The Samba-Bugzilla – Bug 5964
Windows2003R2-sp2 OU must have "authenticated users" read access for winbindd see users in it.
Last modified: 2009-05-13 03:57:31 UTC
When "authticated users" are denied read access on (or removed entirely from) a windows 20003R2-sp2 active directory OU, users in that OU are no longer accessible to winbind,
: getent passwd -u <username i said OU> does no longer work
: chown <username i said OU> does no longer work
: users in said OU can no longer access domain-member-samba-servers' shares from their windowsXP/2003R2 workstaitions (they have no problem loggging on to the domain with thier workstaitions and access shares on windows file servers).
Windows XP/2003R2 -clients and -fileservers are fully able to access user in that OU, even with "authenticated users" removed.
Is this a bug in SAMBA, since it works from windows? Or is it a bug in windows or something else?
We are not able to reproduce the problem in a windows2003 (not R2) sp1 domain, but we dont know if this has to do with sp1/sp2 or windows2003/windows2003R2 (or maby something else -- the windows2003 domain are in forrest mixed mode, while windows2003R2 are in forrest native mode).
Our linux servers are all joined to the domain with "net ads join" (kerberos/ads)