Oh no sorry I was wrong - i am still using -> libkrb53 1.3.2-2 so it couldn't be a Kerberos problem. Any ideas?
Kind regards Franz Gsell -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Franz Gsell Gesendet: Sonntag, 25. April 2004 12:28 An: [EMAIL PROTECTED] Cc: 'brad smith' Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access Ok my version is 1.2.2-10. But I think this couldn't be a problem of kerberos or could it be? I think - if it is working with a windows 2000 client and not with a XP Client the problem must be located somewhere else? But I can try a newer version. Is there nobody who has the same problem - it's so strange Kind regards Franz Gsell -----Ursprüngliche Nachricht----- Von: brad smith [mailto:[EMAIL PROTECTED] Gesendet: Sonntag, 25. April 2004 09:38 An: Franz Gsell Betreff: Re: [Samba] Windows 2003 Active Directory and Group Access What version of Kerberos are you using on the linux side? Try v1.3.1, if you are not already using it (just a shot in the dark). ----- Original Message ----- From: "Franz Gsell" <[EMAIL PROTECTED]> Newsgroups: linux.samba Sent: Saturday, April 24, 2004 2:50 PM Subject: RE: [Samba] Windows 2003 Active Directory and Group Access Hi, first - thanks for your answer your are right. I have tested it now with a windows 2000 client and everything is fine. But the problem is - that the same test with a Windows XP Client fails. What's wrong? The Windows XP Client is also a member off the domain and the same user is logged on as on the windows 2000 client. But on the Windows XP Client I get the prompt to enter a username and a password to open the share of the samba server. And I have tested it on many XP Clients - always with the same result -> a Prompt to enter the username and the password (but I think the currently username should be used, because I am logged on at the domain). Perhaps can anybody help me - it's confusing Kind regards Franz Gsell -----Ursprüngliche Nachricht----- Von: Matt Perkins [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 23. April 2004 15:36 An: Franz Gsell; [EMAIL PROTECTED] Betreff: RE: [Samba] Windows 2003 Active Directory and Group Access Your winbind separator is a "+". Either comment out the "winbind separator" line in smb.conf or change your valid users entry to: valid users = @AMATEC+"GG_Entwicklung" Matt Perkins -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Franz Gsell Sent: Friday, April 23, 2004 2:13 AM To: [EMAIL PROTECTED] Subject: [Samba] Windows 2003 Active Directory and Group Access Hi together, we have a Windows 2003 Active Directory Server, working together with Samba Version 3.0.2a-Debian. It seems everything (Kerberos authentication and so on) works fine. All the authentication is done by the windows 2003 server. My problem is, that I can't connect to a share via a windows xp client, when the share has an option "valid user" which defines a group of the domain. A simple user works - but a group entry for the "valid user" option doesn't. I have read many articles and tried many different settings - but without success. Perhaps can somebody help me. Here are some outputs and configs from my system: neptun:/etc/init.d# wbinfo -g DomDomSchema-Admins Organisations-Admins DomDomDomRichtlinien-Ersteller-Besitzer DnsUpdateProxy GG_Entwicklung GG_Controlling GG_Geschaeftsfuehrung GG_Vertrieb GG_Sekretariat GG_Personal neptun:/etc/init.d# wbinfo -u Administrator Gast SATURN$ krbtgt host/neptun.amatec.local HOST/neptun testuser So testuser is a member of the global group GG_Entwicklung on the Windows 2003 Server. My smb.conf File: [global] log level = 2 workgroup = AMATEC netbios name = neptun server string = Fileserver Austausch wins server = 192.168.42.252 # winbind configuration winbind separator = + winbind use default domain = yes idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash # Activie directory joining security = ads encrypt passwords = true password server = saturn.amatec.local realm = AMATEC.LOCAL [Austausch] path = /austausch read only = no writable = yes # doesn't work #valid users = @AMATEC\"GG_Entwicklung" # doesn't work #valid users = @GG_Entwicklung # this one works valid users = testuser As you see the settings for a group access doesn't work. When i enter as user "testuser" everything works. Again - perhaps anybody can help me. Kind regards Franz Gsell -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba