Samba + ACL and Windows NT
Bertil Starck
best08 at handelsbanken.se
Wed Jan 22 07:50:00 GMT 2003
Hello, here is the smb.conf and a few other that I have modified:
When we created the "join" to the NT-domain we did not put the option "-r domain_controller" as told in the "Sync Samba and Windows users with winbind", because I believe that the "password server =
*" will find the domain_controller anyway.
We used this parameters to do the join:
"/usr/local/samba/bin/smbpasswd -j SHB2 -U teri01", where teri01 is the administrator.
Another thing to note is that we have'nt activated PAM, as it works against the Win2000 PC we do not think that there's the problem.
Here is my smb.conf:
# Samba config file created using SWAT
# from 172.18.90.67 (172.18.90.67)
# Date: 2002/11/26 08:57:42
# Global parameters
[global]
# domain logins = yes
workgroup = SHB2
netbios name = MAMMUT
encrypt passwords = yes
security = DOMAIN
password server = *
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
template shell = /bin/bash
# netbios aliases = oxygen02,oxygen03
# include = /usr/local/samba/lib/smb.conf.%L
server string = Samba %v on %L
log file = /usr/local/samba/var/log.%m
max log size = 50
announce version = 2.0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
character set = ISO8859-1
local master = No
dns proxy = No
wins server = 172.24.128.13
printer admin = maer10,tofo03,root
locking = No
[homes]
comment = Home Directories
read only = No
browseable = No
[sthv0017]
comment = share for shb2 users
# volume = NTFS
path = /data1/data1
read only = no
guest ok = yes
[NETLOGON]
path = /usr/local/samba/netlogon
read only = yes
-------------------------------------------------
Here is the /etc/pam.d/samba:
mammut:/usr/local/samba # cat /etc/pam.d/samba
#%PAM-1.0
auth required /lib/security/pam_winbind.so
auth required /lib/security/pam_unix.so
account required /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
----------------------------------------------------------
Here is the /etc/nsswitch.conf:
cat /etc/nsswitch.conf
passwd: files winbind nis
shadow: files winbind nis
group: files winbind nis
# passwd: compat
# group: compat
hosts: files dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files
aliases: files
--------------------------------------
Here is the /etc/pam.d/login:
mammut:/usr/local/samba # cat /etc/pam.d/login
#%PAM-1.0
auth requisite /lib/security/pam_unix.so nullok #set_secrpc
auth required /lib/security/pam_securetty.so
auth sufficent /lib/security/pam_winbind.so
auth sufficent /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so nullok shadow
#auth required /lib/security/pam_homecheck.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_mail.so
account required /lib/security/pam_unix.so
#account required /lib/security/pam_winbind.so
account sufficent /lib/security/pam_winbind.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_pwcheck.so nullok
password required /lib/security/pam_unix.so nullok use_first_pass use_authtok
session required /lib/security/pam_unix.so none # debug or trace
session required /lib/security/pam_limits.so
Best Regards Bertil Starck, Handelsbanken, Stockholm, Sweden
Here is my previous description of my problem:
Hi!
I have upgraded Samba V2.2.7 as the whitepaper: "Samba with ACL support on Linux for S/390" by Michael Weisbach.
and "Sync Samba and Windows users with winbind" by Scott Lowe.
Samba is built with these parameters:
Mammut/tmp/samba-2.2.7/source/./configure --with-winbind --with-acl-support --with-vfs --with-smb-wrapper
I've done some modifications in "/etc/nsswitch.conf" and "etc/pam.d/login" as told in the "Sync Samba and Windows.."
Now I map a Samba-share in the Linux-machine with Windows NT Explorer. When looking at "Properties" and "Security" and "Permissons" I got this text in a window:
"This is a share level server. You can only set permissions and auditing information om Windows NT File System (NTFS) volumes and LAN manager 2.x user-level servers."
When I do the same mapping on an Win2000 there is no problem to see the "Permissions" for the Samba-share.
I running Linux under s/390 z/VM V4.3 and I'm on base SuSE V7.2 level with upgraded Kernel V2.4.19.
Is there anyone who experience this problem or can give me a hint to make NT and Samba play together.
If I choose "Ownership", the values are presented correctly of which created the map.
Best Regards Bertil Starck, Handelsbanken, Stockholm, Sweden
More information about the samba-technical
mailing list