[Samba] Domain groups problem Samba 3.0.23d
Hi list, Im using Samba 3.0.23d on a Debian Etch box. Its configured as a ADS member. wbinfo -u returns correct domain users wbinfo -g returns correct domain groups getent passwd returns all users. I.e #KIC\kicass:*:10049:10002:kic ass:/home/KIC/kicass:/bin/false getent group returns correctly. .I.e KIC\xcello:x:10016:KIC\mats Executing chown KIC\\kicass test.txt works. Executing chgrp KIC\\xcello test.txt returns chgrp: invalid group name `KIC\\xcello' Does anyone have any idea why users works but not groups? Here is the smb.conf snippet. [global] netbiosname = SAMBA_SRV winsserver= 192.168.1.11 idmapuid = 1-2 idmapgid = 1-2 workgroup = KIC encryptpasswords = yes security = ADS realm = KIC.SE winbind enum users = yes winbind enum groups = yes Regards, henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
SOLVED Re: [Samba] Domain groups problem Samba 3.0.23d
I tried winbind use default domain = yes restarted winbindd and it worked. I then switched it back and now it works with default domain = no. 19 jan 2007 kl. 11:56 skrev Henrik Zagerholm: Hi list, Im using Samba 3.0.23d on a Debian Etch box. Its configured as a ADS member. wbinfo -u returns correct domain users wbinfo -g returns correct domain groups getent passwd returns all users. I.e #KIC\kicass:*:10049:10002:kic ass:/home/KIC/kicass:/bin/false getent group returns correctly. .I.e KIC\xcello:x:10016:KIC\mats Executing chown KIC\\kicass test.txt works. Executing chgrp KIC\\xcello test.txt returns chgrp: invalid group name `KIC\\xcello' Does anyone have any idea why users works but not groups? Here is the smb.conf snippet. [global] netbiosname = SAMBA_SRV winsserver= 192.168.1.11 idmapuid = 1-2 idmapgid = 1-2 workgroup = KIC encryptpasswords = yes security = ADS realm = KIC.SE winbind enum users = yes winbind enum groups = yes Regards, henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Groups missing
Achim Gottinger schrieb: Hi, I have a strange problem with my samba domain servers, they do no longer show the domain or local groups. I run three debian sarge machines as samba domain controllers (samba version is 3.0.23c) with an ldap backend in master/slave configuration. getent group shows all the groups, net groupmap list shows all the groups but net rpc info outputs: Domain Name: GOTTINGER Domain SID: S-1-5-21-1446910239-1605792192-310601177 Sequence number: 1160906670 Num users: 63 Num domain groups: 0 Num local groups: 0 On a w23k server acting as a fileserver the security settings for folders still show the assigned domain groups and they are still working. But i can not add new domain groups. Additionaly NT4 server management for users does no longer show the groups. I can add a new group and get an access denied warning but the group shows up in getent group afterwards. I'm not sure if this behavior is related to the update to 3.0.23c, i think i added a new folder and modified access rights on the w2k server after the update. Any clues what can cause this behavior? Thx achim~ I copied the samba and ldap configuration and database stuff to another machine, same result, no domain groups showing up in net rpc group. in net groupmap list i get two lines with multiple group names in the first row: DomDomDG Prothetik (S-1-5-21-1446910239-1605792192-310601177-5069) - DG Prothetik Removing an groupmap entry removes the whole dn entry from the ldap database. Is this due to the config line ldap delete dn = yes ? I tried to remove all the groups in the groupmap line showing in one line, but i can still not get a list of domain groups. achim~ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Groups missing
Achim Gottinger schrieb: Hi, I have a strange problem with my samba domain servers, they do no longer show the domain or local groups. I run three debian sarge machines as samba domain controllers (samba version is 3.0.23c) with an ldap backend in master/slave configuration. getent group shows all the groups, net groupmap list shows all the groups but net rpc info outputs: Domain Name: GOTTINGER Domain SID: S-1-5-21-1446910239-1605792192-310601177 Sequence number: 1160906670 Num users: 63 Num domain groups: 0 Num local groups: 0 On a w23k server acting as a fileserver the security settings for folders still show the assigned domain groups and they are still working. But i can not add new domain groups. Additionaly NT4 server management for users does no longer show the groups. I can add a new group and get an access denied warning but the group shows up in getent group afterwards. I'm not sure if this behavior is related to the update to 3.0.23c, i think i added a new folder and modified access rights on the w2k server after the update. Any clues what can cause this behavior? Thx achim~ Hmm fixed it had to use the latest samba.schema coming with 3.0.23c now the groups are working. thx achim~ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Groups missing
Hi, I have a strange problem with my samba domain servers, they do no longer show the domain or local groups. I run three debian sarge machines as samba domain controllers (samba version is 3.0.23c) with an ldap backend in master/slave configuration. getent group shows all the groups, net groupmap list shows all the groups but net rpc info outputs: Domain Name: GOTTINGER Domain SID: S-1-5-21-1446910239-1605792192-310601177 Sequence number: 1160906670 Num users: 63 Num domain groups: 0 Num local groups: 0 On a w23k server acting as a fileserver the security settings for folders still show the assigned domain groups and they are still working. But i can not add new domain groups. Additionaly NT4 server management for users does no longer show the groups. I can add a new group and get an access denied warning but the group shows up in getent group afterwards. I'm not sure if this behavior is related to the update to 3.0.23c, i think i added a new folder and modified access rights on the w2k server after the update. Any clues what can cause this behavior? Thx achim~ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba domain groups
When I do a net groupmap list I get Domain Admins (S-1-5-21-1760016482-394088656-2614712563-512) - root Domain Admins (S-1-5-21-1941513877-1053742263-1100610399-512) - -1 Domain Admins (S-1-5-21-57081839-3644741509-3819056003-512) - -1 Domain Guests (S-1-5-21-1760016482-394088656-2614712563-514) - nogroup Domain Guests (S-1-5-21-1941513877-1053742263-1100610399-514) - -1 Domain Guests (S-1-5-21-57081839-3644741509-3819056003-514) - -1 Domain Users (S-1-5-21-1760016482-394088656-2614712563-513) - users Domain Users (S-1-5-21-1941513877-1053742263-1100610399-513) - -1 Domain Users (S-1-5-21-57081839-3644741509-3819056003-513) - -1 Why is there 3 groups of every kind? I have not done anything to get them. Can I delete the groups that is not mapped to unixgroups with Webmin? Or shall I let them exist and not bother about them? Bjørn Fahnøe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba domain groups
On Thu, 2006-02-23 at 15:04 +0100, Bjørn Fahnøe wrote: When I do a net groupmap list I get Domain Admins (S-1-5-21-1760016482-394088656-2614712563-512) - root Domain Admins (S-1-5-21-1941513877-1053742263-1100610399-512) - -1 Domain Admins (S-1-5-21-57081839-3644741509-3819056003-512) - -1 Domain Guests (S-1-5-21-1760016482-394088656-2614712563-514) - nogroup Domain Guests (S-1-5-21-1941513877-1053742263-1100610399-514) - -1 Domain Guests (S-1-5-21-57081839-3644741509-3819056003-514) - -1 Domain Users (S-1-5-21-1760016482-394088656-2614712563-513) - users Domain Users (S-1-5-21-1941513877-1053742263-1100610399-513) - -1 Domain Users (S-1-5-21-57081839-3644741509-3819056003-513) - -1 Why is there 3 groups of every kind? I have not done anything to get them. Can I delete the groups that is not mapped to unixgroups with Webmin? Or shall I let them exist and not bother about them? Assuming that this is your PDC system, and this is a new install net getlocalsid would give you the SID for your domain and the only ones of interest are the ones that match the SID obtained from 'net getlocalsid' Notice the symmetry here... [EMAIL PROTECTED] /]# net getlocalsid SID for domain SRV1 is: S-1-5-21-0123456789-0123456789-0123456789 [EMAIL PROTECTED] /]# pdbedit -Lv |grep SID User SID: S-1-5-21-0123456789-0123456789-0123456789-2006 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-553 User SID: S-1-5-21-0123456789-0123456789-0123456789-2016 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-2008 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-1000 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-1001 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-2014 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-2018 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-2020 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 [EMAIL PROTECTED] /]# net groupmap list Domain Computers (S-1-5-21-0123456789-0123456789-0123456789-553) - Domain Computers Domain Admins (S-1-5-21-0123456789-0123456789-0123456789-512) - root Domain Users (S-1-5-21-0123456789-0123456789-0123456789-513) - dom_users Domain Guests (S-1-5-21-0123456789-0123456789-0123456789-514) - Domain Guests Administrators (S-1-5-21-0123456789-0123456789-0123456789-544) - Administrators Guests (S-1-5-21-0123456789-0123456789-0123456789-546) - Guests Power Users (S-1-5-21-0123456789-0123456789-0123456789-547) - Power Users Account Operators (S-1-5-21-0123456789-0123456789-0123456789-548) - Account Operators Server Operators (S-1-5-21-0123456789-0123456789-0123456789-549) - Server Operators Print Operators (S-1-5-21-0123456789-0123456789-0123456789-550) - Print Operators Backup Operators (S-1-5-21-0123456789-0123456789-0123456789-551) - Backup Operators Replicator (S-1-5-21-0123456789-0123456789-0123456789-552) - Replicator Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Samba domain groups
net groupmap list Assuming that this is your PDC system, and this is a new install net getlocalsid would give you the SID for your domain and the only ones of interest are the ones that match the SID obtained from 'net getlocalsid' Notice the symmetry here... [EMAIL PROTECTED] /]# net getlocalsid SID for domain SRV1 is: S-1-5-21-0123456789-0123456789-0123456789 [EMAIL PROTECTED] /]# pdbedit -Lv |grep SID User SID: S-1-5-21-0123456789-0123456789-0123456789-2006 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-553 User SID: S-1-5-21-0123456789-0123456789-0123456789-2016 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-2008 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-1000 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-1001 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-2014 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-2018 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 User SID: S-1-5-21-0123456789-0123456789-0123456789-2020 Primary Group SID:S-1-5-21-0123456789-0123456789-0123456789-513 [EMAIL PROTECTED] /]# net groupmap list Domain Computers (S-1-5-21-0123456789-0123456789-0123456789-553) - Domain Computers Domain Admins (S-1-5-21-0123456789-0123456789-0123456789-512) - root Domain Users (S-1-5-21-0123456789-0123456789-0123456789-513) - dom_users Domain Guests (S-1-5-21-0123456789-0123456789-0123456789-514) - Domain Guests Administrators (S-1-5-21-0123456789-0123456789-0123456789-544) - Administrators Guests (S-1-5-21-0123456789-0123456789-0123456789-546) - Guests Power Users (S-1-5-21-0123456789-0123456789-0123456789-547) - Power Users Account Operators (S-1-5-21-0123456789-0123456789-0123456789-548) - Account Operators Server Operators (S-1-5-21-0123456789-0123456789-0123456789-549) - Server Operators Print Operators (S-1-5-21-0123456789-0123456789-0123456789-550) - Print Operators Backup Operators (S-1-5-21-0123456789-0123456789-0123456789-551) - Backup Operators Replicator (S-1-5-21-0123456789-0123456789-0123456789-552) - Replicator Thank you for your answer. And yes it's a new test installation, before I make a final one for pdbedit -Lv |grep SID I get: User SID: S-1-5-21-57081839-3644741509-3819056003-2000 Primary Group SID:S-1-5-21-57081839-3644741509-3819056003-2003 User SID: S-1-5-21-57081839-3644741509-3819056003-1000 Primary Group SID:S-1-5-21-1760016482-394088656-2614712563-512 and for net groupmap list I get: Account Operators (S-1-5-32-548) - -1 Administrators (S-1-5-32-544) - -1 Backup Operators (S-1-5-32-551) - -1 bf (S-1-5-21-57081839-3644741509-3819056003-2003) - bf Domain Admins (S-1-5-21-1760016482-394088656-2614712563-512) - root Domain Admins (S-1-5-21-1941513877-1053742263-1100610399-512) - -1 Domain Admins (S-1-5-21-57081839-3644741509-3819056003-512) - -1 Domain Guests (S-1-5-21-1760016482-394088656-2614712563-514) - nogroup Domain Guests (S-1-5-21-1941513877-1053742263-1100610399-514) - -1 Domain Guests (S-1-5-21-57081839-3644741509-3819056003-514) - -1 Domain Users (S-1-5-21-1760016482-394088656-2614712563-513) - users Domain Users (S-1-5-21-1941513877-1053742263-1100610399-513) - -1 Domain Users (S-1-5-21-57081839-3644741509-3819056003-513) - -1 elever (S-1-5-21-1760016482-394088656-2614712563-1002) - elever Guests (S-1-5-32-546) - -1 laerere (S-1-5-21-1760016482-394088656-2614712563-1001) - laerere Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - adm Replicators (S-1-5-32-552) - -1 System Operators (S-1-5-32-549) - -1 Users (S-1-5-32-545) - -1 Is it wrong? What can I do to correct? Bjørn Fahnøe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Samba domain groups
I forgot to say i made the assoxiations with a. net groupmap modify ntgroup=Domain Admins unixgroup=root b. net groupmap modify ntgroup=Domain Users unixgroup=users Why are they made to the wrong SID? Bjørn Fahnøe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba domain groups
On Thursday 23 February 2006 10:33, Bjørn Fahnøe wrote: Is it wrong? What can I do to correct? I've used net groupmap cleanup in the past with success. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Samba domain groups
Den 23-02-2006 kl 10:53 skrev Chris: On Thursday 23 February 2006 10:33, Bjørn Fahnøe wrote: Is it wrong? What can I do to correct? I've used net groupmap cleanup in the past with success. Chris So what is the correct procedure? 1 Install the server 2 install Samba 3 do a net groupmap list 4 if there are several instances of the same groups do af net groupmap cleanup 5 hope it did the trick 6 do: net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Users unixgroup=users 7 hope it works I have installed the trial server several times bow before I will try to install to the production server It's an educational process, but I think I am usíng a lot of time getting it to work. Earlier I have only used simple servers without domainregistration of machines, logonscripts etc I am used to a Novell server so its really hard work to have the Samba server provide the same. I am helping a small primary school to set up a network, as their earlier tries have been without much succes. Bjørn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba domain groups
On Thursday 23 February 2006 11:08, Bjørn Fahnøe wrote: So what is the correct procedure? 1 Install the server 2 install Samba 3 do a net groupmap list 4 if there are several instances of the same groups do af net groupmap cleanup 5 hope it did the trick 6 do: net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Users unixgroup=users 7 hope it works Pretty much what I did to move from a Samba 2.x server to a new Samba 3.x server. If you're replacing a previous PDC, you'll want the sid to remain the same (or you'll have to rejoin the domain and suffer through all new profiles, etc. - not good); so in that case I would add step 3.5: net setlocalsid xx (after, of course, getting the proper sid from the old box). Once the you have the proper local sid set, then step 4 should do the trick (it did for me). Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba domain groups
When I do a net groupmap list I get Domain Admins (S-1-5-21-1760016482-394088656-2614712563-512) - root Domain Admins (S-1-5-21-1941513877-1053742263-1100610399-512) - -1 Domain Admins (S-1-5-21-57081839-3644741509-3819056003-512) - -1 Domain Guests (S-1-5-21-1760016482-394088656-2614712563-514) - nogroup Domain Guests (S-1-5-21-1941513877-1053742263-1100610399-514) - -1 Domain Guests (S-1-5-21-57081839-3644741509-3819056003-514) - -1 Domain Users (S-1-5-21-1760016482-394088656-2614712563-513) - users Domain Users (S-1-5-21-1941513877-1053742263-1100610399-513) - -1 Domain Users (S-1-5-21-57081839-3644741509-3819056003-513) - -1 Why is there 3 groups of every kind? I have not done anything to get them. Can I delete the groups that is not mapped to unixgroups with Webmin? Or shall I let them exist and not bother about them? Bjørn Fahnøe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba domain groups
Try: net groupmap cleanup David Shapiro Unix Team Lead 919-765-2011 Bjørn Fahnøe [EMAIL PROTECTED] 2/23/2006 7:39 AM When I do a net groupmap list I get Domain Admins (S-1-5-21-1760016482-394088656-2614712563-512) - root Domain Admins (S-1-5-21-1941513877-1053742263-1100610399-512) - -1 Domain Admins (S-1-5-21-57081839-3644741509-3819056003-512) - -1 Domain Guests (S-1-5-21-1760016482-394088656-2614712563-514) - nogroup Domain Guests (S-1-5-21-1941513877-1053742263-1100610399-514) - -1 Domain Guests (S-1-5-21-57081839-3644741509-3819056003-514) - -1 Domain Users (S-1-5-21-1760016482-394088656-2614712563-513) - users Domain Users (S-1-5-21-1941513877-1053742263-1100610399-513) - -1 Domain Users (S-1-5-21-57081839-3644741509-3819056003-513) - -1 Why is there 3 groups of every kind? I have not done anything to get them. Can I delete the groups that is not mapped to unixgroups with Webmin? Or shall I let them exist and not bother about them? Bjørn Fahnøe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
Gerald (Jerry) Carter wrote: I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? valid users = @spaced users Should be valid users = +DOMAIN\spaced users The key is that domain users and groups have to be fully qualified. I've tested with every variation of syntax ie. , + and @, DOMAIN\, domain\, Domain\, etc. Things work consistently when I change the the group name to group_name or DOMAIN\group_name. But, when I use either with a space in the name I get authentication errors (smbd only). The log files list the correct fully qualified domain group name and the user name, but then say that the member does not belong to that group. The reason I've posted here is that winbindd (using PAM and Apache) seems to be fine with the spaces in the name. I'm using realm = fqdn.domainname.com workgroup = DOMAINNAME winbind use default domain = yes If you need more detailed logs, please let me know. BTW this is with a Windows 2003 Active Directory domain controller. Cheers, Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 28 Oct 2005, Jeremy wrote: I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? valid users = @spaced users Should be valid users = +DOMAIN\spaced users The key is that domain users and groups have to be fully qualified. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDYhWJIR7qMdg1EfYRAnPAAKCFQgNLg/i2JGl2gwiWk7Rj9x0dOACfUXNR YHq072tpiECeZ8+PBSk3yTo= =Mc9t -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
John Ennew wrote: Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? Cheers, Jeremy The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = @spaced users path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: @spaced users should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the spaced users group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
I believe it should be @spaced groups how we type it, not @spaced groups. eg: valid users = @spaced groups But I don't know if @spaced\ groups will work. yaya - Original Message - From: Jeremy [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, October 28, 2005 9:37 AM Subject: Re: [Samba] Domain groups with spaces in their names John Ennew wrote: Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? Cheers, Jeremy The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = @spaced users path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: @spaced users should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the spaced users group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
John Ennew wrote: Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? Cheers, Jeremy The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = @spaced users path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: @spaced users should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the spaced users group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
yaya wrote: I believe it should be @spaced groups how we type it, not @spaced groups. eg: valid users = @spaced groups But I don't know if @spaced\ groups will work. Both work fine, testparm changes displays either way as @name. The spaced names don't work either way, but it seems more of an issue with smbd, rather than everything to do with groups. ie. Winbind seems to be ok. Cheers, Jeremy yaya - Original Message - From: Jeremy [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, October 28, 2005 9:37 AM Subject: Re: [Samba] Domain groups with spaces in their names John Ennew wrote: Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? Cheers, Jeremy The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = @spaced users path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: @spaced users should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the spaced users group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain groups with spaces in their names
Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = @spaced users path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes The following works fine: members of @teachers have access to both teachers and students shares members of @teachers can write to both teachers and students shares members of @students can only see the students shares But this does not work: @spaced users should be able to access the spaced share but cannot. On a Windows XP terminal on the network, any attempt to view the spaced shared by anyone (including members of the spaced users group) results in a login box popping up and no combination of user name or password will let you see the share. I am using Samba version 3.14 running on Fedora Core 4. I have included my full smb.conf Many thanks in advance, John [global] # Optimum Samba Performance settings socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # NT workgroup settings workgroup = RMLINUX server string = Samba Server # WINS network browsing settings # All functions disabled apart from using a WINS server for lookups local master = no domain master = no preferred master = no wins support = no wins server = 42.42.0.1 dns proxy = no # Active Directory Member realm = RMLINUX.LOCAL security = ADS # Server to use if no domain controller is registered in DNS password server = zeus.rmlinux.local # Enable Winbind for AD and local account synchronisation # winbind separator = + winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes # Defaultas for local accounts created by Winbind template homedir = /home/%U template shell = /bin/nologin # Loggin settings log file = /var/log/samba/%m.log max log size = 5000 # Printer sharing printcap name = /etc/printcap load printers = no # Security settings invalid users = root bin daemon adm sync shutdown halt mail news uucp operator # Add shares here [homes] comment = %U's home area volume = Home Area path = /home/users/%U browsable = no writable = yes [teachers] comment = teacher's shares writable = yes valid users = @teachers path = /home/groups/teachers writable = yes browsable = no create mode = 0660 directory mode = 0770 [students] comment = student's shares writable = no valid users = @teachers @students path = /home/groups/students create mode = 0660 directory mode = 0770 write list = @teachers [spaced] comment = test with spaces writable = yes valid users = @spaced users path = /home/spaced users create mode = 0660 directory mode = 0770 browsable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain groups and winbind
Well must i got the following prob, i got samba and winbind up and running.. but when i want to alter the file and directory permissions on a samba share, there are only domain users, i miss the domain groups! the server uses winbind to do that.. with wbinfo and getent the users and groups names are resolved.. so winbind must be working correct.. ?? but still no groups in my domain list at the winbind/samba server.. anny cluess ??! - Collen Blijenberg (Systeem/Netwerk Beheerder) Montessori Lyceum Herman Jordan Zeist -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain groups
I have ACL's enabled and am getting a new error, in the Samba log (V 3.0.1Pre1, when attempting to set permissions on a file through Win2000: get_domain_user_groups: primary gid of user [terry] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that Do I need to create a group on the windows(2000) side? The entries in the domaingroup.map don't do this? Please be verbose in answering. A couple of good example wouldn't hurt also. I have a domain group map: domain group map = /etc/samba/domaingroup.map Contents of this map are: domuser = Domain User domadmin = Domain Admin I have terry in /etc/group and passwd as such: /etc/passwd: terry:x:505:1::/home/terry:/bin/bash /etc/group: domuser:x:1:terry, phillipd Thanyou very much Doug P -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain groups
On Mon, 20 Oct 2003, Douglas Phillipson wrote: I have ACL's enabled and am getting a new error, in the Samba log (V 3.0.1Pre1, when attempting to set permissions on a file through Win2000: get_domain_user_groups: primary gid of user [terry] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that The primary UNIX group for each user must map to a Domain group. That's all it means. Do I need to create a group on the windows(2000) side? The entries in the domaingroup.map don't do this? Please be verbose in answering. A couple of good example wouldn't hurt also. I have a domain group map: domain group map = /etc/samba/domaingroup.map Contents of this map are: domuser = Domain User domadmin = Domain Admin This is NOT supported in Samba-3. Instead you need to use the 'net groupmap' facility to map UNIX groups to NT Groups. This is well documented in chapter 12 of the Samba-HOWTO-Collection.pdf. I presume you did read it? To map the UNIX domuser group to Domain Users: net groupmap modify ntgroup=Domain Users unixgroup=domusers I have terry in /etc/group and passwd as such: /etc/passwd: terry:x:505:1::/home/terry:/bin/bash /etc/group: domuser:x:1:terry, phillipd These entries are Ok. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain groups accessing samba share
Hey John, I've been working on this most the day. Just can't seem to nail it down! (Yes sir I did read the How To) Winbind is working fine - I can: wbinfo -g wbinfo -u getent passwd getent group Problem is when I try to use a domain group on a Samba share I get a username and password prompt; although, nothing seems to get me in! Please advise #Samba 3.0 running under Gentoo1.4 [global] workgroup = LABOR realm = LABOR.AK server string = Samba3 on ANC-Gentoo1.4 security = ADS password server = passwordserver log file = /usr/local/samba/var/log.%m max log size = 50 socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = win_server_ip idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/winnt/%D/%U template shell = /bin/bash [Linux Software] comment = Open Source Software path = /home/tim/Linux Software valid users = @LABOR\domain admins write list = @LABOR\domain admins read only = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain groups
I have Samba acting as a PDC with Win 98, Win ME, and Win 2000 clients. I have shares on one of my Win 2000 clients that I would like to be able to manage permissions with using domain groups. For instance, I have logical groups for sales, recruiting, and staff. I have these groups defined on my Samba server and they work for Samba shares. Is there a way I can make these groups show up on my Win 2000 client when it queries the domain for users and groups when I'm setting permissions? Linus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba