There are some issues with SP1 Server 2003 and samba. I'm able to auth fine using samba and either kerberos or winbind. The only difference I can really determine from our configs is that I have the winbind seperator commented out so that DOMAIN\someuser works, unless I'm missing something.
[global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = UFAD realm = ADSERVER.UFL.EDU # server string is the equivalent of the NT Description field server string = SERVER hosts allow = 10.242. load printers = no log file = /var/log/samba/%m.log max log size = 50 security = ads idmap uid = 10000 - 20000 idmap gid = 10000 - 20000 #winbind separator = + winbind enum users=yes winbind enum groups=yes template homedir = /home/win/%D/%U template shell = /bin/bash client use spnego = yes winbind use default domain = yes encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #============================ Share Definitions ============================== [homes] comment = %U Home Directory browseable = no path = %H valid users = %U writable = yes create mode = 0664 directory mode = 0775 [public] comment = Public Stuff path = /home/ public = yes read only = no ; valid users = @"_IFAS-FRE-USERS_autoGS" [citrus] path = /home/httpd/html/citrus public = no read only = no write list = vmsodek rsreese ________________________________ From: Shelley, Brandon [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 06, 2006 12:23 PM To: Reese,Richard Stephen Subject: RE: [Samba] Unable to use 'valid users' from Active Directory Wow finally someone with my EXACT problem :) Though no posts here are remotely close to solving the problem. I have also tried every other recommendation in this posting, as well as many others. The problem is that even though the machine has been "net join"ed to a Windows domain, it does not want to authenticate to the server. DOMAIN\User | Password and User | Password don't work... this says to me that is is an AD complication. Our system worked fine until an upgrade to SP1 on the DC, and soon thereafter, no one could authenticate to the samba server via an AD account any longer. If anyone has ideas other than "you have to type net join etc." or "upgrade to 3.0.14a" (when I, anyway, am using 3.0.22), I, and I'm sure Richard would too, would sincerely appreciate it! Thanks in advance, Best Regards, Brandon Shelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba