[Samba] Winbind and user-mapping
David Edward Shapiro
David.Edward.Shapiro at btitele.com
Tue Feb 26 05:20:17 GMT 2002
Hay gang,
It is interesting to note that on solaris, getent passwd does not return the
clean output that Glatzel Tino got. Here are lines I get from solaris 2.8
running samba 3.0alpha15:
INS+Yummie:x,2:11257:1000:Yummie
bunny:/export/home/winnt/INS/yummie:/bin/false
INS+Yuasso:x,ndaW:11258:1000:Yuasso:/export/home/winnt/INS/yuasso:/bin/false
INS+Zanadu:x,eryB:11259:1000:Zanadu
babe:/export/home/winnt/INS/zanadu:/bin/false
Note the x,eryB, for example, instead of just x...
David
-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Tuesday, February 26, 2002 2:55 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping
This is a little part of my output
getent passwd
TEST+TUser1:x:11273:10000:TUser1:/home/STWFR1/tuser1:/bin/bash
TEST+TUser2:x:11274:10000:TUser2:/home/STWFR1/tuser2:/bin/bash
TEST+TUser3:x:11275:10000:TUser3:/home/STWFR1/tuser3:/bin/bash
TEST+TUser4:x:11276:10000:TUser4:/home/STWFR1/tuser4:/bin/bash
TEST+TUser5:x:11277:10000:TUser5:/home/STWFR1/tuser5:/bin/bash
getent group
TEST+Sub-Administrators:x:11097:
Well, that is not very secure, but your user should be able to write/read in
that directory. What did getent passwd grep return for you?
-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Monday, February 25, 2002 11:32 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping
The permissions are:
drwxrwxrwx 2 root root 35 Feb 25 17:14 all
>>Do getent passwd | grep -i <windows user>It works. I seetheWindows-Usergetent group -- I see the lokal and NT-GroupsExample: ANT-usercreates a new director. This are thepermissions:drwxrwx--- 2nobodynogroup 35 Feb 25 17:14newDirectorywhy?-----UrsprünglicheNachricht-----Von: DavidEdwardShapiro[mailto:David.Edward.Shapiro at btitele.com]Gesendet: Montag,25.Februar 200214:32An: 'Glatzel Tino'Cc: 'samba at listssamba.org'Betreff:RE:[Samba]Winbind and user-mappingWhat are the permissions on thedirectory?Do getent passwd | grep -i <windows user>Note the group number anduserid.That group number/user id need to have permissions to write/read intheallshare. You can use the "force group ="option to make the creationoffiles get setto its group. I noted thatdomain users got the gid of 1000,soin/etc/group I made a group calledusers with gid of 1000. I set forcegroup= users and gave that group theappropriatepermissions.David-----OriginalMessage-----From: GlatzelTino[mailto:tino.glatzel at badenIT.de]Sent: Monday, February 25, 2002 7:28 AM
To: 'samba at lists.samba.org'
Subject: [Samba] Winbind and user-mapping
Winbindd can see the NT-user, but samba can't work with the NT-user.
My System: SuSE Linux 7.2 Enterprise Server
Samba-2.2.3a
I have install samba by the following steps:
1. ./configure --prefix=/opt/samba-2.2.3a --with-winbind
2. make
3. make install
4. cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib
5. ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
6. vi /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
7. /sbin/ldconfig -v | grep winbind --> I can see it!
8. vi /opt/samba-2.2.3a/lib/smb.conf
[global]
workgroup = test
netbios name = SAMBA
encrypt passwords = yes
server string = SAMBA %v
load printers = no
security = DOMAIN
password server = *
keepalive = 30
winbind uid = 1000-2000
winbind gid = 3000-8000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
winbind separator = +
winbind cache time = 10
[all]
comment = For all users
path = /all
guest ok = Yes
writeable = Yes
create mode = 0770
directory mode = 0770
browseable = Yes
write ok = Yes
9. smbpasswd -j test -r pdc -U admin --> It works
And now the Problem:
With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS
With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS
If a Windows-user creates a file at the "all"-share, the owner of the file
is nobody and the group is nogroup.
Why ??
What is wrong ??
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list