samba 3 s ADS - write list pro uzivatele ignorovan

Pondělí Květen 9 10:40:21 CEST 2005

Ahoj,
mam problem s chovanim parametru samby v pripade *valid users* nebo 
*write list*. Pokud jsou parametry smerovany na skupinu (napr. valid 
users = @"Domain Users"), tak je vse vporadku a vse funguje tak, jak ma. 
Ale jakmile uvedu primo konkretniho uzivatele, tak to nefunguje. Dle 
uvedene konfigurace, se mi uzivatel pepa ke sdileni prihlasi, nebot je 
to domenovy ucet, ale bohuzel jiz nema pravo do sdileni zapisovat 
(samozrejme prava systemu tam jsou dostatecna). Drive mi to na sambe 2.x 
fungovalo ikdyz to jeste bylo bez ADS.

Prostredi: Fedora Core 3, Samba 3.0.10, nakonfigurovan kerberos5 na PDC, 
winbind pridan do /etc/pam.d/ login, system-auth a samba.
Buhuzel v logu samby ani na debug level 9 jsem nenasel nic zajimaveho.

Konfigurace samby (ostatni parametry jsou na default hodnotach):

   workgroup = DOMENA
   netbios name = pocitac
   server string = Linux Samba server (version %v)
   security = ads
   password server = pdc.domena.cz
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   domain master = no
   preferred master = no
   wins server = pdc.domena.cz
   wins support = no
   dns proxy = no
   realm = DOMENA.CZ
   winbind separator = /
   winbind enum users = yes
   winbind enum groups = yes
   winbind nested groups = yes
   winbind use default domain = yes
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   template homedir = /home/%D/%U
   template primary group = "Domain Users"
[sdileni]
   comment = share
   path = /home/sdileni
   public = no
   writable = no
   printable = no
   valid users = @"Domain Users"
   write list = pepa

Diky za nakopnuti ... Ales Komarek