Hi, I got a Samba box that is part of an Active Directory. It is working with the most basic functions, but I want to start customizing the security a little bit more. For that I want to grant access to different shares by group using "valid users = @AD+group" in the smb.conf, but hasn't worked.
I increased the verbosity of the log files and this has caught my attention: [2005/06/21 18:07:23, 10] lib/username.c:user_in_list(533) user_in_list: checking user |CONTORG0+aalse001| against |@CONTORG0+fsswebusers| [2005/06/21 18:07:23, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2005/06/21 18:07:23, 10] lib/username.c:user_in_list(533) user_in_list: checking user |CONTORG0+aalse001| against |@CONTORG0+testgroup| [2005/06/21 18:07:23, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2005/06/21 18:07:23, 2] smbd/service.c:make_connection_snum(321) user 'CONTORG0+aalse001' (from session setup) not permitted to access this share (fss_web) But if I do a getent group | grep aalse001 I get the following: CONTORG0+testgroup:x:10026:CONTORG0+aalse001 CONTORG0+fsswebusers:x:10027:CONTORG0+aalse001 Is it seems that unix box is getting the group through winbind, so it is either a bug, or I haven't done something. Any ideas? I am using Samba 3.0.13-1.4E.2 on a Centos 4 Linux box. Thank you, Pepe This is my smb.conf: [global] netbios name = CONTWEB #socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind gid = 10000-20000 workgroup = CONTORG0 #os level = 20 winbind enum groups = yes #socket address = contweb password server = contorg1 preferred master = no winbind separator = + max log size = 50 log file = /var/log/samba/log.%m encrypt passwords = yes dns proxy = no realm = CONTORG.BUSSERV.MY.REALM security = ADS #wins server = contorg1 wins proxy = no log level = 30 [fss_web] comment = Controller's Office Webserver writeable = yes path = /var/www/html force group = apache force user = apache #write list = @"CONTORG0+fsswebusers" valid users = @CONTORG0+fsswebusers @CONTORG0+testgroup -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba