https://community.hpe.com/t5/operating-system-hp-ux/smbclient-access-using-windows-2003-ad-authentication/m-p/3851210#M545663 Hi All<BR />I'm having a lot of problems restricting access to a samba share using Windows 2003 AD groups<BR /><BR />I'm testing on the Samba server using smbclient. I've successfully joined the domain but can't get 'valid users' to work using AD groups. Any help or pointers appreciated.<BR /><BR />root@adl0691 &gt; ./smbd -V<BR />Version 3.0.14a based HP CIFS Server A.02.02<BR /><BR />root@adl0691 &gt; uname -a<BR />HP-UX adl0691 B.11.11 U 9000/800 733977695 unlimited-user license<BR /><BR />root@adl0691 &gt; swlist -l product|fgrep -i krb<BR /> KRB-Support B.11.11 Kerberos Support for HP-UX and DCE<BR /> KRB5-Client B.11.11 Kerberos V5 Client Version 1.0<BR /> KRBS-Support B.11.11.13 Kerberos Support v1.11<BR /> PHSS_33384 1.0 KRB5-Client Version 1.0 cumulative patch<BR /> krb5client C.1.3.5.03 Kerberos V5 Client Version 1.3.5.03<BR /><BR />root@adl0691 &gt; tail /etc/opt/samba/smb.conf<BR /> read only = no<BR /> force create mode = 777<BR /> valid users = +rostimpo<BR /> oplocks = no<BR /> strict locking = yes<BR />[smbtest]<BR /> comment = "SAMBA test share on adl0691 using HAD authentication"<BR /> path = /home/xzpkv0<BR /> read only = yes<BR /> validusers = @"HAD\cad-corp"<BR /><BR />root@adl0691 &gt; klist -e -f<BR />Ticket cache: FILE:/tmp/krb5cc_0<BR />Default principal: xzpkv0@HAD.SA.GOV.AU<BR /><BR />Valid starting Expires Service principal<BR />08/28/06 13:18:25 08/28/06 23:18:25 krbtgt/HAD.SA.GOV.AU@HAD.SA.GOV.AU<BR /> Flags: IA, Etype (skey, tkt): DES cbc mode with RSA-MD5, ArcFour with HMAC/md5<BR />08/28/06 13:18:39 08/28/06 23:18:25 adl0691$@HAD.SA.GOV.AU<BR /> Flags: A, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode with RSA-MD5<BR /><BR />root@adl0691 &gt; ./smbclient -k //adl0691/smbtest<BR />tree connect failed: NT_STATUS_ACCESS_DENIED Mon, 28 Aug 2006 00:02:10 GMT Roy McDougall 2006-08-28T00:02:10Z https://community.hpe.com/t5/operating-system-hp-ux/smbclient-access-using-windows-2003-ad-authentication/m-p/3851210#M545663 Hi All<BR />I'm having a lot of problems restricting access to a samba share using Windows 2003 AD groups<BR /><BR />I'm testing on the Samba server using smbclient. I've successfully joined the domain but can't get 'valid users' to work using AD groups. Any help or pointers appreciated.<BR /><BR />root@adl0691 &gt; ./smbd -V<BR />Version 3.0.14a based HP CIFS Server A.02.02<BR /><BR />root@adl0691 &gt; uname -a<BR />HP-UX adl0691 B.11.11 U 9000/800 733977695 unlimited-user license<BR /><BR />root@adl0691 &gt; swlist -l product|fgrep -i krb<BR /> KRB-Support B.11.11 Kerberos Support for HP-UX and DCE<BR /> KRB5-Client B.11.11 Kerberos V5 Client Version 1.0<BR /> KRBS-Support B.11.11.13 Kerberos Support v1.11<BR /> PHSS_33384 1.0 KRB5-Client Version 1.0 cumulative patch<BR /> krb5client C.1.3.5.03 Kerberos V5 Client Version 1.3.5.03<BR /><BR />root@adl0691 &gt; tail /etc/opt/samba/smb.conf<BR /> read only = no<BR /> force create mode = 777<BR /> valid users = +rostimpo<BR /> oplocks = no<BR /> strict locking = yes<BR />[smbtest]<BR /> comment = "SAMBA test share on adl0691 using HAD authentication"<BR /> path = /home/xzpkv0<BR /> read only = yes<BR /> validusers = @"HAD\cad-corp"<BR /><BR />root@adl0691 &gt; klist -e -f<BR />Ticket cache: FILE:/tmp/krb5cc_0<BR />Default principal: xzpkv0@HAD.SA.GOV.AU<BR /><BR />Valid starting Expires Service principal<BR />08/28/06 13:18:25 08/28/06 23:18:25 krbtgt/HAD.SA.GOV.AU@HAD.SA.GOV.AU<BR /> Flags: IA, Etype (skey, tkt): DES cbc mode with RSA-MD5, ArcFour with HMAC/md5<BR />08/28/06 13:18:39 08/28/06 23:18:25 adl0691$@HAD.SA.GOV.AU<BR /> Flags: A, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode with RSA-MD5<BR /><BR />root@adl0691 &gt; ./smbclient -k //adl0691/smbtest<BR />tree connect failed: NT_STATUS_ACCESS_DENIED Mon, 28 Aug 2006 00:02:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/smbclient-access-using-windows-2003-ad-authentication/m-p/3851210#M545663 Roy McDougall 2006-08-28T00:02:10Z