And the correct answer is... Using a valid users line that looks like this:
Valid users = +DOMAIN\group Many thanks to "irda" on the #samba IRC channel. Ben Ben Vaughan Globalcom IT Infrastructure Support Team [EMAIL PROTECTED] 312 673 4116 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Vaughan Sent: Tuesday, December 11, 2007 10:30 AM To: samba@lists.samba.org Subject: [Samba] Winbind and groups Hello Friendly Samba People, I have a working samba install that allows my AD users access to files on my linux box. The linux box is configured via Winbind as a domain member and uses Winbind as the local NSS. I can successfully resolve both users and groups from the AD. Users are currently able to access the samba shares without trouble. I am running into trouble when trying to use groups defined in the AD as "valid users" or ACLs on the linux box. Smb.conf: [global] security = ADS realm = CORP.CALLGLOBALCOM.COM workgroup = CORP log file = /var/log/samba/%m log level = 2 #winbind / AD stuff winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 2 winbind nss info = rfc2307 winbind nested groups = Yes idmap uid range = 1000 - 30000000 idmap gid range = 100 - 30000000 idmap domains = CORP idmap config CORP:backend = ad idmap config CORP:default = yes idmap config CORP:readonly = yes [homes] [sysadmins] path = /tmp writeable = yes comment = Globalcom Sysadmins share valid users = @gc_sysadmins create mask = 0775 directory mask = 0775 # getent group gc_sysadmins gc_sysadmins:*:10001:bvaughan # getent passwd bvaughan bvaughan:*:1812:100:Ben Vaughan, IT Systems Overlord:/home/bvaughan:/bin/bash When trying to access the [sysadmins] share defined as above, samba logging says this: user 'CORP\bvaughan' (from session setup) not permitted to access this share (sysadmins) I see the disconnect, the "CORP\bvaughan" that samba sees here, vs the "bvaughan" seen in the group entry. Is there a way to make these two come together so the "valid users=" line works? I am running samba version 3.0.25b-1.el5_1.4 as provided by RedHat. Any help would be appreciated. Ben Ben Vaughan Globalcom IT Infrastructure Support Team [EMAIL PROTECTED] 312 673 4116 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba