Re: [Samba] Domain groups with spaces in their names
Gerald (Jerry) Carter wrote: I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? valid users = "@spaced users" Should be valid users = +"DOMAIN\spaced users" The key is that domain users and groups have to be fully qualified. I've tested with every variation of syntax ie. &, + and @, DOMAIN\, domain\, Domain\, etc. Things work consistently when I change the the group name to "group_name" or "DOMAIN\group_name". But, when I use either with a space in the name I get authentication errors (smbd only). The log files list the correct fully qualified domain group name and the user name, but then say that the member does not belong to that group. The reason I've posted here is that winbindd (using PAM and Apache) seems to be fine with the spaces in the name. I'm using realm = fqdn.domainname.com workgroup = DOMAINNAME winbind use default domain = yes If you need more detailed logs, please let me know. BTW this is with a Windows 2003 Active Directory domain controller. Cheers, Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 28 Oct 2005, Jeremy wrote: > > I have a Samba file server which I have successfully joined to a domian > > controlled by a Windows 2003 domian controller. I cannot get the server to > > allow access to users who are members of a group with spaces in its name. > > > > I have the same problem with Samba version 3.20b. What is interesting is > that groups with spaces in the name work through Winbind (ie. apache > with mod_auth_pam), but don't work from within Samba (ie. the smb.conf > file). Is this currently being resolved, and/or is there a work around? > > valid users = "@spaced users" Should be valid users = +"DOMAIN\spaced users" The key is that domain users and groups have to be fully qualified. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDYhWJIR7qMdg1EfYRAnPAAKCFQgNLg/i2JGl2gwiWk7Rj9x0dOACfUXNR YHq072tpiECeZ8+PBSk3yTo= =Mc9t -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
yaya wrote: I believe it should be @"spaced groups" how we type it, not "@spaced groups". eg: valid users = @"spaced groups" But I don't know if @spaced\ groups will work. Both work fine, testparm changes displays either way as @"name". The spaced names don't work either way, but it seems more of an issue with smbd, rather than everything to do with groups. ie. Winbind seems to be ok. Cheers, Jeremy yaya - Original Message - From: "Jeremy" <[EMAIL PROTECTED]> To: Sent: Friday, October 28, 2005 9:37 AM Subject: Re: [Samba] Domain groups with spaces in their names John Ennew wrote: Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. > I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? Cheers, Jeremy The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = "@spaced users" path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: "@spaced users" should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the "spaced users" group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
John Ennew wrote: Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? Cheers, Jeremy The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = "@spaced users" path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: "@spaced users" should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the "spaced users" group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
I believe it should be @"spaced groups" how we type it, not "@spaced groups". eg: valid users = @"spaced groups" But I don't know if @spaced\ groups will work. yaya - Original Message - From: "Jeremy" <[EMAIL PROTECTED]> To: Sent: Friday, October 28, 2005 9:37 AM Subject: Re: [Samba] Domain groups with spaces in their names John Ennew wrote: Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. > I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? Cheers, Jeremy The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = "@spaced users" path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: "@spaced users" should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the "spaced users" group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
John Ennew wrote: Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. > I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? Cheers, Jeremy The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = "@spaced users" path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: "@spaced users" should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the "spaced users" group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain groups with spaces in their names
Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = "@spaced users" path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: "@spaced users" should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the "spaced users" group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John [global] # Optimum Samba Performance settings socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # NT workgroup settings workgroup = RMLINUX server string = Samba Server # WINS network browsing settings # All functions disabled apart from using a WINS server for lookups local master = no domain master = no preferred master = no wins support = no wins server = 42.42.0.1 dns proxy = no # Active Directory Member realm = RMLINUX.LOCAL security = ADS # Server to use if no domain controller is registered in DNS password server = zeus.rmlinux.local # Enable Winbind for AD and local account synchronisation # winbind separator = + winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes # Defaultas for local accounts created by Winbind template homedir = /home/%U template shell = /bin/nologin # Loggin settings log file = /var/log/samba/%m.log max log size = 5000 # Printer sharing printcap name = /etc/printcap load printers = no # Security settings invalid users = root bin daemon adm sync shutdown halt mail news uucp operator # Add shares here [homes] comment = %U's home area volume = Home Area path = /home/users/%U browsable = no writable = yes [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = "@spaced users" path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba