winbindd mapping and home shares

Rob Tanner rtanner at linfield.edu
Fri Apr 28 17:43:23 GMT 2006 

Hi,

I originally posted this to the samba.general list and never got an 
answer.  It might be that I'm being a little bit too bleeding edge?  :-)

We set up a server to manage departmental servers and we're using 
winbindd in order to be able to manage access via AD domain 
accounts/groups.  And that's all working the way we want -- access to 
department shares is being managed by membership in domain groups in 
active directory.  

By way of background, the partition itself is ext3 and mounted with 
options: rw,acl,user_xattr.  On the Linux side, if I do an ls -l, file 
ownerships show up as CATNET\rtanner (CATNET being the domain).  On the 
windows side, if I look at properties -> security, I will see amongst 
the "Groups of user names:" listed, "CATNET\Domain Admins" and one or 
more security groups such as "CATNET\history staff".  One oddity we've 
found so far is that you have to be the real owner of the file on the 
Linux side to change permissions (e.g., if the file isn't owned by 
CATNET\rtanner, CATNET\rtanner can't change permissions). The only other 
oddity has to do with how windows and Linux/Unix think about 
permissions.  In Linux/Unix, if you have write privileges to the 
directory, and you can delete any contents whether you own it or not and 
whether you have permissions or not on the contents.  In the  windows 
world, if you don't have "Write", "Full control", or "Modify" 
permissions, you can't delete the file/folder even if you worn the 
parent.  Is there a way to get the samba shares to behave even like 
windows shares so that the windows permissions on the file/folder itself 
will affect you ability to delete it?

Here's my real problem.  Now that we are using winbindd for mapping, I 
no longer mount my personal share (i.e., home directory) as rtanner, but 
rather as CATNET\rtanner.  When I try to mount it, I continually get 
prompted for name and password.  In the samba log, I see permission denied:

[2006/04/28 10:28:57, 2] smbd/service.c:make_connection_snum(321)
  user 'CATNET\rtanner' (from session setup) not permitted to access 
this share (rtanner)
[2006/04/28 10:28:57, 3] smbd/error.c:error_packet(129)
  error packet at smbd/reply.c(415) cmd=117 (SMBtconX) 
NT_STATUS_ACCESS_DENIED

I even set the ownership of my home directory to CATNET\rtanner, and 
that did not resolve the problem.  I suspect the problem is that I 
haven't set the Path value correctly in smb.conf, but I'm not sure how 
to code it.  I'm reasonably sure that "%H" is incorrect since the 
password file doesn't have a user CATNET\rtanner (and the system 
complains if I try to create one -- the backslash is an illegal 
character).  The actual path is /home/CATNET/username.  How should the 
path be declared for the homes share?

Thanks,
Rob


-- 

Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

More information about the samba-technical mailing list