>I would expect this to be 'security = ads' >since you've specified a realm.
Yes you're right, i did it now. >Does this apply to you? (From WHATSNEW): > >Changes in Behavior >- ------------------- > >The following issues are known changes in behavior between Samba 2.2 and >Samba 3.0 that may affect certain installations of Samba. > >1) When operating as a member of a Windows domain, Samba 2.2 would >map any users authenticated by the remote DC to the 'guest account' >if a uid could not be obtained via the getpwnam() call. Samba 3.0 >rejects the connection as NT_STATUS_LOGON_FAILURE. There is no >current work around to re-establish the 2.2 behavior. I don't think so since i tried 2 remote connection attempts and auth seems to success: one from a remote linux client, and a log part : # /usr/bin/smbclient //172.26.123.121/myshare -U mylogon -W MYAD Password: tree connect failed: NT_STATUS_ACCESS_DENIED [2003/09/11 11:09:38, 2] auth/auth.c:check_ntlm_password(302) check_ntlm_password: authentication for user [mylogon] -> [mylogon] -> ] succeeded [2003/09/11 11:09:38, 5] auth/auth_util.c:free_user_info(1185) attempting to free (and zero) a user_info structure [2003/09/11 11:09:38, 10] auth/auth_util.c:free_user_info(1188) structure was created for mylogon [2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(207) User name: Real name: [2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(225) UNIX uid 0 is UNIX user, and will be vuid 100 [2003/09/11 11:09:38, 3] smbd/process.c:process_smb(890) Transaction 3 of length 104 [2003/09/11 11:09:38, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 9247) [2003/09/11 11:09:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/11 11:09:38, 2] smbd/service.c:make_connection_snum(384) user ' (from session setup) not permitted to access this share (myshare) [2003/09/11 11:09:38, 3] smbd/error.c:error_packet(113) error packet at smbd/reply.c(274) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Well, what i understand is that authentication succeeded, a free structure was created, but it seems to be not populate (user name and real name empty), so this is normal that user ' is not allowed to access to the share. Am I wrong in my reasoning? Another attempt, from a windows client now. thing are quite weird to me : First, there is Ticket name is [EMAIL PROTECTED] and after another Ticket with the username. While i don't see any authentifiaction success nor deny, i see that it attempt to see if the username is in the group. Does the failure related to the bad username entry in the struct? [2003/09/11 11:45:40, 3] smbd/password.c:register_vuid(207) User name:^IReal name: ... [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+SEC_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+SEC_ANOTHER_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+THIRD_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 2] smbd/service.c:make_connection_snum(384) user ' (from session setup) not permitted to access this share (secondshare) I obviously checked that permissions are set on the filesystem as well as the user account membership to global groups. Doing thoses test seem to tell me that auth is working, but there is still a small thing that don't work in my case. If needed, i can provide complete log for each of theses test. Thank's again for your help Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba