Re: [Samba] can two samba servers share uid/rid map in win2k3 domain

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

john wrote:
> Hi all,
> 
> I've been battling this for weeks.
> 
> I have one samba server joined to our windows 2k3 domain that is
> happily using Active Directory for authenication via Winbind and
> kerberos. Ok great, but now I want to have two Samba boxs on the
> domain with consistant uid/rid mapping between.
> 
> My question essentialy is can two samba servers use share a common
> uid/rid idmap when joined to a Windows 2k3 domain. If the answer is
> "yes, with LDAP" Then my question is how does the Active Directory
> user info get into that LDAP db?

If you have a single domain, use idmap_rid.  If you use ldap,
winbindd adds the entries on an as needed basis just like it does
when using idmap_tdb.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGkqaJIR7qMdg1EfYRAua2AKD0G80zJsTwzeRqUipvmu6zEpn+8wCeManu
XuvvdLMx8slFqJIfi82Bq/s=
=NZEl
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] can two samba servers share uid/rid map in win2k3 domain

[john]

Hi all,

I've been battling this for weeks.

I have one samba server joined to our windows 2k3 domain that is
happily using Active Directory for authenication via Winbind and
kerberos. Ok great, but now I want to have two Samba boxs on the
domain with consistant uid/rid mapping between.

My question essentialy is can two samba servers use share a common
uid/rid idmap when joined to a Windows 2k3 domain. If the answer is
"yes, with LDAP" Then my question is how does the Active Directory
user info get into that LDAP db?

No howto I've seen, goes beyond the one server configuration. If you
know of one, I'd really love to be pointed at it.

Thanks,

John
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Section 7.3.4 Samba3-ByExample

[Adam Tauno Williams]

> I hope this question is specific enough:
> How does Active Directory user info get into the LDAP backend once you
> have followed John T's direction in chapter 7, section 7.3.4
> Samba3-ByExample?

It doesn't.  If by 7.3.4 you mean "Active Directory Domain with Samba
Domain Member Server" Samba is a member of the AD domain, not a
controller.  It doesn't have a local authentication backend.  The user
information already exists in the AD server, Samba (and possibly NSS)
just use it.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP and Kerberos configuration

[Sean P. Elble]

Unfortunately, this type of setup is very far from trivial. LDAP and 
Kerberos combined can be quite a bit of a pain as it is, and throwing 
Samba into the mix only makes things even more painful. That said, the 
following link is pretty much the best thing on the web (IMHO) with regard 
to doing this:


http://aput.net/~jheiss/krbldap/

The link is a bit out-of-date, and has a few errors that were pretty 
painful to diagnose and fix, but I did eventually get a completely 
replicated LDAP/Kerberos setup, with a single Samba PDC at the moment 
(this is at home, so I'm not *THAT* concerned about the Samba box dying).


I did e-mail the author of the document to note the errors and omissions, 
but I never received a reply, nor were my changes added to his site. 
That's a real shame, because his documents were (and still are, for the 
most part) quite good.


I don't have any of my notes on the subject handy, but the largest issues 
that I can remember off hand were:


1. Some the LDAP ACL entries were not correct, or were out-of-date with 
current versions of LDAP.


2. I'm pretty sure there was quite a few more steps invovled with getting 
Samba to play nicely with a standard LDAP+Kerberos setup. Also, note that 
with a standard MIT Kerberos distribution, you will NOT be able to store 
Windows passwords in the MIT Kerberos database. The best you can do, as 
things stand right now, without any patches to either Samba or Kerberos, 
is sync the Kerberos passwords (to be used with everything but Samba) with 
the NTLM password hashes stored in the LDAP directory. If you choose to 
use Heimdal, I understand that it is possible to use the Samba NT password 
hashes for the Kerberos authentication as well, per Andrew Bartlett's 
reply to me on the subject from back in April 
.


3. Kerberos replication has a few more steps than are detailed on his 
page, and really aren't all that clear in any of the official MIT Kerberos 
documentation either (i.e. you must create a database on each of your 
Kerberos slaves before kpropd will replicate - you won't get any error 
messages that indicate that problem either).


I will try and post my notes on the subject later tonight, and I'm sure 
I'd hear some corrections to make to them, but in the meantime, the link I 
referenced to above is about as good as it gets if you want SSO for 
Linux/UNIX and Windows systems, with the backend being served by Linux or 
UNIX. At least until Samba 4 comes out, anyway . . . ;-) :-)


--
+-+
|  Sean Elble |
|  Virginia Tech, Class of 2008   |
|  Vice President, VTLUUG |
|  E-Mail:   [EMAIL PROTECTED]|
|  Web:  http://www.sessys.com/~elbles/   |
|  Cell: 860.946.9477 |
+-+

On Tue, 3 Jul 2007, Nick Bartos wrote:


Good luck, I've been looking for the same thing for some time now.




Hello,

I am looking for configuration of SAMBA  3.0.25a with LDAP registry and
Authentication with Kerberos.
Any help is appreciated.

Iliya

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

SES Computer Systems Anti-Virus and Anti-Spam E-Mail Filtering
Powered By ClamAV & SpamAssassin



SES Computer Systems Anti-Virus and Anti-Spam E-Mail Filtering
Powered By ClamAV & SpamAssassin
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Section 7.3.4 Samba3-ByExample

[john]

Hello all,

I hope this question is specific enough:

How does Active Directory user info get into the LDAP backend once you
have followed John T's direction in chapter 7, section 7.3.4
Samba3-ByExample?

Thanks!

John
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & Vista

[Adam Tauno Williams]

> Does anybody know if Samba is compadable with Vista Yet?  

Yes.

> If so, is there a way for a group pr user policy to allow samba users to 
> things in windows vista, like install programs w/o admin access.  

No, a Samba 3.x PDC only supports NT4 domain policies. 
http://www.microsoft.com/technet/archive/winntas/maintain/featusability/prof_pol.mspx?pf=true

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-3.0.25a on legacy Solaris 7 box fails to do authentication

[Rob Tanner]

Hi,

I'm running Samba 2.2 on a legacy Solaris 7 box that I need to upgrade
to Samba 3 to allow Windows Vista client to access their shares.  I
built Samba-3.0.25a from source and so long as I ran configure with the
"--without-winbind" it compiled and installed okay.  It is using DOMAIN
authentication so I assume that not including winbind is acceptable.  I
am running the new version using the same smb.conf file I was using on
Samba 2.2.  The command "net join member" appeared to run okay (no
errors reported).  The problem is that authentication is failing.  Here
is a sample from the log file:

[2007/07/09 09:25:44, 0]
lib/util_tdb.c:tdb_chainlock_with_timeout_internal(84)
  tdb_chainlock_with_timeout_internal: alarm (10) timed out for key
MBOT in tdb /usr/local/samba/private/secrets.tdb
[2007/07/09 09:25:53, 1] lib/util_sock.c:open_socket_out(896) timeout
connecting to 10.170.131.14:445
[2007/07/09 09:26:02, 0]
lib/util_tdb.c:tdb_chainlock_with_timeout_internal(84)


Any ideas as where to look?

Thanks,
Rob


-- 
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: valid/invalid users problem

[Alexis ROBERT]

Errr, I was cleaning my keyboard, and I accidentally sent the mail ... :D

So, I have a little problem : I want to restrict some users to connect
to a specific share. I know there is "valid users" property, but it
doesn't work as expected : I want to deny all users except whose in
valid users (instead of accepting any users AND users specified in
"valid users", which is totally useless for me :) ).

I've found a workaround : denying all users except those whose are
authorized, but it's very very hacky : when I create a new account by
LDAP, i must change the config to deny this user.

Thanks you
Alexis ROBERT

On 7/9/07, Alexis ROBERT <[EMAIL PROTECTED]> wrote:

Hi,

I'm currently deploying Samba in a small company which products
cosmetics. This Samba server just act as a fileserver (so, it's not a
PDC, but it uses LDAP for an easier configuration for the CEO,
phpldapadmin rocks :) ).

I have a little problem : I want to restrict some user to use  njj


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & Vista

[T.R.Shashwath]

On Sunday 08 Jul 2007 9:25:40 pm Jeffrey Hathaway wrote:
> Hello,
>
> Does anybody know if Samba is compadable with Vista Yet?  If so, is there a
> way for a group pr user policy to allow samba users to things in windows
> vista, like install programs w/o admin access.  I know Vista has policies
> that can do this, where it cna basicly grant the user access, witha  prompt
> or w/o a prompt.  Can Samba support this too?

Well, I do know that basic filesharing works reasonably well with Vista at 
least, but I didn't have that particular machine long enough to play with 
group policies and the like. Besides, that machine was a Vista Home edition 
anyway.

Shash
-- 
'Would you tell me, please, which way I ought to go from here?'
 'That depends a good deal on where you want to get to,'
 'I don’t know where. . .'
 'Then it doesn’t matter which way you go,'
--Lewis Carroll, Alice in wonderland
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unable to join AD domain

[Alfredo Ramos]

I have a problem joining the AD domain. And this problem has kept us 
from upgrading to any other release of samba since 3.0.14a. That is the 
release we're running on our production server. That release was the 
last one to successfully join the domain.


The short version of the problem:

  The samba server refuses to use 'TCP' when running the 'net' command 
to join the domain. And the DC refuses to use UDP to answer to the samba 
server.


The long version now:

 On the 3.0.14a release, we can force the communication with the DC to 
go over TCP by specifying  'tcp' on the "kdc = ..." entry on the 
krb5.conf file. Every other release since then, promptly ignores the 
krb5.conf file so, all communication with the DC goes over UDP. I have 
snooped the traffic from the samba server to the DC, and every time I 
see the miscommunication taking place.


 What seems even more confusing is the fact that, if I trace the 'net 
ads status' command, I see where the krb5.conf file is read and 
communication with the DC takes place using TCP. But if I trace the 'net 
ads join' command, the krb5.conf is never even considered. I don't see 
the process stating/opening it at all. It seems as if the 'net join' 
command doesn't need to read any kerberos config file. It seems to 
assume it knows what to do automagically.


 The samba server is running Red Hat 4 Eterprise Level. The samba 
package was built with the latest packages; heimdal-0.8.1, 
openldap-2.3.36, sasl-2.1.22, openssl-0.9.8e. The krb5.conf, and the 
smb.conf files look as follows:



[libdefaults]
  default_realm = AD.RICE.EDU
  #  default_tkt_enctypes = rc4-hmac
#  default_tgs_enctypes = rc4-hmac
  default_etypes = des-cbc-crc
  large_msg_size = 1
#   default_etypes = des-cbc-crc"Have tried all these 
combinations to no avail"

#   default_etypes_des = des-cbc-crc
#   default_tkt_enctypes = des-cbc-md5
#   default_tgs_enctypes = des-cbc-md5
#  default_tkt_enctypes = rc4-hmac
#  default_tgs_enctypes = rc4-hmac
[realms]
  AD.RICE.EDU = {
 kdc = tcp/support-dc6..
 admin_server = support-dc6...
  }

  RICE.EDU  = {
 kdc = kerberos.rice.edu.
 kdc = cerberos.rice.edu.
 admin_server = kerberos.rice.edu.
  }

[domain_realm]
.ad.rice.edu = AD.RICE.EDU
.rice.edu = RICE.EDU
*

smb.conf
[global]

unix charset = LOCALE
workgroup = ADRICE
server string = Samba RN2
security = ADS
realm = AD.RICE.EDU
allow trusted domains = No
encrypt passwords = yes
username map = /etc/samba/smbusers
ldap ssl = no
idmap uid = 500-1000
idmap gid = 500-1000
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
password server = support-dc6...
wins server = 128.X.X.X

*

Please help.

 Thanks;

Al.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Opensuse: Samba LDAP useradd fails

[Fajar Priyanto]

Hello all,
I'm troubleshooting Zimbra + Samba LDAP on opensuse10.2.
When trying to useradd manually:
fajar102:~ # useradd --service ldap --binddn uid=zimbra,cn=admins,cn=zimbra -g 
20002 test2
Enter LDAP Password:
Cannot find base ou for new users.
LDAP information update failed: Operations error
In /var/log/messages:
Jul  5 16:01:04 fajar102 useradd[14606]: new account added - account=test2, 
uid=20003, gid=100, home=/home/test2, shell=/bin/bash, by=0
But the user is not added.

From zimbra tutorial on Ubuntu, they use this command:
add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
add machine script 
= /usr/sbin/adduser --shell /bin/false --disabled-password --quiet "machine 
account" --force-badname %u
But, looks like it's not compatible with Opensuse, eventhough I changed 
adduser to useradd.

Any hints are appreciated.
Thanks.
-- 
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial 
http://linux2.arinet.org
4:29pm up 1:34, 2.6.18.2-34-default GNU/Linux 
Let's use OpenOffice. http://www.openoffice.org


pgpvyNmqnb9oK.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP and Kerberos configuration

[Nick Bartos]

Good luck, I've been looking for the same thing for some time now.


>
> Hello,
>
> I am looking for configuration of SAMBA  3.0.25a with LDAP registry and
> Authentication with Kerberos.
> Any help is appreciated.
>
> Iliya
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ADS Join on Windows 2008 domain not working in 3.0.25b?

[Todd Stecher]

On Jul 3, 2007, at 3:04 PM, Eddie Tse wrote:

Using samba 3.0.25b, testing to join to a Windows 2008 domain using  
ADS security with kerberos and it doesn't seem to work.  Anybody  
else tried this combination?


Ironic - this is the issue I was just describing in the mail " SPNEGO  
in Samba" .  I'm working on getting this fixed.  Stay tuned.



Todd Stecher | Windows Interop Dev
Isilon SystemsP +1-206-315-7500 F  +1-206-315-7501
www.isilon.comD +1-206-315-7638M +1-425-205-1180



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Purpose of Browse Lists if you have WINS

[Adam Tauno Williams]

>   What are the point of Browse Lists if you have a WINS server?  Unless
> I'm mistaken, Browse Lists and WINS servers both serve the same purpose:
> to resolve NetBIOS names to IP addresses.  So in a Windows Domain, if I
> have a WINS server, why do I even bother messing with Browse Lists?
>   I'm kind of new to Windows Domains and I'm also new to Samba (in any
> capacity more complicated than simple SMB file sharing) so I'm trying to
> understand some of these basic concepts and would really appreciate any
> help.

This seems like more of a general Windows network administration
question;  with little specificly to do with Samba.  You'll probably get
a better response in a Windows networking forum.

TIP:  If you want to avoid using browsing, etc... you can set the
NetBIOS note type of your workstations either in the registry or via
DHCP.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Adopts GPLv3 for Future Releases

[Jeremy Allison]

Samba adopts GPLv3 for future releases.
---

After internal consideration in the Samba Team we have decided to adopt the
GPLv3 and LGPLv3 licences for all future releases of Samba.

The GPLv3 is the updated version of the GPLv2 license under which Samba is
currently  distributed. It has been updated to improve compatibility with other
licenses and to make it easier to adopt internationally, and is an improved
version of the license to better suit the needs of Free Software in the 21st
Century.

To allow people to distinguish which Samba version is released with the new
GPLv3 license, we are updating our next version release number. The next planned
version release was to be 3.0.26, this will now be renumbered so the GPLv3
version release will be 3.2.0.

To be clear, all versions of Samba numbered 3.2 and later will be under the
GPLv3, all versions of Samba numbered 3.0.x and before remain under the GPLv2.

The Samba Team would like to thank Richard Stallman, Eben Moglen and the Free
Software Foundation for updating the GPL license, and also all the individuals
and corporations involved in helping to create the GPLv3. We feel this is an
important change to help promote the interests of Samba and other Free Software.

The Samba Team.

http://samba.org
http://www.gnu.org/licenses/gpl.html
http://news.samba.org/announcements/samba_gplv3

FAQ:

What about code submissions ? Does anything change ?


New code contributions will be accepted in exactly the same way as before. As
Samba has always accepted code with the "or (at your option) any later version"
of the GPL, contributors do not need to change anything about their submissions.

I need to ship 3.0.x for several years as part of a
service contract. What about old versions ?
---

As with previous major version changes, the Team will continue to provide
security fixes for 3.0.25b releases for as long as this code base is widely
used. All new features will only be developed for the new 3.2.x or later GPLv3
versions however.

Help ! I've read scary things about the anti-DRM,
language in GPLv3 ? What does this mean for my Samba-based
products ?
--

We're not aware of any vendor distributing Samba in such a way that would cause
them to fall foul of the new DRM language in the GPLv3, but as always, consult
legal advice if you have doubts.

I am the author of a GPLv2 licensed program, can I still use the samba
libraries?
-

The Samba Team releases libraries under two licenses: the GPLv3 and the LGPLv3.
If your code is released under a "GPLv2 or later" license, it is compatible with
both the GPLv3 and the LGPLv3 licensed Samba code.

If your code is released under a "GPLv2 only" license, it is not compatible with
the Samba libraries released under the GPLv3 or LGPLv3 as the wording of the
"GPLv2 only" license prevents mixing with other licenses. If you wish to use
libraries released under the LGPLv3 with your "GPLv2 only" code then you will
need to modify the license on your code.

What about patent covenant agreements ? How do they
affect the distribution of Samba ?
---

Patent covenant deals done after 28 March 2007 are explicitly incompatible with
the license if they are "discriminatory" under section 11 of the GPLv3. Samba
distributors who have made such patent covenant agreements after that date will
not have the right to distribute any version of Samba covered by the GPLv3
(Samba 3.2 or later). The rights of vendors to ship 3.0.25b and previous
versions is unchanged and remains as it was under the GPLv2. Consult legal
advice if you are in doubt.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] valid/invalid users problem

[Alexis ROBERT]

Hi,

I'm currently deploying Samba in a small company which products
cosmetics. This Samba server just act as a fileserver (so, it's not a
PDC, but it uses LDAP for an easier configuration for the CEO,
phpldapadmin rocks :) ).

I have a little problem : I want to restrict some user to use  njj
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Purpose of Browse Lists if you have WINS

[Server Gremlin]

Hello,

What are the point of Browse Lists if you have a WINS server?  Unless
I'm mistaken, Browse Lists and WINS servers both serve the same purpose:
to resolve NetBIOS names to IP addresses.  So in a Windows Domain, if I
have a WINS server, why do I even bother messing with Browse Lists?

I'm kind of new to Windows Domains and I'm also new to Samba (in any
capacity more complicated than simple SMB file sharing) so I'm trying to
understand some of these basic concepts and would really appreciate any
help.

Thanks!
- SG

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] backup samba domain accounts

[Gareth Cummings]

You need to back up /var/lib/samba as well.

Martin Miethe wrote:

Hi Newsgroup,

I use SAMBA as PDC with MS Terminal Server 2K3.
I dont use LDAP.

For backing up the domain accounts, I secure /etc/samba on daily base.

Yesterday I made a test: I set up a new machine with Samba and copied 
my backup /etc/samba (1 day old) to the new machine - Samba started 
just fine.


But now, most of the users could not login to the Terminal Server (but 
some were able to)! The users do not change their password. So it seems

Samba and Windows are out of sync (on base of some ID?).

I have noticed that Windows now lists some cryptic IDs 
("S1-1-5-21-12423535") instead of the usernames in the User 
Managment.


When I re-add the domain account to my Windows Server, Windows creates 
me an empty profile. This is really bad and means I would need to copy 
all the profiles to the new Folder!


How can I simply backup my Domain accounts? I don't really want to set 
up a BDC and LDAP. I would like to have everything out of the office.


If this doesn't work, does anyone know how I can point the profiles
in Windows to the new location, without copying them?

Just want to be prepared if I would need it one day.

Please help...Thanks a lot in advance.

best regards



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

R: [Samba] problem with directory permission and access from windows

[Gianluca Culot]

 

> -Messaggio originale-
> Da: Dale Schroeder [mailto:[EMAIL PROTECTED] 
> Inviato: venerdì 6 luglio 2007 18.56
> A: Gianluca Culot; samba@lists.samba.org
> Oggetto: Re: [Samba] problem with directory permission and 
> access from windows
> 
> Gianluca,
> 
> What happens if you use
> valid users = DMSWARE\%S
> 
> In my setup I have set posix directory permissions to 740, 
> owned by DOMAIN\:DOMAIN\"Domain Users", and set 
> valid users as shown above.
> 
> Dale
> 
> Gianluca Culot wrote:
> > Hello list
> >  
> > I've a problem giving exclusive access to home directory to 
> the user 
> > owning it via Samba 3.0.24
> >  
> > I've setup access and user authentication and setup the share as 
> > follow
> >  
> > [Home]
> > path = /home
> > #valid users = %S
> > valid users = "@DMSWARE\domain users"
> >
> > Each home directory is owned by the AD user
> >
> > Drwx--   4 gianlucaculot domain users   512 Jul  5 15:47
> > gianlucaculot
> >
> > If I set "valid users= "@DMSWARE\domain users"
> > I can get read only access to Home Directory, BUT NOT to the user 
> > directory, Not even my own directory
> >
> > If I set " valid users = %S " I cannot get access to the Home Share.
> >
> > The ONLY way to read (and write) the home directory is to set 
> > Drwxr-xr-x   4 gianlucaculot domain users   512 Jul  5 15:47
> > gianlucaculot
> > valid users = "@DMSWARE\domain users"
> >
> > But this is quite odd.
> >
> > Please can any bodyu give me a hint 
> > I'd like to give Exclusive access to eah owner to the Home Directory
> >  
> >
> > --
> > Gianluca Culot
> > DMS Multimedia
> > Via delle Arti e dei Mestieri, 6
> > 20050 Sulbiate (Mi) - Italy
> > Tel: +39 039 5968925
> > Fax: +39 039 3309813
> > 
> > www.dmsware.com 
> >
>

If I set 
valid users = DMSWARE\%S

I cannot get access at all to the share
According to the samba manual %S is the System Machine Account
I tried with %U, User Account (as the users are authenticated on the AD
domain... But nothing changed


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba