Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but promptsfor login

Mike Galvez wrote:
> Hi,
>
> I am trying to connect a FreeBSD server running 7.0 Release and Samba 3.0.28a to a
> Windows 2003 AD Domain Controller. Has anyone had success with this combo? I have joined
> the domain and I can enumerate users, groups, etc..
>

Are you referring to Vista as the client? If so, upgrade to 3.0.30 as
Vista SP1 brought in a bunch of changes that broke Samba (and probably a
bunch of other things too... ;-)

Secondly, I see you have a "valid users" variable under "[homes]", do
you explicitly need it? Try removing it and see if the problem disappears.



--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

In addition to what Jason writes:
It is good practice to start with a share like "shared" in "/export/shared" and not with the /homes folder, as the home-shares pose additional problems (like access rights). If the user accounts are already created as Unix local acounts, the domain users might not be able to access them.
Make the /export/shared folder 777 and if this works continue towards the home shares.
Important: Jason already indicated, that the valid users should be empty, when this works, make valid users something like "MYDOMAIN\%S" and see if you can make progress.

Have fun with Samba,

Jens

-------- Original-Nachricht --------
> Datum: Tue, 01 Jul 2008 12:04:41 +1200
> Von: Jason Haar <Jason.Haar@trimble.co.nz>
> An: Samba Questions <samba@lists.samba.org>
> Betreff: Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login

> Mike Galvez wrote:
> > Hi,
> >
> > I am trying to connect a FreeBSD server running 7.0 Release and Samba
> 3.0.28a to a
> > Windows 2003 AD Domain Controller. Has anyone had success with this
> combo? I have joined
> > the domain and I can enumerate users, groups, etc..
> >
>
> Are you referring to Vista as the client? If so, upgrade to 3.0.30 as
> Vista SP1 brought in a bunch of changes that broke Samba (and probably a
> bunch of other things too... ;-)
>
> Secondly, I see you have a "valid users" variable under "[homes]", do
> you explicitly need it? Try removing it and see if the problem disappears.
>
>
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba

--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Jens,

Many thanks to you and Jason Haar. The home folder + my own built-in account was
causing confusion. I created a new share as you suggested and set the acls on it
with setfacl -m g:"MYDOMAIN\group":rwx share, and changed valid users to
valid users = +"MYDOMAIN\domain users".

After restarting the samba daemons, I can now log into the shares with
authentication handled by the Win2k3 PDC.

The client machine I'm using for testing is a MacBook running a VMware instance
of XP SP2.

Thanks again,

-Mike

On Tue, Jul 01, 2008 at 09:42:05AM +0200, Jens Nissen wrote:
> In addition to what Jason writes:
> It is good practice to start with a share like "shared" in "/export/shared" and not with the /homes folder, as the home-shares pose additional problems (like access rights). If the user accounts are already created as Unix local acounts, the domain users might not be able to access them.
> Make the /export/shared folder 777 and if this works continue towards the home shares.
> Important: Jason already indicated, that the valid users should be empty, when this works, make valid users something like "MYDOMAIN\%S" and see if you can make progress.
>
> Have fun with Samba,
>
> Jens
>
> -------- Original-Nachricht --------
> > Datum: Tue, 01 Jul 2008 12:04:41 +1200
> > Von: Jason Haar <Jason.Haar@trimble.co.nz>
> > An: Samba Questions <samba@lists.samba.org>
> > Betreff: Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login
>
> > Mike Galvez wrote:
> > > Hi,
> > >
> > > I am trying to connect a FreeBSD server running 7.0 Release and Samba
> > 3.0.28a to a
> > > Windows 2003 AD Domain Controller. Has anyone had success with this
> > combo? I have joined
> > > the domain and I can enumerate users, groups, etc..
> > >
> >
> > Are you referring to Vista as the client? If so, upgrade to 3.0.30 as
> > Vista SP1 brought in a bunch of changes that broke Samba (and probably a
> > bunch of other things too... ;-)
> >
> > Secondly, I see you have a "valid users" variable under "[homes]", do
> > you explicitly need it? Try removing it and see if the problem disappears.
> >
> >
> >
> > --
> > Cheers
> >
> > Jason Haar
> > Information Security Manager, Trimble Navigation Ltd.
> > Phone: +64 3 9635 377 Fax: +64 3 9635 417
> > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
>
> --
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba

--
Mike Galvez

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba