[Samba] winbind on Solaris 10
Berner Martin
martin.berner at braunvieh.ch
Wed Apr 25 06:43:00 GMT 2007
Hello,
I'm trying to get a Samba to work on a Sun Solaris10 SPARC. The Samba has to be a Domain member in order to use the NT-Users and Groups. So I need winbind. The preinstalled Samba, winbind is not compiled in and the precompiled Samba on sunfreeware.com is nether delivered with the libnss_winbind.so. So I compiled my own one. I tried with 3.0.20a, 3.0.22 and 3.0.24.
./configure --with-acl-support --with-winbind --prefix=/usr/local/samba-3.0.24
Any of them works fine except the important thing that non of the nested Groups are recognized for the NT-Users.
My domain was migrated from NT4 to ADS before I start trying to get a Samba to work. ADS is configured with backward compatibility to NT4.
Wbinfo and (with "winbind enum groups = yes" and "winbind enum users = yes") also getent gifs me any of the NT-Users and -Groups. But if I do an id <NT-USER> or if I do a simple id as an NT-User, I only get the UID and the GID no entry in groups.
root at mars /etc/samba # id sbzvzgdom+bm
uid=15015(SBZVZGDOM+bm) gid=15000(SBZVZGDOM+domain users)
root at mars /etc/samba # su sbzvzgdom+bm
SBZVZGDOM+bm at mars /etc/samba $ id
uid=15015(SBZVZGDOM+bm) gid=15000(SBZVZGDOM+domain users)
In order that this do not work, I don't have permission from Windows on a directory or File witch I had gif the permission for a NT-Group, witch the user are member of.
root at mars /etc/samba # getent group sbzvzgdom+abt_edv
SBZVZGDOM+abt_edv:x:15008:SBZVZGDOM+dp,SBZVZGDOM+aa,SBZVZGDOM+tv,SBZVZGDOM+hb,SBZVZGDOM+lc,SBZVZGDOM+mr,SBZVZGDOM+rr,SBZVZGDOM+alpha,SBZVZGDOM+musterx,SBZVZGDOM+bta,SBZVZGDOM+orasaturn,SBZVZGDOM+orapluto,SBZVZGDOM+rn,SBZVZGDOM+sm,SBZVZGDOM+bm,SBZVZGDOM+mn
root at mars /etc/samba # getfacl /u02/windows_home_dirs
# file: /u02/windows_home_dirs
# owner: root
# group: root
user::rwx
group::r-x #effective:r-x
group:SBZVZGDOM+abt_edv:rwx #effective:rwx
mask:rwx
other:---
default:user::rwx
default:group::r-x
default:group:SBZVZGDOM+abt_edv:rwx
default:mask:rwx
default:other:---
I know that there is a Bug report at https://bugzilla.samba.org/show_bug.cgi?id=3990 and fundamentally that describes exactly the Problem I'm fighting with. But one of the comment says that this Problem begins wit Version 3.0.23 and didn't occur with 3.0.22. In my case none of the Versions works, so maybe my Problem is an other one.
That's the output of testparm:
root at mars /etc/samba # /usr/local/samba/bin/testparm
Load smb config files from /usr/local/samba-3.0.24/lib/smb.conf
Can't find include file /etc/samba/smb.conf.0.0.0.0
Processing section "[homes]"
Processing section "[windows_home_dirs]"
Processing section "[windows_profiles]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = SBZVZGDOM
security = DOMAIN
log file = /var/samba/log/log.smbd.%I
name resolve order = wins bcast hosts
wins server = 192.168.168.24
idmap uid = 15000-20000
idmap gid = 15000-20000
template homedir = /export/home/%U
template shell = /usr/bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
include = /etc/samba/smb.conf.0.0.0.0
[homes]
comment = Home Directory
path = /u02/windows_home_dirs/%U
valid users = SBZVZGDOM+%S
read only = No
create mask = 07777
browseable = No
[windows_home_dirs]
comment = windows_home_dirs
path = /u02/windows_home_dirs
read only = No
[windows_profiles]
comment = windows_profiles
path = /u02/windows_profiles
admin users = manager
read only = No
create mask = 07777
browseable = No
The include is to increase the log level fore a specific client and has only the two Lines:
log level = 10
max log size = 0
Sorry about my englisch..
Thanks for any help
Berner Martin
More information about the samba
mailing list