[BUG] server/domain security + winbind: failure
vda
vda at port.imtp.ilyichevsk.odessa.ua
Fri Dec 7 04:22:04 GMT 2001
Hi Samba,
I have set up 2 Samba servers in our previously all-Windows network.
I experiment a lot with it.
I want NT domain users to be able to open \\linux1\username
and see entire filesystem or a large part of it (currently I let them see
/usr) with respective user rights. User rights are determined by uid/gid of
logged in user and file uid/gid/mode (as usual).
I tested this and it works when my Samba boxes are in server or domain
security mode. Of course this required me to add domain users to /etc/passwd
to assign them uids.
Also I want NT domain users to be able to telnet to me, enter their domain
name/passwd and get a login shell. Winbindd is doing that fine. I don't need
to tweak /etc/passwd|group|shadow!
And now comes [BUG] part: SMB logins break when winbindd active. No domain
users can open \\linux1\username anymore, even when /etc/passwd, smbpasswd
etc are set ok. From the log contents I conclude that samba somehow
substitutes username with winbindd supplied DOMAIN+username and passes in to
NT PDC, which refuses to authenticate it.
I tested it several times:
# smbclient //linux/test passwd -U test
(fails, bad passwd)
# killall winbindd
# smbclient //linux/test passwd -U test
(succeeds)
I am very willing to remove this last obstacle to make Linux servers usable
for all our computer department staff. My samba is 2.2.2, compiled from
sources, I can perform any additional testing and mail you relevant logs,
test patches etc. Come on, press the <Reply> button/key/lever/whatever you
have :-)
PS: wins name resolution is nice. Now I can ping these Win boxes by name! :-)
Thanks for good work!
--
vda
More information about the samba
mailing list