Charles Marcus CMarcus at Media-Brokers.com wrote >>On 2/19/2008, Robert Cohen (robert.cohen at anu.edu.au) wrote: I'm not sure >>whether its the same problem as us.
>> BTW I should mention that we're simply not using winbind. The behaviour I'm >> talking about is when an XP client machine attempts to connect to our server >> to get a network share. >> >> So winbind doesn't enter into the equation. >> >From the 3.0.25 release notes (3rd paragraph is most relevant to you): >"Member servers, domain accounts, and smb.conf >============================================= >Since Samba 3.0.8, it has been recommended that all domain accounts listed >In smb.conf on a member server be fully qualified with the domain name. >This is now a requirement. All unqualified names are assumed to be local to >the Unix host, either as part of the server's local passdb or in the local >system list of accounts (e.g. /etc/passwd or /etc/group). > >The reason for this change is that smbd has transitioned from access checks >based on string comparisons to token based authorization. All names are >resolved to a SID and then verified against the logged on user's NT user >token. Local names will resolve to a local SID, while qualified domain >names will resolve to the appropriate domain SID. >If the member server is not running winbindd at all, domain accounts will be >implicitly mapped to local accounts and their tokens will be modified >appropriately to reflect the local SID and group membership. > This turned out to be the problem. We hadnt been starting winbindd since I thought it was only relevant if you were using winbind in /etc/nsswitch.conf. But as soon as we started winbind, along with other config settings mentioned earlier, everything just started working. ======================================= Robert Cohen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
