130000
winbind gid = 100000-120000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
winbind nested groups = yes
#the shares
[home2]
path = /home2
valid users @sbs_ors_ux @sbs_ors
read only = no
browseable = yes
----------------------
output from net groupmap list
--------------------------
# bin/net groupmap list
Administrators (S-1-5-32-544) -> 100000
sbs_ors (S-1-5-21-3932861455-2822179577-2594212704-125693) -> sbs_ors_ux ---->
thats the relevant group
Users (S-1-5-32-545) -> 100001
------------------------
But I cant get it to work , I´m allways asked for a password , but should work
seemless , as it does with "old" samba version
Hope theres someone who can give me some hints , like a working smb.conf and or
a howto to manage the "net groupmap add" command in the proper way
Best regards Martin
Martin Schreiber
Siemens IT Solutions and Services GmbH
Gudrunstrasse 11
A-1101 Wien
Tel: +43(0)51707 47565
Fax: +43(0) 51707 57560
[EMAIL PROTECTED]
http://www.siemens.at/it-solutions
Siemens IT Solutions and Services GmbH, DVR 1009192, FN 180547k, Handelsgericht
Wien, Firmensitz Wien
Wichtiger Hinweis: Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder
sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail
irrtümlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine
Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt. Bitte
benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.
Important Note: This e-mail may contain trade secrets or privileged,
undisclosed or otherwise confidential information. If you have received this
e-mail in error, you are hereby notified that any review, copying or
distribution of it is strictly prohibited. Please inform us immediately and
destroy the original transmittal. Thank you for your cooperation
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
