Curious - I found the problem: Our old server runs with 'valid users = @<GROUP>' for all shares. This syntax works.
I ran smb with log level 10 on the new server and saw that it tries to find the group 'Unix Group\<GROUP>'. After changing the parameter to 'valid users = @<DOMAIN>\<GROUP>' in our smb.conf it works! Is this a new behaviour? Am Freitag, den 25.08.2006, 12:04 +0200 schrieb Horchler, Joerg: > Hi Jerry, > > just a question to what I don't understand: I think on both servers nested > groups work correct (for example: I'm member of the group "sysop" which has > no unix ID. The group "sysop" itself is member of the group "admin" which has > the unix gid 500 in our Active Directory. When I type "id -a jhorchle" then I > can see that I'm in the group 'admin'. This is the correct behaviour isn't > it?) > So our idmap backend is 'ad' but nested groups are working. > > I will check krb5 to see whether this works. > > Cheers > Jörg > > ________________________________ > > Von: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] > Gesendet: Mo 21.08.2006 23:12 > An: Horchler, Joerg > Cc: samba@lists.samba.org > Betreff: Re: [Samba] samba and BUILTIN groups > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jörg Horchler wrote: > > > 'winbind nss info' from 'sfu' to 'rfc2307' everything > > worked as expected in the first look. Winbind resolved > > our Windows-Users and groups correct. (wbinfo and > > getent work perfect!) > > > > But when I try to connect to a share on the server > > I get the following error: > > > > [2006/08/18 15:22:19, 0] auth/auth_util.c:create_local_nt_token(903) > > create_local_nt_token: Failed to create BUILTIN\Administrators group! > > > There's a limitation that nested groups can only work > if you have a allocating idmap backend (tdb or ldap). > Please file a bug to help me track this. > > But this is not causing the authentication failure you > are seeing. CHeck your Krb5 client install to track that > down. > > > > > > cheers, jerry > ===================================================================== > Samba ------- http://www.samba.org > <http://www.samba.org/> > Centeris ----------- http://www.centeris.com > <http://www.centeris.com/> > "What man is a man who does not make the world better?" --Balian > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.4 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > <http://enigmail.mozdev.org/> > > iD8DBQFE6iHIIR7qMdg1EfYRAhZYAKCMhndL75xhpItANgoBlSo7fhcOSQCeLBj/ > DtikkPKI3p8yLUTU8fuHWRo= > =ASuu > -----END PGP SIGNATURE----- > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba