[CentOS] Samba AD valid users issue

Fri Jun 6 21:26:48 UTC 2008
mslist at opcenter.net <mslist at opcenter.net>

I have setup a new server centos 5.1 server as a storage 
server with over 7TB of storage. The server has been 
integrated into a large Active Directory network there are 
5 primary AD servers and a large number of local AD server 
at each location (over 20). There are also over 15 trusted 
domains hundreds of groups and thousands of users. It has 
been quite a challenge to integrate the Linux server with 
Samba into this incitement. I am now at a point where I 
can change user and group ownership of filed and folders 
at AD users and connect to the server with a windows 
client.

There are also issues with Samba not starting on bootup 
(yes the service is set to start at level 3 – system 
starts non GUI). And it seems to take quite a while for 
system to recognize domain users on startup.

The [TEST] share works with out issue.
The [TEST-ENG] share is not working no matter what I do.

The issue that I am having is that most of the groups have 
a ‘@’ at the beginning.
Ie: @DIV-Engineering
This conflicts with the Samba “valid users = “ directive 
in the smb.conf.

	 I have been able to change the group ownership to 
“@DIV-Engineering” in the file-system without any issues.


Is there any way to do this?


[global]
         workgroup = XXX
         realm = XXX
         server string = Samba Server Version %v
         security = ADS
         auth methods = guest, sam, winbind
         obey pam restrictions = Yes
         password server = nycbcc01.xxx.ad.xxx.net
#       winbind separator = \\
#       passdb backend = tdbsam
         wins server = 192.20.76.98
         ldap ssl = no
         winbind use default domain = yes
         idmap uid = 10000-100000
         idmap gid = 10000-100000
         winbind enum users = Yes
         preferred master = no
         encrypt passwords = yes
         template homedir = /home/samba/%D/%U
         cups options = raw

[homes]
         comment = Home Directories
         read only = No
         browseable = No

[printers]
         comment = All Printers
         path = /var/spool/samba
         printable = Yes
         browseable = No

[TEST]
         path = /home/samba/shares/TEST
         valid users = @"XXX\Domain Users"
         force group = "XXX\domain users"
         read only = No
         create mask = 0774
         force create mode = 0775
         directory mask = 0775
         force directory mode = 0770
         force directory security mode = 0770

[TEST-ENG]
         path = /home/samba/shares/TEST
         valid users = @"XXX\@DIV-Engineering"
         force group = "XXX\@DIV-Engineering"
         read only = No
         create mask = 0774
         force create mode = 0775
         directory mask = 0775
         force directory mode = 0770
         force directory security mode = 0770