From: Andrew Masterson on
I have installed 3.5.1-42.el5 on an RHEL 5.4 box, added it to the
domain, wbinfo -u and -g work fine. kinit works fine.

It seems to recognize and use the global "admin users" section properly.
If I add people or groups to the admin users group in the global section
everything works fine. (this is obviously not the desired setup though)

It doesn't seem to honour the "valid users" section inside the shares,
however. I can put whatever I want in there and it fails to recognize

The only error I can find is the following, however it seems unrelated
to putting people in the global admin users group or not and more to
unclean DNS. This setup is working on an RHEL 5.4 with 3.3.10

[2010/03/19 10:00:11.062710, 0]
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2010/03/19 10:00:11.062784, 0]
process_request_pdu: failed to do auth processing.
[2010/03/19 10:00:11.062826, 0]
process_request_pdu: error was NT_STATUS_ACCESS_DENIED.
[2010/03/19 10:00:13.508036, 0] lib/util_sock.c:675(write_data)
[2010/03/19 10:00:13.508104, 0]
getpeername failed. Error was Transport endpoint is not connected
write_data: write failure in writing to client Error
Connection reset by peer
[2010/03/19 10:00:13.508224, 0] smbd/process.c:79(srv_send_smb)
Error writing 4 bytes to client. -1. (Transport endpoint is not
[2010/03/19 10:00:13.528683, 0]
canonicalize_connect_path failed for service G_drive, path
[2010/03/19 10:00:13.530587, 0]
canonicalize_connect_path failed for service G_drive, path
[2010/03/19 10:00:15.753830, 0]
canonicalize_connect_path failed for service G_drive, path


Load smb config files from /etc/samba/smb.conf
Processing section "[G_drive]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Press enter to see a dump of your service definitions

workgroup = XXXX
realm = XXXX.LOCAL
server string = %h
security = ADS
password server = zeus dione
client NTLMv2 auth = Yes
log file = /var/log/samba/%m
deadtime = 15
printcap name = cups
local master = No
domain master = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /data/user_home/%D/%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind expand groups = 5
admin users = "@XXXX+domain admins", XXXX+Administrator
inherit owner = Yes
use sendfile = Yes
veto oplock files =
access based share enum = Yes

comment = G_Groups on Bubbles
path = /data/G_drive
valid users = "@XXXX+domain admins", "@XXXX+domain users",
XXXX+Administrator, @XXXX+r_g_drive
read only = No
force create mode = 0770
force directory mode = 0770
inherit permissions = Yes
inherit acls = Yes
hide unreadable = Yes
browseable = No

To unsubscribe from this list go to the following URL and read the