winbindd mapping and home shares
Rob Tanner
rtanner at linfield.edu
Fri Apr 28 17:43:23 GMT 2006
Hi,
I originally posted this to the samba.general list and never got an
answer. It might be that I'm being a little bit too bleeding edge? :-)
We set up a server to manage departmental servers and we're using
winbindd in order to be able to manage access via AD domain
accounts/groups. And that's all working the way we want -- access to
department shares is being managed by membership in domain groups in
active directory.
By way of background, the partition itself is ext3 and mounted with
options: rw,acl,user_xattr. On the Linux side, if I do an ls -l, file
ownerships show up as CATNET\rtanner (CATNET being the domain). On the
windows side, if I look at properties -> security, I will see amongst
the "Groups of user names:" listed, "CATNET\Domain Admins" and one or
more security groups such as "CATNET\history staff". One oddity we've
found so far is that you have to be the real owner of the file on the
Linux side to change permissions (e.g., if the file isn't owned by
CATNET\rtanner, CATNET\rtanner can't change permissions). The only other
oddity has to do with how windows and Linux/Unix think about
permissions. In Linux/Unix, if you have write privileges to the
directory, and you can delete any contents whether you own it or not and
whether you have permissions or not on the contents. In the windows
world, if you don't have "Write", "Full control", or "Modify"
permissions, you can't delete the file/folder even if you worn the
parent. Is there a way to get the samba shares to behave even like
windows shares so that the windows permissions on the file/folder itself
will affect you ability to delete it?
Here's my real problem. Now that we are using winbindd for mapping, I
no longer mount my personal share (i.e., home directory) as rtanner, but
rather as CATNET\rtanner. When I try to mount it, I continually get
prompted for name and password. In the samba log, I see permission denied:
[2006/04/28 10:28:57, 2] smbd/service.c:make_connection_snum(321)
user 'CATNET\rtanner' (from session setup) not permitted to access
this share (rtanner)
[2006/04/28 10:28:57, 3] smbd/error.c:error_packet(129)
error packet at smbd/reply.c(415) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
I even set the ownership of my home directory to CATNET\rtanner, and
that did not resolve the problem. I suspect the problem is that I
haven't set the Path value correctly in smb.conf, but I'm not sure how
to code it. I'm reasonably sure that "%H" is incorrect since the
password file doesn't have a user CATNET\rtanner (and the system
complains if I try to create one -- the backslash is an illegal
character). The actual path is /home/CATNET/username. How should the
path be declared for the homes share?
Thanks,
Rob
--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR
More information about the samba-technical
mailing list