Well, I just did a fresh compile and install of 3.0.23a on a test machine and am experiencing the same behavior. In this case, winbind is up and running, and I can chown/chgrp directories as Windows users/groups. I am able to connect when "valid users" expressly lists my username, but not when it specifies a group I am in. Config:
[global] load printers = no guest account = nobody hosts allow = <some ips> workgroup = MYDOM security = ADS realm = MY.REALM password server = * client schannel = no client use spnego = yes encrypt passwords = yes local master = no os level = 1 wins server = <wins ip> preserve case = yes invalid users = root mail daemon log level = 10 max log size = 0 debug uid = yes debug pid = yes log file = /usr/local/samba/var/log.%m lock directory = /usr/local/samba/var/locks share modes = yes allow trusted domains = no winbind separator = + winbind uid = 12500-19999 winbind gid = 12500-19999 winbind enum users = yes winbind enum groups = yes winbind use default domain = no template homedir = /dev/null [testshare1] ; this I can connect to browseable = yes force create mode = 0664 force directory mode = 0775 force group = web path = <share dir 1> read only = no valid users = MYDOM+eric [testshare2] ; Here I get prompted for username and password, and denied browseable = yes force create mode = 0664 force directory mode = 0775 force group = MYDOM+mygroup follow symlinks = no path = <share dir 2> valid users = @MYDOM+mygroup read only = no [testshare3] ; haven't gotten this far yet browseable = yes force create mode = 0664 force directory mode = 0775 follow symlinks = no force group = unixgroup path = <share dir 3> valid users = @MYDOM+othergroup, MYDOM+otheruser read only = no Some log file lines I see (not posted cause it would take a while to sanitize - let me know if I need to sanitize them and post them to the group, or if you want them sent direct to someone): winbind_lookup_sid: SUCCESS: SID S-1-5-21-1409082233-1202660629-1343024091-5626 -> MYDOM mygroup string_to_sid: Sid @MYDOM+mygroup does not start with 'S-'. This is a test box mind you - my original query was about one of two production boxes I have running Samba (one uses Winbind, the other does not, and it was the one I was querying about). > -----Original Message----- > From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] > Sent: Monday, July 17, 2006 11:00 AM > To: Stewart, Eric > Cc: samba@lists.samba.org > Subject: Re: [Samba] 3.0.23 and group behavior > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Stewart, Eric wrote: > > Okay, first the admisssions: > > Fixed in 3.0.23a due out in the next 24 - 48 hours. > > > > > > > jerry > ===================================================================== > Samba ------- http://www.samba.org > Centeris ----------- http://www.centeris.com > "What man is a man who does not make the world better?" --Balian > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org > > iD8DBQFEu6XgIR7qMdg1EfYRAs27AKCAOAsE3ifK9graUN8MlNAyuPxOPwCgjVjC > mmBFW4oI18smyBC8HPl7fAs= > =wNMw > -----END PGP SIGNATURE----- > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba