[Samba] Samba configuration issue
David Christensen
David.Christensen at viveli.com
Fri Jun 26 22:12:07 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Christensen wrote:
> John H Terpstra - Samba Team wrote:
>> David Christensen wrote:
>>> John H Terpstra - Samba Team wrote:
>>>> John Drescher wrote:
>>>>> On Fri, Jun 26, 2009 at 4:00 PM, David
>>>>> Christensen<David.Christensen at viveli.com> wrote:
>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>> Hash: SHA1
>>>>>>
>>>>>> David Christensen wrote:
>>>>>>> John Drescher wrote:
>>>>>>>> On Fri, Jun 26, 2009 at 12:38 PM, David
>>>>>>>> Christensen<David.Christensen at viveli.com> wrote:
>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>> Hash: SHA1
>>>>>>>>>
>>>>>>>>> I configured samba to work with an FDS backend using a howto from the
>>>>>>>>> Fedora Directory Server site. The howto had me create a Administrator
>>>>>>>>> user in LDAP with UID/GID of 0. Now when anyone logs in as root and do
>>>>>>>>> a whoami it comes back as Administrator. If I delete the Administrator
>>>>>>>>> user in LDAP samba will break, how do I get around this issue and still
>>>>>>>>> provide samba the access level it needs?
>>>>>>>>>
>>>>>>>> put files first in your /etc/nsswitch.conf
>>>>>>>> passwd: files ldap
>>>>>>>> shadow: files ldap
>>>>>>>> group: files ldap
>>>>>>>> John
>>>>>>> Looks like that is the way my nsswitch.conf is already configured.
>>>>>> I am attempting to use the username map attribute in smb.conf to map
>>>>>> root=Administrator but its not working, the Administrator account is
>>>>>> still squashing root, do I need to delete the Administrator account from
>>>>>> ldap or modify it in some way?
>>>>>>
>>>>> I do not know. I have user Administrator in my ldap but whoami shows root.
>>>> You possibly have a file /etc/samba/smbusers in which there is a mapping
>>>> as follows:
>>>> root = administrator
>>>> Tell me it's not true!
>>>> - John T.
>>>>> does root show up first on this command?
>>>>>
>>>>> getent passwd
>>>>>
>>>>>
>>>>>
>>>>> John
>>> I do have /etc/samba/smbusers in which there is a mapping
>>> as follows:
>>>
>>> root = administrator
>>>
>>> However it was not specified in smb.conf until today, when I tried to
>>> "use" it.
>> OK, but what does testparm tell you about the default configuration for
>> your system?
>
>> testparm -sv | grep username
>
>> If the parameter "username map" is not mapped to /etc/samba/smbusers,
>> the issue is isolated to the mappings of the "root" and "administrator"
>> accounts and their respective uid/gid.
>
>> - John T.
>
> "username map" is no longer mapped to /etc/samba/smbusers, I commented
> it out so it looks like the issue is indeed isolated to the mappings of
> the root and administrator accounts.
>
> How do I permit the Administrator account the access level it needs
> without squashing root on every box?
>
> This is what I currently have:
>
> [root at ldap2 profiles]# getent passwd | grep :0:0
> root:x:0:0:root:/root:/bin/bash
> Administrator:x:0:0:Samba Admin:/root:/bin/bash
Looks like I figured it out, I deleted the Administrator account in
LDAP, re-enabled the /etc/samba/smbusers file in smb.conf, and then
added root to the password backend. I was able to login as
Administrator and the account no longer squashed root. Is there is a
known issue with using the method I did?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkpFR7cACgkQ5B+8XEnAvqvF7wCgm9BIxVLY1/N9I814V62zYAvK
wwkAoJJQsp4SjOs3G1Y2zaAmlHiTC4h3
=GAkR
-----END PGP SIGNATURE-----
More information about the samba
mailing list