[Samba] Winbind and user-mapping

David Edward Shapiro David.Edward.Shapiro at btitele.com
Mon Feb 25 05:41:04 GMT 2002

What are the permissions on the directory?  

Do getent passwd | grep -i <windows user>

Note the group number and user id.  That group number/user id need to have
permissions to write/read in the all share.  You can use the "force group ="
option to make the creation of files get set to its group.  I noted that
domain users got the gid of 1000, so in /etc/group I made a group called
users with gid of 1000.  I set force group = users and gave that group the
appropriate permissions.


-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Monday, February 25, 2002 7:28 AM
To: 'samba at lists.samba.org'
Subject: [Samba] Winbind and user-mapping

Winbindd can see the NT-user, but samba can't work with the NT-user.

My System: 	SuSE Linux 7.2 Enterprise Server

I have install samba by the following steps:

1.	./configure --prefix=/opt/samba-2.2.3a --with-winbind
2.	make
3.	make install
4.	cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib
5.	ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
6.	vi /etc/nsswitch.conf

	passwd: compat winbind
	group:  compat winbind

7.	/sbin/ldconfig -v | grep winbind   --> I can see it!
8.	vi /opt/samba-2.2.3a/lib/smb.conf

	workgroup = test
        	netbios name = SAMBA
        	encrypt passwords = yes
        	server string = SAMBA %v
        	load printers = no
        	security = DOMAIN
        	password server = *
        	keepalive = 30
        	winbind uid = 1000-2000
        	winbind gid = 3000-8000
        	winbind enum users = yes
        	winbind enum groups = yes
        	template shell = /bin/bash
        	winbind separator = +
        	winbind cache time = 10

        	comment = For all users
        	path = /all
        	guest ok = Yes
        	writeable = Yes
        	create mode = 0770
        	directory mode = 0770
        	browseable = Yes
        	write ok = Yes

9.	smbpasswd -j test -r pdc -U admin  --> It works

And now the Problem:
With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS
With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS

If a Windows-user creates a file at the "all"-share, the owner of the file
is  nobody and the group is nogroup.
Why ??
What is wrong ??

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list