Samba + ACL and Windows NT

Bertil Starck best08 at handelsbanken.se
Wed Jan 22 07:50:00 GMT 2003


Hello, here is the smb.conf and a few other that I have modified:


When we created the "join" to the NT-domain we did not put the option "-r domain_controller" as told in the "Sync Samba and Windows users with winbind", because I believe that the "password server =
*"  will find the domain_controller anyway.

 We used this parameters to do the join:
"/usr/local/samba/bin/smbpasswd -j SHB2 -U teri01", where teri01 is the administrator.

Another thing to note is that we have'nt activated PAM, as it works against the Win2000 PC we do not think that there's the problem.

Here is my smb.conf:


# Samba config file created using SWAT
# from 172.18.90.67 (172.18.90.67)
# Date: 2002/11/26 08:57:42

# Global parameters
[global]
#       domain logins = yes
        workgroup = SHB2
        netbios name = MAMMUT
        encrypt passwords = yes
       security = DOMAIN
        password server = *
       winbind separator = +
       winbind uid = 10000-20000
       winbind gid = 10000-20000
       winbind enum users = yes
       winbind enum groups = yes
       winbind cache time = 10
       template shell = /bin/bash
#       netbios aliases = oxygen02,oxygen03
#       include = /usr/local/samba/lib/smb.conf.%L
        server string = Samba %v on %L
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        announce version = 2.0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        character set = ISO8859-1
        local master = No
        dns proxy = No
        wins server = 172.24.128.13
        printer admin = maer10,tofo03,root
        locking = No

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[sthv0017]
        comment = share for shb2 users
#       volume = NTFS
        path = /data1/data1
        read only = no
        guest ok = yes

[NETLOGON]
        path = /usr/local/samba/netlogon
        read only = yes


-------------------------------------------------
Here is the /etc/pam.d/samba:

mammut:/usr/local/samba # cat /etc/pam.d/samba
#%PAM-1.0
auth     required       /lib/security/pam_winbind.so
auth     required       /lib/security/pam_unix.so
account  required       /lib/security/pam_winbind.so
account  required       /lib/security/pam_unix.so

----------------------------------------------------------
Here is the /etc/nsswitch.conf:

 cat /etc/nsswitch.conf

passwd: files winbind nis
shadow: files winbind nis
group:  files winbind nis

# passwd: compat
# group:  compat

hosts:          files dns
networks:       files dns

services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
publickey:      files
bootparams:     files
automount:      files
aliases:        files

--------------------------------------
Here is the /etc/pam.d/login:

mammut:/usr/local/samba # cat /etc/pam.d/login
#%PAM-1.0
auth     requisite      /lib/security/pam_unix.so       nullok #set_secrpc
auth     required       /lib/security/pam_securetty.so
auth     sufficent      /lib/security/pam_winbind.so
auth     sufficent      /lib/security/pam_unix.so use_first_pass
auth     required       /lib/security/pam_nologin.so
auth     required       /lib/security/pam_winbind.so
auth     required       /lib/security/pam_pwdb.so nullok shadow
#auth    required       /lib/security/pam_homecheck.so
auth     required       /lib/security/pam_env.so
auth     required       /lib/security/pam_mail.so
account  required       /lib/security/pam_unix.so
#account  required       /lib/security/pam_winbind.so
account  sufficent       /lib/security/pam_winbind.so
account  required       /lib/security/pam_pwdb.so
password required       /lib/security/pam_pwcheck.so    nullok
password required       /lib/security/pam_unix.so       nullok use_first_pass use_authtok
session  required       /lib/security/pam_unix.so       none # debug or trace
session  required       /lib/security/pam_limits.so


Best Regards Bertil Starck, Handelsbanken, Stockholm, Sweden


Here is my previous description of my problem:

Hi!

I have upgraded Samba V2.2.7 as the whitepaper: "Samba with ACL support on Linux for S/390" by Michael Weisbach.
and "Sync Samba and Windows users with winbind"  by Scott Lowe.

Samba is built with these parameters:
Mammut/tmp/samba-2.2.7/source/./configure --with-winbind --with-acl-support --with-vfs --with-smb-wrapper

I've done some modifications in "/etc/nsswitch.conf" and "etc/pam.d/login" as told in the "Sync Samba and Windows.."

Now I map a Samba-share in the Linux-machine with  Windows NT Explorer. When looking at "Properties" and "Security" and "Permissons" I got this text in a window:
 "This is a share level server. You can only set permissions and auditing information om Windows NT File System (NTFS) volumes and LAN manager 2.x user-level servers."

When I do the same mapping on an Win2000 there is no problem to see the "Permissions" for the Samba-share.

I running Linux under s/390 z/VM V4.3 and I'm on base SuSE V7.2 level  with upgraded Kernel V2.4.19.

Is there anyone who experience this problem or can give me a hint to make NT and Samba play together.

If I choose "Ownership", the values are presented correctly of which created the map.

Best Regards Bertil Starck, Handelsbanken, Stockholm, Sweden








More information about the samba-technical mailing list